1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hacker Attack! Is this from my Router??

Discussion in 'General Discussion' started by mitchlambertuk, Oct 5, 2006.

  1. mitchlambertuk

    mitchlambertuk Network Guru Member

    I keep getting this email with the subject as "Hacker Attack" and the following info in the main body:

    c8cf8a41
    LastTimeStamp:c8cf8a7e
    LastTimeStamp:c8cf8aba
    LastTimeStamp:c8cf8af6
    LastTimeStamp:c8cf8b37
    LastTimeStamp:c8cf8b75
    LastTimeStamp:c8cf8bb9
    LastTimeStamp:c8cf8bf6
    LastTimeStamp:c8cf8c32
    LastTimeStamp:c8cf8c6f
    LastTimeStamp:c8cf8caf
    LastTimeStamp:c8cf8cec
    LastTimeStamp:c8cf8d2c
    LastTimeStamp:c8cf8d68
    LastTimeStamp:c8cf8dad
    LastTimeStamp:c8cf8deb
    LastTimeStamp:c8cf8e2e
    LastTimeStamp:c8cf8e6e
    LastTimeStamp:c8cf8eaa
    LastTimeStamp:c8cf8ee7
    LastTimeStamp:c8cf8f23
    LastTimeStamp:c8cf8f63
    LastTimeStamp:c8cf8fa4
    LastTimeStamp:c8cf8fe0
    LastTimeStamp:c8cf901d
    LastTimeStamp:c8cf905d
    LastTimeStamp:c8cf909a
    LastTimeStamp:c8cf90da
    LastTimeStamp:c8cf9116
    2006-10-5 15:11:34 Hacker Attack! TCP: From: 87.9.81.89 To: 62.***.***.*** [my IP]
    7

    Can anyone help? It is really troubling me!

    Thanks,
    Mitch.
     
  2. HennieM

    HennieM Network Guru Member

    Could be from your router. Check the SMTP headers, which should give you an idea where it's from. In Outlook (if you use it), open the message, and go to View > Options.

    Are you playing on-line games? If so, your own connections could be triggering this.
     
  3. mitchlambertuk

    mitchlambertuk Network Guru Member

    Thanks for that, It says this:

    Return-Path: <mitch@lambert2000.fsnet.co.uk>
    Received: from mwinf3214.me.freeserve.com (mwinf3214.me.freeserve.com)
    by mwinb3103 (SMTP Server) with LMTP; Thu, 05 Oct 2006 16:12:01 +0200
    X-Sieve: Server Sieve 2.2
    Envelope-to: mitch@lambert2000.fsnet.co.uk
    Received: from me-wanadoo.net (localhost [127.0.0.1])
    by mwinf3214.me.freeserve.com (SMTP Server) with ESMTP id 4F8C58000082
    for <mitch@lambert2000.fsnet.co.uk>; Thu, 5 Oct 2006 16:12:01 +0200 (CEST)
    Received: from localhost (user-3e888098.telcl22.dsl.pol.co.uk [62.136.128.152])
    by mwinf3214.me.freeserve.com (SMTP Server) with ESMTP id 17144800008C
    for <mitch@lambert2000.fsnet.co.uk>; Thu, 5 Oct 2006 16:12:01 +0200 (CEST)
    X-ME-UUID: 20061005141201965.17144800008C@mwinf3214.me.freeserve.com
    From: "test" <mitch@lambert2000.fsnet.co.uk>
    To: mitch@lambert2000.fsnet.co.uk
    Subject: Hacker Attack!!!
    Message-Id: <20061005141201.17144800008C@mwinf3214.me.freeserve.com>
    Date: Thu, 5 Oct 2006 16:12:01 +0200 (CEST)

    Any Ideas?
     
  4. ifican

    ifican Network Guru Member

    personally i wouldnt worry about it, public facing devices get "attacked" all day and night. I could show you ssh deny logs to my host that would make your head spin. Whenever you get alerted its a good thing, its the ones that you dont see that you need to worry about. However this one looks like a simple smtp spoof, i have yet to see this one in my email box but i am sure i will eventually. No worries just delete it and go about your day.
     
  5. mitchlambertuk

    mitchlambertuk Network Guru Member

    The problem is that the email is right about my IP address and the Lynksys logs are the same as the email:

    System Log
    ALL System Log Access Log Firewall Log VPN Log UPNP Log
    2006-10-05T15:11:44+00:00 Hacker Attack TCP: From: 87.9.81.89:1303 To: 62.136.128.152:6664
    2006-10-05T15:11:44+00:00 Hacker Attack TCP: From: 87.9.81.89:1304 To: 62.136.128.152:6665
    2006-10-05T15:11:44+00:00 Hacker Attack TCP: From: 87.9.81.89:1305 To: 62.136.128.152:6666
    2006-10-05T15:11:44+00:00 Hacker Attack TCP: From: 87.9.81.89:1306 To: 62.136.128.152:6667
    2006-10-05T15:11:44+00:00 Hacker Attack TCP: From: 87.9.81.89:1307 To: 62.136.128.152:6668
    2006-10-05T15:11:44+00:00 Hacker Attack TCP: From: 87.9.81.89:1308 To: 62.136.128.152:6669
    2006-10-05T15:11:44+00:00 Hacker Attack TCP: From: 87.9.81.89:1309 To: 62.136.128.152:9992
    2006-10-05T15:11:44+00:00 Hacker Attack TCP: From: 87.9.81.89:1310 To: 62.136.128.152:9993
    2006-10-05T15:11:44+00:00 Hacker Attack TCP: From: 87.9.81.89:1311 To: 62.136.128.152:9994
    2006-10-05T15:11:44+00:00 Hacker Attack TCP: From: 87.9.81.89:1312 To: 62.136.128.152:9995
    2006-10-05T15:11:44+00:00 Hacker Attack TCP: From: 87.9.81.89:1313 To: 62.136.128.152:9996
    2006-10-05T15:11:44+00:00 Hacker Attack TCP: From: 87.9.81.89:1314 To: 62.136.128.152:9997
    2006-10-05T15:11:44+00:00 Hacker Attack TCP: From: 87.9.81.89:1315 To: 62.136.128.152:55555

    Could this email be from my ISP?

    Thanks.
     

Share This Page