I will follow the path you have set out here learn, much clearer than anyting i have found outside of private (an very expensive) seminars.

I am VERY interested in 209.160.21.76. I have a spare and old machine running Windows server 2003. Its my mps player. Its ports were cut down to a total minimum. To do that I accessed some ex-colleagues in a major countrie’s DOD. I was given the doc, and managed to cut everything down to less than 3 ports open, then shielded them by a very good software firewall, IE was never used except for update. It has always been kept up-to-date on a weekly basis.

Now I am supposed to have an “infection” on this machine. On reboot it tries to connect to 209.160.21.76. But there is nothing in any scan I have tried (Kasprksy, AVG, Boclean running) that tells me I have an infection. HJT is clean, nothing unknown. IceAword shows what I would expect, the firewall hooks(Comodo). But some how, on this inocent little machine, some bastard has managed to find a way n. Connections are zero, the entrie domain of 209.160.0.255 to 209.160.255.255 is excluded from internet transactions. But it keeps trying, and I can’t see from where. But I WILL get it. I WILL find the fucker who did it, and more importantly, I will find out how to protect the 353 machines I live with better.

Thanks for the post dude. You are obviously way beyond me in coding, but you gave me a huge leg up. Most of the real gurus seem to target the corporate networks and megabucks. Most fail, but they leave a trail behind of people who don’t believe.

Mine is MY network. I rent it out for a pittance (cost plus) to local bands and smal companies. It a good deal for them and I get to learn a lot. 10 years on no, 3 OS’s.

Thanks! I’ll get the bastard one way or another. I had a company in Iran who rented space for a fashion company. So I checked all their jvs for problems (only jvs allowed on my sites), it was clean.

Then I found a leak going upstream, found the site that was drawing it. They were distributing KP (CP CHild-porn) from one of my servers and hadn’t paid a cent! So I wnt to windows update and the firewall updateand fixed that.

You are so ahead of the game that my minor problems are “under the horizon”, but your musings on-line have helped my brain re-engage. Now I don’t groan and hang my head down nad say “fuck it, who cares”. I jump up and say to myself “last post you made is for her friends” Then I look at the calendar and realise i graduated 2 years ago. It’s OK.

I’ve changed from monitoring 0 to monitoring 65%

Thanks a bunch. I got a lot of reading to do now!

Real meaty post. Even though you introduced it as a taster.

God bless!

When I find out who, I’ll hang the bones on the door as I leave!