Homer Wells
(1000+ posts)
Send PM |
Profile |
Ignore
|
Tue May-02-06 08:23 PM
Original message |
I've got a question of a technical nature |
|
I run System Suite 6 on my PC, and recently I got a message regarding my Firewall. It said that some hostile website was attempting to break into my system, but had been blocked by the SS6 Firewall program. I then went to the Security log, clicked on the IP shown and did a back search. The name of the organization attempting this security breach blew my mind.
It said that it was Halliburton Corp and gave the address and phone number of the organization. Thinking this might be a prank, I dialed up the number given on this report, and -lo and behold-I got this pleasant, Texas accented female voice saying , "Thank you for calling Halliburton, How may I help you?"
I am wondering just why in the hell Halliburton would be trying to break into my system. I went through my security logs, and found this had happened numerous times in the past few weeks.
Any idea what this is all about?? I'm really quite curious,and perhaps a bit uncomfortable about this. Since the firewall caught it, I assume they have not gotten into my system yet. I would appreciate any info or ideas about this.
Thanks:shrug:
Steve:dilemma:
|
Peanutcat
(492 posts)
Send PM |
Profile |
Ignore
|
Tue May-02-06 08:25 PM
Response to Original message |
1. Did you think to ask them? |
Burried News
(1000+ posts)
Send PM |
Profile |
Ignore
|
Tue May-02-06 08:27 PM
Response to Original message |
2. What's their phone number? Maybe we can all ask them. Only kidding. |
Old and In the Way
(1000+ posts)
Send PM |
Profile |
Ignore
|
Tue May-02-06 08:29 PM
Response to Original message |
3. Maybe Halliburton is doing a little intel. |
|
Why wouldn't major corporations try to see what people may be reading about them or their competitors, stored on their computers? I don't think an ethically challenged company would have a problem. Hell, they may be doing it as a proxy for this administration.
|
Tandalayo_Scheisskopf
(1000+ posts)
Send PM |
Profile |
Ignore
|
Tue May-02-06 08:37 PM
Response to Original message |
4. What might have happened: |
|
Many major companies are, these days, scrimping on IT investment and maintenance. They run with what amounts to skeleton crews that are over-worked and underpaid and who don't have time to get to everything that they know they should do to have a properly running system.
One of the places they scrimp is on security and security audits.
I suspect that either a desktop machine or a server has been comprimised with a bot program. These programs go out and scan ranges of IP addresses for open ports. When they find an open port, they install a clone of itself. In that way, a swarm of bots is made. These bots can be used for DDoS attacks, spam generation and other things.
If you had a "real"(hardware and more sophisticated) firewall, the logs would possably show that just before the attack, the same IP address ran a portscan of your machine.
|
Homer Wells
(1000+ posts)
Send PM |
Profile |
Ignore
|
Tue May-02-06 08:37 PM
Response to Original message |
5. This is the printout of the report for this site |
|
OrgName: Halliburton Company OrgID: HALLIB-1 Address: 10200 Bellaire Blvd City: Houston StateProv: TX PostalCode: 77072-5299 Country: US NetRange: 34.0.0.0 - 34.255.255.255 CIDR: 34.0.0.0/8 NetName: HALLIBURTON NetHandle: NET-34-0-0-0-1 Parent: NetType: Direct Assignment NameServer: A4.NSTLD.COM NameServer: F4.NSTLD.COM NameServer: G4.NSTLD.COM NameServer: H4.NSTLD.COM NameServer: J4.NSTLD.COM NameServer: L4.NSTLD.COM Comment: RegDate: 1991-03-11 Updated: 2004-05-03 OrgAbuseHandle: IAP2-ARIN OrgAbuseName: IP Abuse POC OrgAbusePhone: +1-281-575-3000 OrgAbuseEmail: ipabuse@halliburton.com OrgTechHandle: DNSAD52-ARIN OrgTechName: DNSADMIN POC OrgTechPhone: +1-281-575-3000 OrgTechEmail: dnsadmin@halliburton.com # ARIN WHOIS database, last updated 2006-04-06 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. Done
|
originalpckelly
(1000+ posts)
Send PM |
Profile |
Ignore
|
Tue May-02-06 08:42 PM
Response to Reply #5 |
6. Now that is some bullshit... |
|
What the hell are they doing, a private corporation, trying to hack a computer. I don't think you understand, it is my belief you can sue them.
|
Tandalayo_Scheisskopf
(1000+ posts)
Send PM |
Profile |
Ignore
|
Tue May-02-06 08:43 PM
Response to Reply #5 |
7. That is a standard WHOIS listing. |
|
It simply tells us that the IP from which this attack seemed to be coming from was within the Halliburton assigned IP pool. There is a slight possibility that the IP was spoofed.
More likely a bot-comprimed machine. Not as rare as one might think.
|
KyuzoGator
(1000+ posts)
Send PM |
Profile |
Ignore
|
Tue May-02-06 08:45 PM
Response to Original message |
8. It is very unlikely really an attack from Halliburton. |
|
Looks like a cloned IP. Similar to receiving spoof e-mails with a legitimate return address.
|
AnnieBW
(1000+ posts)
Send PM |
Profile |
Ignore
|
Tue May-02-06 09:02 PM
Response to Original message |
|
A computer at Halliburton probably got a trojan that turned it into a zombie. The trojan is propagating itself.
I guess Halliburton does network security as well as they do everything else. :eyes:
|
Homer Wells
(1000+ posts)
Send PM |
Profile |
Ignore
|
Tue May-02-06 09:06 PM
Response to Original message |
10. Thanks to all for responding |
|
I'm not a tecchie myself, but it did make me wonder. With all the noise being made about these guys out there in Bush-land, it just seemed to me to be a bit worrisome. Sometimes, when they are out to get you, paranoia is just good thinking!!:scared:
Again, thanks for the information. you guys are great!!:toast:
|
dweller
(1000+ posts)
Send PM |
Profile |
Ignore
|
Tue May-02-06 09:37 PM
Response to Original message |
11. yeah, i know how you feel |
|
whereas in my case it's always always the Chinese scanning my computer according to my firewall.
dp
|
DU
AdBot (1000+ posts) |
Tue May 07th 2024, 05:18 PM
Response to Original message |