security » Hack attempt? »
Hack attempt?
Today I got these strange firewall reports of someone trying to access my lsass.exe.
Type | Program | Source IP | Direction
New Server Program | system32\lsass.exe | 221.201.209.56 | Incoming (accept)
-
Program Access | lsass.exe | - | Incoming (accept)
-
Repeat Server Program | system32\lsass.exe | 124.64.45.14 | Incoming (accept)
-
Program Access | lsass.exe | - | Incoming (accept)
-
Repeat Program | system32\lsass.exe | - | (data)
-
Program Access | lsass.exe | - | (data)
I've run a little trace on those two IP's that showed up and they both pointed to China, first one was somewhere from Liaoning and the other one from Beijing.
Both from same ISP: CNCGROUP Liaoning/Beijing Province Network
Was this really a hack attempt on my computer?
posted by Shaddar :: 2007-03-06 13:23:17
[reply]
Could be.
posted by amaranthinenight :: 2007-03-06 22:22:33
[reply]
is all that "New server Program | system32\lsass,exe ...etc" from the log of your firewall??
posted by Bry Spy :: 2007-03-07 12:27:35
[reply]
yes, it's from my Zone Alarm's FW log
posted by Shaddar :: 2007-03-07 17:27:22
[reply]
tbvh it has properties of an automated program.... and to be honest, the ip was more than likely a proxy...for eg. my ip from hour to hour reads that im in america, suadi arabia, new zeland, germany, canada, italy, and even china....only disadvantage of being hidden behind china ip is that google is banned...
and oh yeah....they were trying to hack you.... lsass.exe is a system process of the Microsoft Windows security mechanisms. It specifically deals with local security and login policies. This program is important for the stable and secure running of your computer and should not be terminated
hope that helps somewhat ...
posted by Skalragg :: 2007-03-25 20:16:58
[reply]
| 
