Thread: Am I being hacked from xxxmickey.com?
View Single Post
Old 08-20-2003, 07:10 AM  
GFED
Confirmed User
 
GFED's Avatar
 
Industry Role:
Join Date: May 2002
Posts: 8,120
Am I being hacked from xxxmickey.com?
Anyone know what this is? It looks like someone trying to hack into my computer from xxxmickey.com?

File Version : 5.00.2134.1
File Description : NetBEUI Frames Protocol Driver
File Path : C:\WINNT\system32\DRIVERS\nbf.sys
Connection origin : remote initiated
Protocol : TCP
Local Address : 192.168.0.3
Local Port : 2516 (MAINCONTROL - Main Control)
Remote Name : www.xxxmickey.com
Remote Address : 66.37.17.74
Remote Port : 80

Ethernet packet details:
Ethernet II (Packet Length: 66)
Destination: 00-80-ad-46-65-f4
Source: 00-50-da-c8-82-e9
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 46
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0x5026 (Correct)
Source: 66.37.17.74
Destination: 192.168.0.3
Transmission Control Protocol (TCP)
Source port: 80
Destination port: 2516
Sequence number: 3067196127
Acknowledgment number: 1065114910
Header length: 32
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...1 = Fin: Set
Checksum: 0x611e (Correct)
Data (0 Bytes)

Binary dump of the packet:
0000: 00 80 AD 46 65 F4 00 50 : DA C8 82 E9 08 00 45 00 | ...Fe..P......E.
0010: 00 34 12 5A 40 00 2E 06 : 26 50 42 25 11 4A C0 A8 | .4.Z@...&PB%.J..
0020: 00 03 00 50 09 D4 B6 D1 : B2 DF 3F 7C 5D 1E 80 11 | ...P......?|]...
0030: E2 40 1E 61 00 00 01 01 : 08 0A 04 0C 17 8C 00 17 | [email protected]............
0040: 35 E1 : | 5.



File Version : 6.00.2600.0000
File Description : Internet Explorer
File Path : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Process ID : 514 (Heximal) 1300 (Decimal)

Connection origin : remote initiated
Protocol : TCP
Local Address : 192.168.0.3
Local Port : 2516 (MAINCONTROL - Main Control)
Remote Name : www.xxxmickey.com
Remote Address : 66.37.17.74
Remote Port : 80

Ethernet packet details:
Ethernet II (Packet Length: 66)
Destination: 00-80-ad-46-65-f4
Source: 00-50-da-c8-82-e9
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 46
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0x5026 (Correct)
Source: 66.37.17.74
Destination: 192.168.0.3
Transmission Control Protocol (TCP)
Source port: 80
Destination port: 2516
Sequence number: 3067196127
Acknowledgment number: 1065114910
Header length: 32
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...1 = Fin: Set
Checksum: 0x611e (Correct)
Data (0 Bytes)

Binary dump of the packet:
0000: 00 80 AD 46 65 F4 00 50 : DA C8 82 E9 08 00 45 00 | ...Fe..P......E.
0010: 00 34 12 5A 40 00 2E 06 : 26 50 42 25 11 4A C0 A8 | .4.Z@...&PB%.J..
0020: 00 03 00 50 09 D4 B6 D1 : B2 DF 3F 7C 5D 1E 80 11 | ...P......?|]...
0030: E2 40 1E 61 00 00 01 01 : 08 0A 04 0C 17 8C 00 17 | [email protected]............
0040: 35 E1 : | 5.
GFED is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote