are you running apache webserver?
ftp? (w/exit pgm?)
netserver?
dns?
is outside stuff blocked at firewall??
jim franz

----- Original Message ----- From: <stenore@xxxxxxx>
To: <midrange-l@xxxxxxxxxxxx>
Sent: Friday, September 07, 2007 8:55 AM
Subject: Re: Someone hacking my i5?


Try this website http://www.ip-adress.com/index.php?rv=ec6c52cccdea5e368b6064f2a8e5632d

the 222.216.28.135? comes up to





IP address:

222.216.28.135 (Copy)



IP country:

China



IP address state:

Guangxi



IP address city:

Nanning



IP latitude:

22.816700



IP longitude:

108.316597



ISP:

CHINANET Guangxi province network



Organization:

CHINANET Guangxi province network



Local Time:

2007-09-07 20:46




All but hte last one are from China currently

The last one is a US address




IP address:

38.98.163.9 (Copy)



IP country:

United States



IP address state:

Illinois



IP address city:

Chicago



IP latitude:

41.867500



IP longitude:

-87.674400



ISP:

Performance Systems International



Organization:

Performance Systems International



Local Time:

2007-09-07 07:47



?



















-----Original Message-----
From: Jim Franz <franz400@xxxxxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Sent: Fri, 7 Sep 2007 8:36 am
Subject: Re: Someone hacking my i5?



what tcp servers are running?
use netstat cmd and opt 3 to display connections
see what remote addresses connected
jim franz
----- Original Message ----- From: "albartell" <albartell@xxxxxxxxx>
To: "'Midrange Systems Technical Discussion'" <midrange-l@xxxxxxxxxxxx>
Sent: Friday, September 07, 2007 8:33 AM
Subject: Someone hacking my i5?


I was doing a DSPMSG QSYSOPR today and noticed some messages I am not used
to seeing and was curious to know if anybody might know where they are
coming from.

TCP/IP connection to remote system 222.216.28.135 closed, reason code 2.
TCP/IP connection to remote system 125.65.112.108 closed, reason code 2.
TCP/IP connection to remote system 222.216.28.135 closed, reason code 2.
TCP/IP connection to remote system 38.98.163.9 closed, reason code 2.
...

Reason codes and their meanings follow:
2 = TCP connection closed due to R2 retry threshold being run.


None of those IP addresses are from my LAN/WAN (obviously).

Thanks,
Aaron Bartell
http://mowyourlawn.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



________________________________________________________________________
Email and AIM finally together. You've gotta check out free AOL Mail! - http://mail.aol.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.