remote access attack on PC, related?

Aug 27, 2012
1,436
0
0
Well I guess I have been a bit outspoken of late. And a relative newcomer here with unknown origin and motivations. And I could be accused of being sceptical, cynical, sometimes maybe even paranoid. And I didn't think much initially about the failed network attacks on my internet security software report last week.

Until I checked the IP address that these attacks came from. Two attacks to try and seed a worm.hellkern virus presumably to gain remote access.

IP address: 66.102.135.227
location provided (presumably some nearby node): cnr Santa Monica Boulevard and 15th St, Santa Monica, CA
IP provider: velocity networks

Upon doing a little checking, no guilt by association assumed, but certainly interesting, discovered the following.

Demand Media USA offices
cnr Santa Monica Boulevard and 2nd St, Santa Monica, CA
approximately 1 km up the road

Anyone else with network attacks from same/similar Santa Monica locations?
 
Sep 29, 2012
12,197
0
0
Tinman said:
Well I guess I have been a bit outspoken of late. And a relative newcomer here with unknown origin and motivations. And I could be accused of being sceptical, cynical, sometimes maybe even paranoid. And I didn't think much initially about the failed network attacks on my internet security software report last week.

Until I checked the IP address that these attacks came from. Two attacks to try and seed a worm.hellkern virus presumably to gain remote access.

IP address: 166.102.135.227
location provided (presumably some nearby node): cnr Santa Monica Boulevard and 15th St, Santa Monica, CA
IP provider: velocity networks

Upon doing a little checking, no guilt by association assumed, but certainly interesting, discovered the following.

Demand Media USA offices
cnr Santa Monica Boulevard and 2nd St, Santa Monica, CA
approximately 1 km up the road

Anyone else with network attacks from same/similar Santa Monica locations?
Curious how did you do the IP lookup?

I'll check my modem when I get home but I'm not really in Armstrong's face atm :D
 
Tinman said:
Well I guess I have been a bit outspoken of late. And a relative newcomer here with unknown origin and motivations. And I could be accused of being sceptical, cynical, sometimes maybe even paranoid. And I didn't think much initially about the failed network attacks on my internet security software report last week.

Until I checked the IP address that these attacks came from. Two attacks to try and seed a worm.hellkern virus presumably to gain remote access.

IP address: 166.102.135.227
location provided (presumably some nearby node): cnr Santa Monica Boulevard and 15th St, Santa Monica, CA
IP provider: velocity networks

Upon doing a little checking, no guilt by association assumed, but certainly interesting, discovered the following.

Demand Media USA offices
cnr Santa Monica Boulevard and 2nd St, Santa Monica, CA
approximately 1 km up the road

Anyone else with network attacks from same/similar Santa Monica locations?
Do you use gmail?
 
Sep 29, 2012
12,197
0
0
thehog said:
Stop using gmail. Incredibly easy to hack. If you get twitter messages asking you to log into Facebook etc. change your passwords.
Got a link? I use gmail and am very comfortable using it. I.T. is my profession.
 
Aug 27, 2012
1,436
0
0
apols. 66.

There are 6 or so others attacked who reported this Santa Monica IP address also in the past week, as listed on IPillion report.
 
Sep 29, 2012
12,197
0
0
Tinman said:
apols. 66.

There are 6 or so others attacked who reported this Santa Monica IP address also in the past week, as listed on IPillion report.
nslookup points to http://www.vel.net/contact.cfm

My only problem with the link to Demand Media is that they should be sophisticated. It's quite simple to use publicly available IP redirection to make it appear you are coming from somewhere else.

Not saying it's not related at all - they are more a marketing and SEO business, and often those types ignore the techs, to their detriment.
 
Aug 27, 2012
1,436
0
0
Dear Wiggo said:
nslookup points to http://www.vel.net/contact.cfm

My only problem with the link to Demand Media is that they should be sophisticated. It's quite simple to use publicly available IP redirection to make it appear you are coming from somewhere else.

Not saying it's not related at all - they are more a marketing and SEO business, and often those types ignore the techs, to their detriment.
Exactly what I thought, via a redirect. But if you check the location, this is not some poor neighborhood. This is prime time real estate. And with there being 6 reported attacks coming from this IP it looks orchestrated. And it's not a "bot" attack, it looks manually done. In my instance, twice with several days in between.

Lets see if someone here reports in with similar story. Over and out, thanks for replies.
 
Oct 8, 2012
237
1
0
How did you find the IP belonged to Demand Media? If I am not mistaken, I think that Demand Media is one of the social-media companies that Livestrong and Lance Armstrong use to manipulate online public opinion.
 
Dec 30, 2009
138
0
0
Pardon me while I chuckle more that with all that is going on, with real big players. You think that someone cares what some random anon posts on CN forums enough to target you for a cyber attack.
 
Aug 27, 2012
1,436
0
0
Big Daddy said:
How did you find the IP belonged to Demand Media? If I am not mistaken, I think that Demand Media is one of the social-media companies that Livestrong and Lance Armstrong use to manipulate online public opinion.
Read my first post, did not say that. the IP address trace via IPillion.com (see post) locates the node 1 km up the road from Demand Media USA offices. "Interesting" is all I said.

And I am likewise "interested" if others have had similar visits to their PC from this IP address in the past week or so. IPillion.com lists 6 others who have logged a report, so presumably there are many others who have had this intrusion but have not reported.
 
thehog said:
Stop using gmail. Incredibly easy to hack. If you get twitter messages asking you to log into Facebook etc. change your passwords.
if you are worried about someone "hacking" your gmail account, enable 2-factor authentication. I'm curious to know what email solution you think is more secure than gmail with 2fa.
 
Aug 27, 2012
1,436
0
0
Zam_Olyas said:
I get remote access attack alot. :D esp when i used dodgy streams or when i am on dodgy sites :p
I knew that would come. Thanks Zam! But I have been using the same dodgy sites for years :D and only 2 very targeted attacks last week. From a very specific not so dodgy IP address location. This is not somewhere in Uzbekistan or Nigeria :), or via a routed VPN, it's right on Santa Monica beach...
 
Tinman said:
Read my first post, did not say that. the IP address trace via IPillion.com (see post) locates the node 1 km up the road from Demand Media USA offices. "Interesting" is all I said.

And I am likewise "interested" if others have had similar visits to their PC from this IP address in the past week or so. IPillion.com lists 6 others who have logged a report, so presumably there are many others who have had this intrusion but have not reported.
C'mon, this is the Internet we're talking about. Have you bothered changing the port the service listens on? Of the services I maintain, only one of them sits on a standard port. And guess which one logs endless failed access attempts? The one sitting on a standard port.

It's probably a largely unattened machine sitting on the Internet point-and-clicked into a "DMZ." It's been compromised. While it may be a posh area, someone's decision to do IT on-the-cheap or blindly believed the technology marketing rhetoric has just paid the wrong kind of dividends. Nothing surprising about that, even in 2012.

Report the IP to the owner and be done.
 
Jun 18, 2009
2,079
1
0
thehog said:
Stop using gmail. Incredibly easy to hack. If you get twitter messages asking you to log into Facebook etc. change your passwords.
Bah, turn on two factor authentication with gmail. Almost impossible to hack.

And no, gmail is no harder or easier to hack than any other web site.
 
Jul 17, 2012
17
0
0
Tinman said:
Well I guess I have been a bit outspoken of late. And a relative newcomer here with unknown origin and motivations. And I could be accused of being sceptical, cynical, sometimes maybe even paranoid.
I lol'd :)

Just wondering how you think "they" managed to get your home IP?


Mind you, 600+ profile views would suggest you are doing something right/wrong?

But seriously I guess you could have had a PM with an image embedded or something similar, and had your IP exposed quite simply.

Close your router ports, and as already said don't use default ports.

I would think its just a bot checking an IP range and nothing too sinister.
 
Jul 9, 2010
127
0
0
richwagmn said:
Bah, turn on two factor authentication with gmail. Almost impossible to hack.
Wrong thinking. They take a password, and find a matching username. Such attacks are rarely detected, and is independent of the method of authentication.

You better get a strong password.
 

ASK THE COMMUNITY