thelowlyone Posted February 14, 2007 Share Posted February 14, 2007 Hi everyone, I recently did a route print on a Windows 2003 Server running Windows Media Services. There are a lot of IPs in there that don't belong to me. And when I delete them "new" ones are added about an hour later all from the same IP range. What does this mean? Is someone trying to take my content? Quote Link to comment Share on other sites More sharing options...
Sparda Posted February 14, 2007 Share Posted February 14, 2007 What do you mean by 'route print'? Quote Link to comment Share on other sites More sharing options...
Operator Posted February 14, 2007 Share Posted February 14, 2007 route print is a windows command line tool to show the current routing table and add/remove routes etc. like the route command in Linux. seems weird that routes would be adding themselves. you say from the same subnet so its not the same routes each time? and when are they re-added? after a reboot? restarting a program? Quote Link to comment Share on other sites More sharing options...
thelowlyone Posted February 14, 2007 Author Share Posted February 14, 2007 Thanks for the replies. The routes are added ~1 hour after I remove them. And yes they're not the same routes but are from the same IP range (ex. they all start with 66.xxx.xxx.xxx). I don't do anything and they just "appear" about an hour after I remove them. Is my server compromised? Quote Link to comment Share on other sites More sharing options...
Operator Posted February 15, 2007 Share Posted February 15, 2007 interesting. if there being re-added exactly an hour after you remove them i would suspect some program is doing it. check to see what processes are running etc and look for anything that does not look normal. also check event logs all tha usual stuff. Quote Link to comment Share on other sites More sharing options...
Deveant Posted February 15, 2007 Share Posted February 15, 2007 also i suggest randomly googl'ing one of the IP's, such as in google just type "x.x.x.x" and see if it comes up being zombie, or such. Quote Link to comment Share on other sites More sharing options...
thelowlyone Posted February 16, 2007 Author Share Posted February 16, 2007 Thanks for the suggestions. Will try when I get home. Quote Link to comment Share on other sites More sharing options...
thelowlyone Posted February 17, 2007 Author Share Posted February 17, 2007 Its been a few days now and there the problem seems to have solved itself. The routes are no longer being added. I found that the IPs belong to a ISP in Canada. Thanks for all the help though. Quote Link to comment Share on other sites More sharing options...
Operator Posted February 17, 2007 Share Posted February 17, 2007 kool, glad to here its fixed Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.