DoD trying to hack me?

[Dark_Matter]

For the last 6 hours the Department of Defense has been scanning my dedicated boxes i'm starting to wonder wtf is up. I'm about to email them. Anyone else ever have this?

webgeekshosting:~# whois 29.40.189.98

OrgName:    DoD Network Information Center

OrgID:      DNIC

Address:    3990 E. Broad Street

City:      Columbus

StateProv:  OH

PostalCode: 43218

Country:    US

NetRange:  29.0.0.0 - 29.255.255.255

CIDR:      29.0.0.0/8

NetName:    MILX25-TEMP

NetHandle:  NET-29-0-0-0-1

Parent:

NetType:    Direct Allocation

Comment:    Defense Information Systems Agency

Comment:    Washington, DC 20305-2000 US

RegDate:

Updated:    2002-10-07

OrgTechHandle: MIL-HSTMST-ARIN

OrgTechName:  Network DoD

OrgTechPhone:  +1-800-365-3642

OrgTechEmail:  [email protected]

[richcornucopia]

Could be somebody spoofing that ip to make it look like its the dod.

[dlewis23]

thats not the Department of Defense they don't do that, and if they did they you would not know it was happening. let me know when the FBI or air force is doing it.

[DJVageli]

Yea join the club,Ive been getting scanned left and right the past week lol,atleast yours is from inside the US most likely,Ive been getting attacked from Japan

[Swimmer]

http://www.testmy.net/articles/article-352

might be part of that..

[Dark_Matter]

I did some tests, and i know that it is indeed the DoD scanning me. I also emailed them with the info i have in hopes of a response if, and when i recieve that response it will be posted here.   

[Swimmer]

hahaha.. doubt they will say anything back..

[Dark_Matter]

Most likely not, but atleast they know i have enough balls to say hey YOU!!! Department of Defense!!!! What's Up With That!!!! LOL 

[insideout]

could part of the patriot act; maybe they think you're a terrorist. or worse...they think you're watching porn!

[boywonder]

Hey I live in that area  I believe it's DFAS (Defense, Finance and Accounting Services) Had to go there alot after I got out of the military..

[pitbull481]

How do you know if someone is scanning your files?

[boywonder]

pitbull481, It should come up under inbound events in your firewall.

[FallowEarth]

Your firewall is picking it up, so that's a good sign.  But it's not DoD, that's spoofed.  And it's called a port scan.  They're looking for vulnerabilites in your security.  I used to get scanned, but you can pick up these pretty little programs that zap them back, just to say: "Hello, piss off."

[Blunted 2]

what kind of pretty little programs are you talking about?

[boywonder]

I was wondering the same thing..and if you could write your own message

[Dark_Matter]

I use SNORT IDS (Intrusion Detection System), and IP tables rules for my dedicated boxes, MY IDS is what actually picks up scans, and such.

[FallowEarth]

My my, ambitous little ones, aren't we all?

You can find everything you need here: [LINK]

Just understand that you must sort through 99.99% crap before you find something useful.  If you're hungry enough, you'll get fed.

Here is the best place to educate yourself in order to brush up on your 1337 H4C|<3R S|<1llz: [LINK] (or so I've heard)

But a word of advice: don't go jumping in over your head and do something stupid.  There are a lot of programs out there that make you feel like you're doing a lot of bad, but really are just silliness.  There are a lot of ppl out there who are a hell of a lot smarter than you, and some even more sadistic.  Just remember boys and girls:

[Dark_Matter]

LOL I'm aware of what's out there i went to college for 5 years doing programing, and network security, then after college spent 2 years doing pen testing for a private firm. We did pen testing on some high priority networks, but thanks for your concern i feel luved awwwwwwwwwwww   

[boston617]

I haven't been hit by the DoD, but I keep getting hit by an IBM server out of N. Carolina. It's been going on for the past two days. The whois search listed it as IBM-1.

[DJVageli]

Isnt it weird how we are all getting hit recently,and by a bunch of spoofed IP addresses

[FGOKURULES]

at the command line "NETSTAT" allows you to see at any moment who and what are using what ports on your computer at any time... I always do this from time to time and if I see an ip polling me too long I send them A NICE LITTLE TREAT 

[resopalrabotnick]

to bounce the casual port scan just set your router to block them and not even reply to them or react in any other way. that makes it look like the ip they are scanning is inactive. best way to be is not even there. those portscans are usually after trojans, backdoors and other little bastards already running on a system that has been infected at some point. they will check either those ports known to be used by certain infections or just scan everything to see if anything is open and will allow them to get a foot in the door. keep in mind that even if a port is open it doesn't mean someone can take over the computer. more thngs have to happen for that to take place.

as for zapping back, it's problematic. say they are spoofing a DoD addy. what are you going to do, zap back at a DoD server? that sounds like something very complicated to explain to the FBI when they come around to see just what in blue blazes you are trying to do. and even if you manage to get back at the bastards probing you who's to say that they won't log your attack on them and report you to the authorities. it /is/ illegal to do stuff like that. sure, you can tell the judge that they attacked you first, but two wrongs don't make a right. best case is you end up sharing a cell with the original attacker and bubba.

stealth your system, put a good firewall behind that and watch 'em bounce off. you don't go jumping around on every fly that hits your cars windshield either, right?

[Swimmer]

still no response?  what a suprise..

[FGOKURULES]

Thats Funny,,, and yet it profounds me.... BUT IT IS STILL FUNN>>> ANY EYE FOR AN EYE

[prizmwolf]

100% spoofing