by Sanjay » Wed, 25 Feb 2004 18:24:41
Someone from 215.250.203.137, port 21137
wants to send UDP datagram to port 1027
owned by 'SYSTEM' on your computer.
I went to geektools.com and did a whois on
the IP address. This is what came up:
OrgName: DoD Network Information Center
OrgID: DNIC
Address: 7990 Science Applications Ct
Address: M/S CV 50
City: Vienna
StateProv: VA
PostalCode: 22183-7000
Country: US
Anyone else out there getting probed by the
Department of Defense???
by donutbandi » Wed, 25 Feb 2004 18:51:14
First of all, you need to find out what "SYSTEM" on your computer isQuote:> I just got this message from my firewall:
> Someone from 215.250.203.137, port 21137
> wants to send UDP datagram to port 1027
> owned by 'SYSTEM' on your computer.
> I went to geektools.com and did a whois on
> the IP address. This is what came up:
> OrgName: DoD Network Information Center
> OrgID: DNIC
> Address: 7990 Science Applications Ct
> Address: M/S CV 50
> City: Vienna
> StateProv: VA
> PostalCode: 22183-7000
> Country: US
> Anyone else out there getting probed by the
> Department of Defense???
There wouldn't be a response if there wasn't an invite sent out.
Do some research on RPCSS and DCOM. Find out if your computer has spyware,
adware or Trojans on it.
by Sanjay » Wed, 25 Feb 2004 19:36:57
[snip]Quote:"donutbandit" wrote...
> "Sanjaya" wrote...
> > I just got this message from my firewall:
> > Someone from 215.250.203.137, port 21137
> > wants to send UDP datagram to port 1027
> > owned by 'SYSTEM' on your computer.
Thanks donut.Quote:> First of all, you need to find out what "SYSTEM" on your computer is
> sending out. And why isn't it blocked by your firewall?
> There wouldn't be a response if there wasn't an invite sent out.
> Do some research on RPCSS and DCOM. Find out if your computer has spyware,
> adware or Trojans on it.
port 1027
service Host
status: Stealth There is NO EVIDENCE WHATSOEVER
that a port (or even any computer) exists at this IP
address!
begin 666 transpixel.gif
M1TE&.#EA`0`!`( ``````/___R'Y! $!``$`+ `````!``$`0 ("3 $`(?Y0
`
end
by Diverd47 » Wed, 25 Feb 2004 22:58:39
I use Blackice PC protection;
- & I get a lot of probes, but they're all defeated by Blackice.
Tried Geektools ( Thanks for posting the site)
& got the following:( See below)
- Maybe their system was taken over by someone for a while?
- Might be worth a call to their sysadmin;
Dan
OrgName: DoD Network Information Center
OrgID: DNIC
Address: 7990 Science Applications Ct
Address: M/S CV 50
City: Vienna
StateProv: VA
PostalCode: 22183-7000
Country: US
NetRange: 215.0.0.0 - 215.255.255.255
CIDR: 215.0.0.0/8
NetName: DDN-NIC16
NetHandle: NET-215-0-0-0-1
Parent:
NetType: Direct Allocation
NameServer: AAA-VIENNA.NIPR.MIL
NameServer: AAA-KELLY.NIPR.MIL
NameServer: AAA-WHEELER.NIPR.MIL
NameServer: AAA-VAIHINGEN.NIPR.MIL
Comment: DoD Network Information Center
Comment: 7990 Boeing Court M/S CV-50
Comment: Vienna, VA 22183 US
RegDate: 1998-06-05
Updated: 1998-06-09
TechHandle: MIL-HSTMST-ARIN
TechName: Network DoD
TechPhone: +1-703-676-1051
OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName: Network DoD
OrgTechPhone: +1-703-676-1051
# ARIN WHOIS database, last updated 2004-02-23 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
>I just got this message from my firewall:
>Someone from 215.250.203.137, port 21137
>wants to send UDP datagram to port 1027
>owned by 'SYSTEM' on your computer.
>I went to geektools.com and did a whois on
>the IP address. This is what came up:
>OrgName: DoD Network Information Center
>OrgID: DNIC
>Address: 7990 Science Applications Ct
>Address: M/S CV 50
>City: Vienna
>StateProv: VA
>PostalCode: 22183-7000
>Country: US
>Anyone else out there getting probed by the
>Department of Defense???
by Tom Sevar » Thu, 26 Feb 2004 01:16:59
Whoever it is is probably forging IP addresses somehow. One day I gotQuote:> I just got this message from my firewall:
> Someone from 215.250.203.137, port 21137
> wants to send UDP datagram to port 1027
> owned by 'SYSTEM' on your computer.
> I went to geektools.com and did a whois on
> the IP address.
--
Tom Sevart N2UHC
Frontenac, KS
http://www.geocities.com/n2uhc
by Newsgroup Lurke » Thu, 26 Feb 2004 01:29:03
> I use Blackice PC protection;
> - & I get a lot of probes, but they're all defeated by Blackice.
> Tried Geektools ( Thanks for posting the site)
> & got the following:( See below)
> - Maybe their system was taken over by someone for a while?
> - Might be worth a call to their sysadmin;
> Dan
> OrgName: DoD Network Information Center
> OrgID: DNIC
> Address: 7990 Science Applications Ct
> Address: M/S CV 50
> City: Vienna
> StateProv: VA
> PostalCode: 22183-7000
> Country: US
> NetRange: 215.0.0.0 - 215.255.255.255
> CIDR: 215.0.0.0/8
> NetName: DDN-NIC16
> NetHandle: NET-215-0-0-0-1
> Parent:
> NetType: Direct Allocation
> NameServer: AAA-VIENNA.NIPR.MIL
> NameServer: AAA-KELLY.NIPR.MIL
> NameServer: AAA-WHEELER.NIPR.MIL
> NameServer: AAA-VAIHINGEN.NIPR.MIL
> Comment: DoD Network Information Center
> Comment: 7990 Boeing Court M/S CV-50
> Comment: Vienna, VA 22183 US
> RegDate: 1998-06-05
> Updated: 1998-06-09
> TechHandle: MIL-HSTMST-ARIN
> TechName: Network DoD
> TechPhone: +1-703-676-1051
> OrgTechHandle: MIL-HSTMST-ARIN
> OrgTechName: Network DoD
> OrgTechPhone: +1-703-676-1051
> # ARIN WHOIS database, last updated 2004-02-23 19:15
> # Enter ? for additional hints on searching ARIN's WHOIS database.
"Sanjaya"
> >I just got this message from my firewall:
> >Someone from 215.250.203.137, port 21137
> >wants to send UDP datagram to port 1027
> >owned by 'SYSTEM' on your computer.
> >I went to geektools.com and did a whois on
> >the IP address. This is what came up:
> >OrgName: DoD Network Information Center
> >OrgID: DNIC
> >Address: 7990 Science Applications Ct
> >Address: M/S CV 50
> >City: Vienna
> >StateProv: VA
> >PostalCode: 22183-7000
> >Country: US
> >Anyone else out there getting probed by the
> >Department of Defense???
by Newsgroup Lurke » Thu, 26 Feb 2004 01:31:21
Wont prevent attacks but may be nice to know if anything is sent out as
spyware.
Quote:> "donutbandit" wrote...
> > "Sanjaya" wrote...
> > > I just got this message from my firewall:
> > > Someone from 215.250.203.137, port 21137
> > > wants to send UDP datagram to port 1027
> > > owned by 'SYSTEM' on your computer.
> [snip]
> > First of all, you need to find out what "SYSTEM" on your computer is
> > sending out. And why isn't it blocked by your firewall?
> > There wouldn't be a response if there wasn't an invite sent out.
> > Do some research on RPCSS and DCOM. Find out if your computer has
spyware,
> > adware or Trojans on it.
> Thanks donut.
> I ran every online scan I could find.
> Everything came back stealth on each scan.
> The last one I tried was at grc.com
> It gave me this message...
> port 1027
> service Host
> status: Stealth There is NO EVIDENCE WHATSOEVER
> that a port (or even any computer) exists at this IP
> address!
by Stinge » Thu, 26 Feb 2004 01:38:53
You can count on that IP having been spoofed.
Think about it -- do you really think that if DOD was snooping around,
they'd leave footprints back?
-- Stinger
> > I just got this message from my firewall:
> > Someone from 215.250.203.137, port 21137
> > wants to send UDP datagram to port 1027
> > owned by 'SYSTEM' on your computer.
> > I went to geektools.com and did a whois on
> > the IP address.
> Whoever it is is probably forging IP addresses somehow. One day I got
> repeatedly slammed with UDP requests from a certain port with random IP
> addresses. I think before I disconnected, it ran up to some 22,000
> attempts, all with different IP numbers.
> --
> Tom Sevart N2UHC
> Frontenac, KS
> http://www.geocities.com/n2uhc
by Panzer24 » Thu, 26 Feb 2004 02:48:25
Your firewall is blocking that port:) It was just telling you that someoneQuote:> "donutbandit" wrote...
>> "Sanjaya" wrote...
>> > I just got this message from my firewall:
>> > Someone from 215.250.203.137, port 21137
>> > wants to send UDP datagram to port 1027
>> > owned by 'SYSTEM' on your computer.
> [snip]
--
Panzer
by donutbandi » Thu, 26 Feb 2004 03:43:56
OK, good. Now, to shut down "SYSTEM" completely, go to ControlQuote:> "donutbandit" wrote...
>> "Sanjaya" wrote...
>> > I just got this message from my firewall:
>> > Someone from 215.250.203.137, port 21137
>> > wants to send UDP datagram to port 1027
>> > owned by 'SYSTEM' on your computer.
> [snip]
>> First of all, you need to find out what "SYSTEM" on your computer is
>> sending out. And why isn't it blocked by your firewall?
>> There wouldn't be a response if there wasn't an invite sent out.
>> Do some research on RPCSS and DCOM. Find out if your computer has
>> spyware, adware or Trojans on it.
> Thanks donut.
> I ran every online scan I could find.
> Everything came back stealth on each scan.
> The last one I tried was at grc.com
> It gave me this message...
> port 1027
> service Host
> status: Stealth There is NO EVIDENCE WHATSOEVER
> that a port (or even any computer) exists at this IP
> address!
by Sanjay » Thu, 26 Feb 2004 07:01:24
"donutbandit" wrote..
Yep, everything checks out fine now.Quote:> OK, good. Now, to shut down "SYSTEM" completely, go to Control
> Panel>Network, and make sure that the only protocols that are installed
> there are "Dial Up Adapter" and TCP/IP. Unless you are on a network, that's
> all you need. Getting rid of "Windows Family Logon" will not hurt at all,
> and will get rid of "SYSTEM" listening at all times.
DoD has a whois server...
whois.nic.mil
Not sure, but I think someone was pinging whole blocks of
IP numbers (including mine) via that server. My comp reported
no computer at that IP due to firewall, as verified
by grc.com's port scan.
1. Computer Scanning (Probe/2006+/OS456+)
2. Computer Scanning (Probe,2006+,OS456+)
3. Renewed interest in scannig looking for computer hookup
4. Swap useable computer debris for interesting radio stuff.
5. Of Interest To Owners Of HP Palmtop Computers
10. Only slightly OT (but mildly interesting): Strange propagation
11. Sort of OT but interesting ...
12. ot but interesting to RRAP
13. a little OT but interesting!
14. O.T.: But interesting reading, especially the nuclear part.