Thread: Someone tried to hack me after gnutting!
View Single Post
  #1 (permalink)  
Old March 29th, 2001
Colin Wills Colin Wills is offline
Novicius
  
Join Date: March 28th, 2001
Location: England
Posts: 3
Colin Wills is flying high
Exclamation Someone tried to hack me after gnutting!
This isn't a complaint but just a warning. Please forward to gnutters esp. in the UK.

After using gnut on Linux I had a check of network activity using netstat (I'm a bit paranoid about P2P). I got a lot of this sort of thing:

tcp 1 0 modem-39.kole-tang:2550 212.69.222.50:www CLOSE_WAIT tcp 1 0 modem-39.kole-tang:2550 212.69.222.50:www CLOSE_WAIT tcp 1 0 modem-39.kole-tang:2550 212.69.222.50:www CLOSE_WAIT tcp 1 0 modem-39.kole-tang:2550 212.69.222.50:www CLOSE_WAIT tcp 0 348 modem-39.kole-tang:2695 212.69.222.50:www ESTABLISHED tcp 1 0 modem-39.kole-tang:2550 212.69.222.50:www CLOSE_WAIT tcp 0 361 modem-39.kole-tang:2698 212.69.222.50:www ESTABLISHED tcp 0 357 modem-39.kole-tang:2697 212.69.222.50:www ESTABLISHED tcp 0 0 modem-39.kole-tang:2696 212.69.222.50:www ESTABLISHED

which looks like a hack (I'm not sure).

http://212.69.222.50 turned out to host a homepage for some sort of private investigation company (Midland Administration Service, 6 Somers Road, Rugby, CV22 7DE) which is rather fishy!

Next I had a look with gnut using:

gnut> find 212.69.222.50
Searching the gnutella network for: 212.69.222.50
Press any key to continue
2 responses received.
Current query is '212.69.222.50'
All responses:
1)212.69.222.50.exe
130.214.55.236:99 size:8.00K ref: 0 speed: 512
2)212.69.222.50.exe
192.168.1.10:99 size:8.00K ref: 0 speed: 512

I would advise against downloading and running this!


------------------
Reply With Quote