Apparently someone from "The Computer Guy" IP range (or someone acting as someone from there) got rcp.exe to run on my machine, attempting to contact 216.30.236.32 port 514. I detected this with ZoneAlarm.
The reason I'm posting here is because I've just installed JBoss and MySQL on my machine, and until this point, I have never had this type of attack before. It happened right around the time I accessed the JBoss JMX console for the first time from over the Internet (I accessed my home PC from work). I have a non-static IP, so I'm running the No-IP DUC I can find my machine on the Internet. Could someone wager a guess as to what happened at 8:42 this morning? What was attempted? How was it done? I password protected my JBoss JMX and Management consoles, but of course it's only with basic authentication, which is really nothing if someone wants to snoop. Is there something in one of the interfaces that get installed with JBoss that would allow for someone to start a remote copy? Thanks. --Dale-- -----------DETAILS------------Â-- Description TCP/IP Remote Copy Command requested permission to access the internet. Rating High Date / Time 2005/04/01 08:42:04-5:00 GMT Type New Program Program C:\WINDOWS\system32\rcp.exe Source IP Destination IP 216.30.236.36:514 Direction Outgoing (connect) Action Taken Blocked (once)/Manual Count 1 CustName: The Computer Guy Address: 5306 McCorkle Ave City: Charleston StateProv: WV PostalCode: 25302 Country: US RegDate: 2004-06-23 Updated: 2004-06-23 NetRange: 216.30.236.32 - 216.30.236.39 CIDR: 216.30.236.32/29 NetName: CUST-THECOMPUTERGUY-216-NET1 NetHandle: NET-216-30-236-32-1 Parent: NET-216-30-192-0-1 NetType: Reassigned Comment: RegDate: 2004-06-23 Updated: 2004-06-23 OrgTechHandle: FIA2-ARIN OrgTechName: FiberNet IP Administrator OrgTechPhone: +1-304-720-0200 OrgTechEmail: [EMAIL PROTECTED] View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3872431#3872431 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3872431 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95&alloc_id396&op=click _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user