瘋了!瘋了! HiNET瘋了!

**maleox** · 2001-08-04, 10:42 PM

整個晚上, 每分鐘都有HiNET的IP在掃port 80!
211.72.106.120
211.72.127.214
211.72.164.156
211.72.164.56
211.72.194.38
211.72.194.80
211.72.223.173
211.72.252.143
211.72.253.20
211.72.95.125

211.72.126.36
211.72.242.73
211.72.106.120
211.72.111.130
...

**ysu** · 2001-08-04, 10:45 PM

我也一直被狂掃
這跟今天hinet被大陸駭客入侵有關嗎?

FWIN,2001/08/04,19:11:33 +8:00 GMT,61.216.19.64:1288,61.216.17.213:80,TCP (flags:S)
FWIN,2001/08/04,19:14:09 +8:00 GMT,61.216.19.64:1965,61.216.17.213:80,TCP (flags:S)
FWIN,2001/08/04,19:20:01 +8:00 GMT,61.216.108.181:1984,61.216.17.213:80,TCP (flags:S)
FWIN,2001/08/04,19:21:31 +8:00 GMT,61.216.93.96:2991,61.216.17.213:80,TCP (flags:S)
FWIN,2001/08/04,19:21:39 +8:00 GMT,61.216.48.23:1246,61.216.17.213:80,TCP (flags:S)
FWIN,2001/08/04,19:24:27 +8:00 GMT,61.216.72.122:4089,61.216.17.213:80,TCP (flags:S)
FWIN,2001/08/04,19:24:46 +8:00 GMT,61.216.4.110:1890,61.216.17.213:80,TCP (flags:S)
FWIN,2001/08/04,19:24:59 +8:00 GMT,61.216.71.236:3915,61.216.17.213:80,TCP (flags:S)
FWIN,2001/08/04,19:25:08 +8:00 GMT,61.216.48.23:4351,61.216.17.213:80,TCP (flags:S)
FWIN,2001/08/04,19:50:28 +8:00 GMT,61.216.158.238:2086,61.217.7.192:80,TCP (flags:S)
FWIN,2001/08/04,19:52:00 +8:00 GMT,61.217.20.94:1759,61.217.7.192:80,TCP (flags:S)
FWIN,2001/08/04,19:52:22 +8:00 GMT,61.127.96.112:3155,61.217.7.192:80,TCP (flags:S)
FWIN,2001/08/04,20:02:21 +8:00 GMT,61.216.28.6:2348,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:09:01 +8:00 GMT,61.217.249.130:4594,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:13:13 +8:00 GMT,61.217.167.238:2854,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:15:46 +8:00 GMT,61.217.65.230:2125,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:16:26 +8:00 GMT,216.253.133.22:1805,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:16:32 +8:00 GMT,61.140.191.138:3869,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:18:50 +8:00 GMT,61.217.179.56:4807,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:20:35 +8:00 GMT,61.217.163.49:2218,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:20:45 +8:00 GMT,61.217.62.108:1856,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:21:28 +8:00 GMT,61.216.185.143:4493,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:24:12 +8:00 GMT,61.224.71.42:1879,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:25:14 +8:00 GMT,61.217.62.108:4564,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:28:01 +8:00 GMT,61.217.179.56:3200,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:28:04 +8:00 GMT,61.216.185.143:1486,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:28:29 +8:00 GMT,61.217.29.4:4331,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:35:07 +8:00 GMT,61.217.54.148:3305,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:35:18 +8:00 GMT,61.217.29.4:1268,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:36:03 +8:00 GMT,61.217.240.195:2598,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:40:03 +8:00 GMT,61.224.71.196:3622,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:41:45 +8:00 GMT,61.217.157.207:2254,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:42:03 +8:00 GMT,61.217.248.90:3394,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:55:30 +8:00 GMT,61.43.214.216:4190,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:56:40 +8:00 GMT,61.216.155.156:3818,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,20:57:49 +8:00 GMT,61.217.65.230:1543,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:03:37 +8:00 GMT,61.217.94.168:1126,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:04:38 +8:00 GMT,61.73.23.149:3190,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:08:37 +8:00 GMT,61.217.201.90:3650,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:12:32 +8:00 GMT,61.217.207.219:2923,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:19:49 +8:00 GMT,61.217.204.215:1916,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:29:13 +8:00 GMT,61.217.3.102:2166,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:33:08 +8:00 GMT,61.217.105.142:2545,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:35:13 +8:00 GMT,61.224.72.22:3100,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:35:26 +8:00 GMT,61.217.57.185:4434,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:36:32 +8:00 GMT,61.166.65.100:500,61.217.7.237:500,UDP
FWIN,2001/08/04,21:36:49 +8:00 GMT,61.166.65.100:3509,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:40:03 +8:00 GMT,61.137.108.199:4879,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:41:31 +8:00 GMT,61.153.71.137:3665,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:43:45 +8:00 GMT,61.217.229.137:1056,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:44:39 +8:00 GMT,61.18.155.105:4842,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:47:33 +8:00 GMT,61.217.105.142:1198,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:48:56 +8:00 GMT,61.217.29.87:3179,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:49:26 +8:00 GMT,210.100.245.23:4693,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:51:27 +8:00 GMT,61.217.208.191:3311,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:51:38 +8:00 GMT,207.69.120.3:3849,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:55:36 +8:00 GMT,61.217.55.87:3987,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:55:59 +8:00 GMT,61.217.214.124:1401,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,21:59:38 +8:00 GMT,61.217.105.142:3762,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,22:00:27 +8:00 GMT,61.217.53.239:3372,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,22:03:21 +8:00 GMT,61.217.66.159:2253,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,22:05:46 +8:00 GMT,61.217.61.130:3578,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,22:08:25 +8:00 GMT,211.220.79.53:2085,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,22:08:30 +8:00 GMT,61.217.13.190:3248,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,22:08:41 +8:00 GMT,61.217.200.183:4378,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,22:09:12 +8:00 GMT,61.217.105.142:3211,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,22:10:37 +8:00 GMT,61.217.26.244:3591,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,22:11:03 +8:00 GMT,61.217.223.77:4266,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,22:12:47 +8:00 GMT,61.217.209.115:3634,61.217.7.237:80,TCP (flags:S)
FWIN,2001/08/04,22:18:12 +8:00 GMT,61.216.19.218:1663,61.216.19.152:80,TCP (flags:S)
FWIN,2001/08/04,22:18:40 +8:00 GMT,61.216.219.168:4540,61.216.19.152:80,TCP (flags:S)
FWIN,2001/08/04,22:18:47 +8:00 GMT,61.75.39.67:2487,61.216.19.152:80,TCP (flags:S)
FWIN,2001/08/04,22:20:19 +8:00 GMT,61.216.28.178:3304,61.216.19.152:80,TCP (flags:S)
FWIN,2001/08/04,22:20:44 +8:00 GMT,61.216.114.105:4874,61.216.19.152:80,TCP (flags:S)
FWIN,2001/08/04,22:20:52 +8:00 GMT,61.224.179.39:4295,61.216.19.152:80,TCP (flags:S)
FWIN,2001/08/04,22:21:53 +8:00 GMT,61.216.58.80:1610,61.216.19.152:80,TCP (flags:S)
FWIN,2001/08/04,22:22:17 +8:00 GMT,61.216.243.178:2239,61.216.19.152:80,TCP (flags:S)
FWIN,2001/08/04,22:22:39 +8:00 GMT,61.216.4.75:4484,61.216.19.152:80,TCP (flags:S)
FWIN,2001/08/04,22:22:54 +8:00 GMT,61.216.28.6:1261,61.216.19.152:80,TCP (flags:S)
FWIN,2001/08/04,22:23:17 +8:00 GMT,61.216.114.20:1704,61.216.19.152:21,TCP (flags:S)
LOCK,2001/08/04,22:23:24 +8:00 GMT,Outlook Express,127.0.0.1,N/A
FWIN,2001/08/04,22:23:24 +8:00 GMT,61.216.149.248:2545,61.216.19.152:80,TCP (flags:S)
FWIN,2001/08/04,22:26:14 +8:00 GMT,61.128.101.219:2401,61.216.19.152:80,TCP (flags:S)
FWIN,2001/08/04,22:26:31 +8:00 GMT,61.216.99.253:4295,61.216.19.152:80,TCP (flags:S)
FWIN,2001/08/04,22:27:08 +8:00 GMT,61.216.23.68:4855,61.216.19.152:80,TCP (flags:S)
FWIN,2001/08/04,22:28:34 +8:00 GMT,61.216.193.222:3284,61.216.19.152:80,TCP (flags:S)
FWIN,2001/08/04,22:30:00 +8:00 GMT,61.217.28.40:1177,61.216.19.152:80,TCP (flags:S)
FWIN,2001/08/04,22:38:19 +8:00 GMT,61.216.28.178:2694,61.216.16.99:80,TCP (flags:S)
FWIN,2001/08/04,22:38:45 +8:00 GMT,61.216.118.162:3321,61.216.16.99:80,TCP (flags:S)

**CCplus** · 2001-08-04, 11:13 PM

還以為只有我這樣...
會不會是最近red code的關係??

**k1010854** · 2001-08-04, 11:25 PM

對啊,我是用BlackICE從昨天下午起機乎沒有間斷都是port probe
211.75.140.178
211.75.215.130
211.75.225.131
211.75.232.39
..............
開機不到30分鐘intruders機乎滿了,太恐怖了.

**hjm** · 2001-08-04, 11:37 PM

最初由 CCplus
還以為只有我這樣...
會不會是最近red code的關係??

我的也是一樣ㄝ,"但是是我掃别人的port"~~~
可能是中了red code病毒的關係吧,我不是很確定~~~
後來去安裝微軟修正程式(Windows 2000 Service Pack 2),就不會了(修正程式"軟體王"那裡可以下載,約101.22MB)
我的OS:Win2k server

**shawn888** · 2001-08-04, 11:59 PM

我也是
東森的整個range對我的80狂衝........

**Edwaids** · 2001-08-05, 01:23 AM

這個問題我這幾天剛碰到
也處理完了,建議有問題的朋友可以到這看看
http://www.pczone.com.tw/showthread.php?t=16362

**joe.oo** · 2001-08-05, 07:44 PM

我也是耶 !!
一堆 Hinet 的 IP , 也有來自大陸的,
反查了一下, 全都是 IIS 5.0 的 Server

**kenlai** · 2001-08-05, 08:44 PM

我的跟大家的不太一樣...
我架的 Server 是被狂掃 80 之外沒有用到的 Port...
像是什麼 40xx, 3xxx ....等等。
(** 突然想到: 該不會因為我在 ZoneAlarm 裡設定 Apache 可以變成 Internet 的 Server 的關係，所以沒發現 Port 80 的問題嗎?!)

然後來源 IP 有從大陸、韓國、台灣、日本來的...
哇哩咧...我才想說我那個小小的實驗站名氣沒那麼大吧...
懷疑是跟這個病毒有關..

目前我的 Server 好像都連不上耶...
本機可以，但 LAN 和外部網路都連不上我的 Server...
LAN 內的電腦即便連上了，速度也很慢...

可是我裝的是 Apache 1.3.20，也會被侵入嗎?
我也早就裝了 SP2 了說...
今天才看到 Post，明天到學校去裝那個 Win2000 的 SP3 修補看看...

架設平台：
Win2000 Server + SP2
Apache 1.3.20
PHP 4.0.6
MySQL 3.23.32
Zone Alarm 2.6.88 (Free 版)