• The Cycling News forum is looking to add some volunteer moderators with Red Rick's recent retirement. If you're interested in helping keep our discussions on track, send a direct message to @SHaines here on the forum, or use the Contact Us form to message the Community Team.

    In the meanwhile, please use the Report option if you see a post that doesn't fit within the forum rules.

    Thanks!

remote access attack on PC, related?

Toggle sidebar Toggle sidebar
Tinman

Tinman

Aug 27, 2012
1,436
0
0
Visit site
Well I guess I have been a bit outspoken of late. And a relative newcomer here with unknown origin and motivations. And I could be accused of being sceptical, cynical, sometimes maybe even paranoid. And I didn't think much initially about the failed network attacks on my internet security software report last week.

Until I checked the IP address that these attacks came from. Two attacks to try and seed a worm.hellkern virus presumably to gain remote access.

IP address: 66.102.135.227
location provided (presumably some nearby node): cnr Santa Monica Boulevard and 15th St, Santa Monica, CA
IP provider: velocity networks

Upon doing a little checking, no guilt by association assumed, but certainly interesting, discovered the following.

Demand Media USA offices
cnr Santa Monica Boulevard and 2nd St, Santa Monica, CA
approximately 1 km up the road

Anyone else with network attacks from same/similar Santa Monica locations?
 
Dear Wiggo

Dear Wiggo

Sep 29, 2012
12,197
0
0
dearwiggo.blogspot.com.au
Tinman said:
Well I guess I have been a bit outspoken of late. And a relative newcomer here with unknown origin and motivations. And I could be accused of being sceptical, cynical, sometimes maybe even paranoid. And I didn't think much initially about the failed network attacks on my internet security software report last week.

Until I checked the IP address that these attacks came from. Two attacks to try and seed a worm.hellkern virus presumably to gain remote access.

IP address: 166.102.135.227
location provided (presumably some nearby node): cnr Santa Monica Boulevard and 15th St, Santa Monica, CA
IP provider: velocity networks

Upon doing a little checking, no guilt by association assumed, but certainly interesting, discovered the following.

Demand Media USA offices
cnr Santa Monica Boulevard and 2nd St, Santa Monica, CA
approximately 1 km up the road

Anyone else with network attacks from same/similar Santa Monica locations?
Click to expand...

Curious how did you do the IP lookup?

I'll check my modem when I get home but I'm not really in Armstrong's face atm :D
 
thehog

thehog

BANNED
Jul 27, 2009
31,285
2
22,485
Visit site
Tinman said:
Well I guess I have been a bit outspoken of late. And a relative newcomer here with unknown origin and motivations. And I could be accused of being sceptical, cynical, sometimes maybe even paranoid. And I didn't think much initially about the failed network attacks on my internet security software report last week.

Until I checked the IP address that these attacks came from. Two attacks to try and seed a worm.hellkern virus presumably to gain remote access.

IP address: 166.102.135.227
location provided (presumably some nearby node): cnr Santa Monica Boulevard and 15th St, Santa Monica, CA
IP provider: velocity networks

Upon doing a little checking, no guilt by association assumed, but certainly interesting, discovered the following.

Demand Media USA offices
cnr Santa Monica Boulevard and 2nd St, Santa Monica, CA
approximately 1 km up the road

Anyone else with network attacks from same/similar Santa Monica locations?
Click to expand...

Do you use gmail?
 
Tinman

Tinman

Aug 27, 2012
1,436
0
0
Visit site
apols. 66.

There are 6 or so others attacked who reported this Santa Monica IP address also in the past week, as listed on IPillion report.
 
Dear Wiggo

Dear Wiggo

Sep 29, 2012
12,197
0
0
dearwiggo.blogspot.com.au
Tinman said:
apols. 66.

There are 6 or so others attacked who reported this Santa Monica IP address also in the past week, as listed on IPillion report.
Click to expand...

nslookup points to http://www.vel.net/contact.cfm

My only problem with the link to Demand Media is that they should be sophisticated. It's quite simple to use publicly available IP redirection to make it appear you are coming from somewhere else.

Not saying it's not related at all - they are more a marketing and SEO business, and often those types ignore the techs, to their detriment.
 
Tinman

Tinman

Aug 27, 2012
1,436
0
0
Visit site
Dear Wiggo said:
nslookup points to http://www.vel.net/contact.cfm

My only problem with the link to Demand Media is that they should be sophisticated. It's quite simple to use publicly available IP redirection to make it appear you are coming from somewhere else.

Not saying it's not related at all - they are more a marketing and SEO business, and often those types ignore the techs, to their detriment.
Click to expand...

Exactly what I thought, via a redirect. But if you check the location, this is not some poor neighborhood. This is prime time real estate. And with there being 6 reported attacks coming from this IP it looks orchestrated. And it's not a "bot" attack, it looks manually done. In my instance, twice with several days in between.

Lets see if someone here reports in with similar story. Over and out, thanks for replies.
 
B

Big Daddy

Oct 8, 2012
237
1
0
Visit site
How did you find the IP belonged to Demand Media? If I am not mistaken, I think that Demand Media is one of the social-media companies that Livestrong and Lance Armstrong use to manipulate online public opinion.
 
P

PhiberAwptik

Dec 30, 2009
138
0
0
Visit site
Pardon me while I chuckle more that with all that is going on, with real big players. You think that someone cares what some random anon posts on CN forums enough to target you for a cyber attack.
 
Tinman

Tinman

Aug 27, 2012
1,436
0
0
Visit site
Big Daddy said:
How did you find the IP belonged to Demand Media? If I am not mistaken, I think that Demand Media is one of the social-media companies that Livestrong and Lance Armstrong use to manipulate online public opinion.
Click to expand...

Read my first post, did not say that. the IP address trace via IPillion.com (see post) locates the node 1 km up the road from Demand Media USA offices. "Interesting" is all I said.

And I am likewise "interested" if others have had similar visits to their PC from this IP address in the past week or so. IPillion.com lists 6 others who have logged a report, so presumably there are many others who have had this intrusion but have not reported.
 
proffate

proffate

Jul 10, 2012
1,579
1,064
13,680
Visit site
thehog said:
Stop using gmail. Incredibly easy to hack. If you get twitter messages asking you to log into Facebook etc. change your passwords.
Click to expand...

if you are worried about someone "hacking" your gmail account, enable 2-factor authentication. I'm curious to know what email solution you think is more secure than gmail with 2fa.
 
Tinman

Tinman

Aug 27, 2012
1,436
0
0
Visit site
Zam_Olyas said:
I get remote access attack alot. :D esp when i used dodgy streams or when i am on dodgy sites :p
Click to expand...

I knew that would come. Thanks Zam! But I have been using the same dodgy sites for years :D and only 2 very targeted attacks last week. From a very specific not so dodgy IP address location. This is not somewhere in Uzbekistan or Nigeria :), or via a routed VPN, it's right on Santa Monica beach...
 
DirtyWorks

DirtyWorks

Feb 10, 2010
10,645
20
22,510
Visit site
Tinman said:
Read my first post, did not say that. the IP address trace via IPillion.com (see post) locates the node 1 km up the road from Demand Media USA offices. "Interesting" is all I said.

And I am likewise "interested" if others have had similar visits to their PC from this IP address in the past week or so. IPillion.com lists 6 others who have logged a report, so presumably there are many others who have had this intrusion but have not reported.
Click to expand...

C'mon, this is the Internet we're talking about. Have you bothered changing the port the service listens on? Of the services I maintain, only one of them sits on a standard port. And guess which one logs endless failed access attempts? The one sitting on a standard port.

It's probably a largely unattened machine sitting on the Internet point-and-clicked into a "DMZ." It's been compromised. While it may be a posh area, someone's decision to do IT on-the-cheap or blindly believed the technology marketing rhetoric has just paid the wrong kind of dividends. Nothing surprising about that, even in 2012.

Report the IP to the owner and be done.
 
R

richwagmn

Jun 18, 2009
2,079
2
0
Visit site
thehog said:
Stop using gmail. Incredibly easy to hack. If you get twitter messages asking you to log into Facebook etc. change your passwords.
Click to expand...

Bah, turn on two factor authentication with gmail. Almost impossible to hack.

And no, gmail is no harder or easier to hack than any other web site.
 
H

Holtend

Jul 17, 2012
17
0
0
Visit site
Tinman said:
Well I guess I have been a bit outspoken of late. And a relative newcomer here with unknown origin and motivations. And I could be accused of being sceptical, cynical, sometimes maybe even paranoid.
Click to expand...

I lol'd :)

Just wondering how you think "they" managed to get your home IP?


Mind you, 600+ profile views would suggest you are doing something right/wrong?

But seriously I guess you could have had a PM with an image embedded or something similar, and had your IP exposed quite simply.

Close your router ports, and as already said don't use default ports.

I would think its just a bot checking an IP range and nothing too sinister.
 
A

arjanh

Jul 9, 2010
127
0
0
Visit site
richwagmn said:
Bah, turn on two factor authentication with gmail. Almost impossible to hack.
Click to expand...

Wrong thinking. They take a password, and find a matching username. Such attacks are rarely detected, and is independent of the method of authentication.

You better get a strong password.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom