Security Issue? Anyone know anything about APS Telecom?

  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Some specs first:
Win2k OS
Siemens SpeedStream router with ZoneAlarm firewall
Symantec Corp Edition Virus protection
Adaware (ran frequently)
Comcast internet connection

Here's my original problem for reference: http://www.ozzu.com/mswindows-forum/ozzu-page-load-problems-resolved-ummm-resolved-again-t20431.html

The lag time in displaying pages on my home computer has been driving me nuts. I think it was yesterday I nixed a couple Adware/Spyware stuff via Adaware. Tonight, when I ran it I had only 10 tracking cookies from sites I visited today...nothing malicious.

Earlier, I was having the darndest time getting pages to load, not just at OZZU, but virtually anywhere I was trying to surf. At some point I got fed up and ran Netstat several times and identified APS Telecom had multiple time-wait active connections to multiple ports (almost in sequence -- below is a sample):

Quote:

Active Connections

Proto Local Address Foreign Address State
TCP master:1424 207.246.136.193:http TIME_WAIT
TCP master:1468 216.239.57.99:http ESTABLISHED
TCP master:1478 216.195.36.3:http TIME_WAIT
TCP master:1481 216.195.36.3:http TIME_WAIT
TCP master:1482 216.195.36.3:http TIME_WAIT
TCP master:1483 216.195.36.3:http TIME_WAIT
TCP master:1484 216.195.36.3:http TIME_WAIT
TCP master:1485 216.195.36.3:http TIME_WAIT
TCP master:1486 216.195.36.3:http TIME_WAIT
TCP master:1487 216.195.36.3:http TIME_WAIT
TCP master:1488 216.195.36.3:http TIME_WAIT
TCP master:1489 216.195.36.3:http TIME_WAIT
TCP master:1490 216.195.36.3:http TIME_WAIT
TCP master:1491 216.195.36.3:http TIME_WAIT
TCP master:1493 216.195.36.3:http TIME_WAIT
TCP master:1494 216.195.36.3:http TIME_WAIT
TCP master:1496 216.195.36.3:http TIME_WAIT
TCP master:1502 216.195.36.3:http TIME_WAIT
TCP master:1504 216.195.36.3:http TIME_WAIT
TCP master:1506 216.195.36.3:http LAST_ACK
TCP master:1509 216.195.36.3:http TIME_WAIT



C:\Documents and Settings\Administrator>tracert 216.195.36.3

Tracing route to 216.195.36.3 over a maximum of 30 hops

1 * * * Request timed out.
2 15 ms 16 ms 16 ms 10.171.168.1
3 15 ms 16 ms <10 ms 12.244.88.145
4 15 ms 16 ms <10 ms 12.244.65.5
5 16 ms 16 ms 15 ms 12.244.65.1
6 16 ms 15 ms 31 ms 12.125.176.121
7 32 ms 15 ms 31 ms gbr2-p70.phlpa.ip.att.net [12.123.137.26]
8 31 ms 16 ms 31 ms tbr2-p012601.phlpa.ip.att.net [12.122.12.109]
9 31 ms 16 ms 31 ms tbr1-cl9.wswdc.ip.att.net [12.122.2.85]
10 47 ms 16 ms 31 ms ggr1-p360.abnva.ip.att.net [12.123.217.1]
11 16 ms 31 ms 16 ms p11-0.pr01.iad01.atlas.psi.net [154.54.11.109]
12 31 ms 16 ms 47 ms p1-0.core02.dca01.atlas.cogentco.com [154.54.2.2
01]
13 31 ms 47 ms 32 ms p14-0.core01.atl01.atlas.cogentco.com [66.28.4.1
61]
14 47 ms 47 ms 47 ms p14-0.core01.mco01.atlas.cogentco.com [66.28.4.1
53]
15 47 ms 47 ms 31 ms p14-0.core01.tpa01.atlas.cogentco.com [66.28.4.1
42]
16 63 ms 62 ms 63 ms p5-0.core01.iah01.atlas.cogentco.com [66.28.4.45
]
17 94 ms 109 ms 94 ms p14-0.core01.san01.atlas.cogentco.com [66.28.4.6
]
18 93 ms 94 ms 109 ms p4-0.core01.lax01.atlas.cogentco.com [66.28.4.77
]
19 94 ms 94 ms 109 ms p14-0.core01.sjc01.atlas.cogentco.com [66.28.4.7
4]
20 94 ms 109 ms 94 ms g7.ba21.b005946-0.sjc01.atlas.cogentco.com [38.1
12.34.118]
21 * * * Request timed out.
22 * * * Request timed out.
23 * * 109 ms 216.195.36.3

Trace complete.

C:\Documents and Settings\Administrator>netstat

Active Connections

Proto Local Address Foreign Address State
TCP master:1752 209.66.122.99:http TIME_WAIT
TCP master:1753 209.66.122.99:http TIME_WAIT
TCP master:1760 209.66.122.99:http TIME_WAIT
TCP master:1761 209.66.122.99:http TIME_WAIT
TCP master:1762 209.66.122.99:http TIME_WAIT
TCP master:1768 209.66.122.99:http TIME_WAIT
TCP master:1769 209.66.122.99:http TIME_WAIT
TCP master:1773 209.66.122.99:http TIME_WAIT
TCP master:1775 209.66.122.99:http TIME_WAIT
TCP master:1780 209.66.122.99:http TIME_WAIT
TCP master:1782 66.102.7.99:http ESTABLISHED
TCP master:1783 209.66.122.99:http TIME_WAIT
TCP master:1786 209.66.122.99:http TIME_WAIT
TCP master:1789 66.102.7.104:http ESTABLISHED
TCP master:1790 209.66.122.99:http TIME_WAIT
TCP master:1791 209.66.122.99:http TIME_WAIT
TCP master:1792 209.66.122.99:http TIME_WAIT
TCP master:1795 http://www.cogentco.com:http ESTABLISHED
TCP master:1796 64.233.161.99:http ESTABLISHED
TCP master:1797 209.66.122.99:http TIME_WAIT


216.195.36.3 and 209.66.122.99 are both owned by APS Telecom. Google didn't provide much info. I ran tracert and NeoTrace and did a few whois searches and narrowed the abuse email to abuse@3fn.net

http://3fn.net is a private hosting service out of San Jose, CA, although APS Telecom appears to be from 1802 N Carson Street, Carson City, NV according to nic.com's whois search and NeoTrace results.

The second IP address appears to be owned by APS as a sub- IP range within Abovenet Communication's range.

I can't think of a reason for the life of me why a couple hosting services out of California/Nevada would have an IP that would have that many port scans going on on my computer? Any ideas? It was at those times tonight when the port scans were taking place that my internet connectivity was for crap.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • grinch2171
  • Moderator
  • Genius
  • User avatar
  • Posts: 6805
  • Loc: Martinsburg, WV

Post 3+ Months Ago

Spammer's maybe???? I wouldn't know of any other reason why you would be getting probed like that. You could bounce the Ip's off PeerGuardians list of naughty IP's? Not really sure how to do that though but it is a suggestion.
  • ModernDestroyer
  • Professor
  • Professor
  • User avatar
  • Posts: 794
  • Loc: California

Post 3+ Months Ago

Report it to the abuse email you got and give them the info and they will track them the rest of the way :twisted:
  • ThATKiD
  • Proficient
  • Proficient
  • User avatar
  • Posts: 321
  • Loc: somewere over there

Post 3+ Months Ago

wow that is strange i ran a neotrace and got the same thing. you don't have weird apps running in the back? no processes?
  • danahert
  • Born
  • Born
  • danahert
  • Posts: 1

Post 3+ Months Ago

Had IP address 209.66.114.130. Browser hijack in a PC shipped to me from Hawaii. Guess who? APS TELECOM in Nevada.

Post Information

  • Total Posts in this topic: 5 posts
  • Users browsing this forum: No registered users and 46 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.