This was received by our support staff late last night. Apparently the guy thought 192.168.1.2 was "hacking him", 'nuff said. Jay Stewart Internet Network Engineer Olympia Networking Services - "The Northwest's Premier ISP" A wholly owned subsidiary of Advanced TelCom Group, Inc. ----- Original Message ----- From: "Identity Concealed to Protect the Clueless" To: <webmaster@olywa.net> Sent: Monday, October 23, 2000 9:39 PM Subject: Server USC in California hacking ports Whoops I forgot to add the security log in previous mail. I know that you share a DNS server 216.173.192.10) with Vircom.net. The website at USC is hacking the DNS servers and it is now hacking you server. I contacted the Web master at USC and states this is normal activity for his server and suggests I have something misconfigured on my network. I am using the assigned static IP's given to me by Vircom.net. I am running a NAT router and Firewall for security alerts. This hacking only started to happen in the past week. It only happens when running W2K and active directory. It does not happen with the same computer, router and firewall when Win98 or NT4 is run. Are you concerned about this hacking from USC upon your DNS server ? [concealed identity] Starting Sybergen Secure Desktop service... '10/23/2000 17:41:59' 'Initiate Service...' {347EA98F-5AB5-4E57-982C-B4A50CC35891} window value :0 {A15BD57F-A76E-413E-963C-06DC24111DD8} window value :0 Opening Local Area Connection:{A15BD57F-A76E-413E-963C-06DC24111DD8}...192.168.1.2 WS: WS 2.3.3113 opened, id = 1 '10/23/2000 17:43:50' 'Switch to network interface 'Local Area Connection'' '10/23/2000 17:43:50' 'Configuration has been changed' '10/23/2000 17:43:51' 'High security is active' '10/23/2000 17:43:53' 'Access pop3.vircom.net' '10/23/2000 17:45:06' 'Access windowsupdate.microsoft.com' '10/23/2000 17:45:48' 'Access 26.64.9.128.in-addr.arpa' '10/23/2000 17:45:49' 'ICMP Message Detected' 'Error' '192.168.1.2' '' '216.173.200.126' '' 'Inbound' Successful to send email '10/23/2000 17:45:58' 'ICMP Message Detected' 'Error' '192.168.1.2' '' '216.173.220.130' '' 'Inbound' Successful to send email '10/23/2000 17:46:07' 'ICMP Message Detected' 'Error' '192.168.1.2' '' '216.173.201.241' '' 'Inbound' Successful to send email '10/23/2000 17:46:16' 'ICMP Message Detected' 'Error' '192.168.1.2' '' '207.12.43.29' '' 'Inbound' Successful to send email '10/23/2000 17:46:20' 'Access 200.173.216.in-addr.arpa' '10/23/2000 17:46:20' 'Initiate non-expected TCP connection' 'Error' '192.168.1.2' '1444' 'pop3.vircom.net' '53' 'Outbound' Successful to send email '10/23/2000 17:46:22' 'ICMP Message Detected' 'Error' '192.168.1.2' '' '207.12.43.29' '' 'Inbound' Successful to send email '10/23/2000 17:46:23' 'Initiate non-expected TCP connection' 'Error' '192.168.1.2' '1444' 'pop3.vircom.net' '53' 'Outbound' Successful to send email '10/23/2000 17:46:28' 'ICMP Message Detected' 'Error' '192.168.1.2' '' '157.130.177.41' '' 'Inbound' Successful to send email '10/23/2000 17:46:29' 'Initiate non-expected TCP connection' 'Error' '192.168.1.2' '1444' 'pop3.vircom.net' '53' 'Outbound' Successful to send email '10/23/2000 17:46:31' 'ICMP Message Detected' 'Error' '192.168.1.2' '' '157.130.177.41' '' 'Inbound' Successful to send email '10/23/2000 17:46:34' 'ICMP Message Detected' 'Error' '192.168.1.2' '' '146.188.200.242' '' 'Inbound' Successful to send email '10/23/2000 17:46:41' 'Initiate non-expected TCP connection' 'Error' '192.168.1.2' '1470' 'pop3.vircom.net' '53' 'Outbound' Successful to send email '10/23/2000 17:47:02' 'Initiate non-expected TCP connection' 'Error' '192.168.1.2' '1497' 'pop3.vircom.net' '53' 'Outbound' Successful to send email '10/23/2000 17:47:24' 'Access blackhole.isi.edu' '10/23/2000 17:47:39' 'Access 168.192.in-addr.arpa' '10/23/2000 17:52:54' 'ICMP Message Detected' 'Error' '192.168.1.2' '' '207.12.43.29' '' 'Inbound' Successful to send email '10/23/2000 17:53:19' 'ICMP Message Detected' '' '192.168.1.2' '' '128.9.64.26' '' 'Inbound' '10/23/2000 17:54:34' 'Access 29.43.12.207.in-addr.arpa' '10/23/2000 17:54:34' 'ICMP Message Detected' '' '192.168.1.2' '' '207.12.43.29' '' 'Inbound' '10/23/2000 17:57:23' 'Access 200.173.216.in-addr.arpa' '10/23/2000 17:57:23' 'Initiate non-expected TCP connection' 'Error' '192.168.1.2' '2300' 'pop3.vircom.net' '53' 'Outbound' Successful to send email '10/23/2000 17:57:44' 'Initiate non-expected TCP connection' 'Error' '192.168.1.2' '2327' 'pop3.vircom.net' '53' 'Outbound' Successful to send email '10/23/2000 17:58:05' 'Initiate non-expected TCP connection' 'Error' '192.168.1.2' '2354' 'pop3.vircom.net' '53' 'Outbound' Successful to send email '10/23/2000 17:58:27' 'Access blackhole.isi.edu' '10/23/2000 17:58:42' 'Access 168.192.in-addr.arpa'