Post: Kernel intrusion
Options
12-14-2011, 01:49 AM
#1
Blackfin
Brute
IP Address 1 124.14.10.67 is in china
IP Address 2 200.206.118.190 is in brazil
this is really ****ing up my internet and causes me to disconnect from the router
this is what the Log from my router says ----
Dec 14 01:19:09 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=200.206.118.190 DST=90.21.186.25 LEN=52 TOS=0x04 PREC=0x00 TTL=112 ID=28165 DF PROTO=TCP SPT=64602 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0
Dec 14 01:30:45 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=124.14.10.67 DST=90.21.186.25 LEN=40 TOS=0x04 PREC=0x00 TTL=101 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Dec 14 01:35:11 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=114.42.139.95 DST=90.21.186.25 LEN=48 TOS=0x04 PREC=0x00 TTL=110 ID=46641 DF PROTO=TCP SPT=3547 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 14 01:35:14 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=114.42.139.95 DST=90.21.186.25 LEN=48 TOS=0x04 PREC=0x00 TTL=110 ID=46850 DF PROTO=TCP SPT=3547 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 14 01:35:20 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=114.42.139.95 DST=90.21.186.25 LEN=48 TOS=0x04 PREC=0x00 TTL=110 ID=47185 DF PROTO=TCP SPT=3547 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
if someone can help id be very greatful
Note iv tried everything i can think of
12-14-2011, 03:03 AM
#3
Pichu
PICHU.
PICHU.
Originally posted by Expert
hey guys sorry to bother you again... but the issue has still not been fixed some F**cker is doin/trying to access my pc
IP Address 1 124.14.10.67 is in china
IP Address 2 200.206.118.190 is in brazil
this is really ****ing up my internet and causes me to disconnect from the router
this is what the Log from my router says ----
Dec 14 01:19:09 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=200.206.118.190 DST=90.21.186.25 LEN=52 TOS=0x04 PREC=0x00 TTL=112 ID=28165 DF PROTO=TCP SPT=64602 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0
Dec 14 01:30:45 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=124.14.10.67 DST=90.21.186.25 LEN=40 TOS=0x04 PREC=0x00 TTL=101 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Dec 14 01:35:11 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=114.42.139.95 DST=90.21.186.25 LEN=48 TOS=0x04 PREC=0x00 TTL=110 ID=46641 DF PROTO=TCP SPT=3547 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 14 01:35:14 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=114.42.139.95 DST=90.21.186.25 LEN=48 TOS=0x04 PREC=0x00 TTL=110 ID=46850 DF PROTO=TCP SPT=3547 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 14 01:35:20 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=114.42.139.95 DST=90.21.186.25 LEN=48 TOS=0x04 PREC=0x00 TTL=110 ID=47185 DF PROTO=TCP SPT=3547 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
if someone can help id be very greatful
Note iv tried everything i can think of
IP Address 1 124.14.10.67 is in china
IP Address 2 200.206.118.190 is in brazil
this is really ****ing up my internet and causes me to disconnect from the router
this is what the Log from my router says ----
Dec 14 01:19:09 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=200.206.118.190 DST=90.21.186.25 LEN=52 TOS=0x04 PREC=0x00 TTL=112 ID=28165 DF PROTO=TCP SPT=64602 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0
Dec 14 01:30:45 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=124.14.10.67 DST=90.21.186.25 LEN=40 TOS=0x04 PREC=0x00 TTL=101 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Dec 14 01:35:11 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=114.42.139.95 DST=90.21.186.25 LEN=48 TOS=0x04 PREC=0x00 TTL=110 ID=46641 DF PROTO=TCP SPT=3547 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 14 01:35:14 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=114.42.139.95 DST=90.21.186.25 LEN=48 TOS=0x04 PREC=0x00 TTL=110 ID=46850 DF PROTO=TCP SPT=3547 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 14 01:35:20 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=114.42.139.95 DST=90.21.186.25 LEN=48 TOS=0x04 PREC=0x00 TTL=110 ID=47185 DF PROTO=TCP SPT=3547 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
if someone can help id be very greatful
Note iv tried everything i can think of
Just like what HecmanHD said, he is most likely using a proxy but what I am also guessing is he has a RAT setup on your computer and well it has been caught but isn't deleted so he is continuously trying to remotely connect.
Do a full system scan while your computer internet is shutoff, check Temp folders and %appdata% as these are more likely the places where something will be.
12-14-2011, 03:23 AM
#4
Blackfin
Brute
Originally posted by Sublimity
Just like what HecmanHD said, he is most likely using a proxy but what I am also guessing is he has a RAT setup on your computer and well it has been caught but isn't deleted so he is continuously trying to remotely connect.
Do a full system scan while your computer internet is shutoff, check Temp folders and %appdata% as these are more likely the places where something will be.
Do a full system scan while your computer internet is shutoff, check Temp folders and %appdata% as these are more likely the places where something will be.
i have done this mate :/ but il try again is there any other way i can get rid of it
12-14-2011, 03:43 AM
#6
Pichu
PICHU.
PICHU.
Originally posted by Expert
i have done this mate :/ but il try again is there any other way i can get rid of it
Try and download something called Nod-32 and run a scan. If it continues you may need to just offload your most important files, then reformat your computer and reinstall everything from legit sources.
Originally posted by z
i would do a system restore just to be sure that its gone
Sadly, most people don't have system restores.
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
