Asian University | Forum of 5th Batch ~ View topic - 8v8.biz problem and your Local Area Network is down.
 
Asian University | Forum of 5th Batch Forum Index
Author Message

<  Resource  ~  8v8.biz problem and your Local Area Network is down.
rafiq
Posted: Fri Jan 25, 2008 12:48 am Reply with quote
Joined: 19 Apr 2007 Posts: 85 Location: Dhaka
Dear Friends,
Do you recently experience as when putting any web address in your browser it also try to link with some other site like 8v8.biz or 9gg.biz. This is a malware. It causes all disaster with ARP spoofing.

What is ARP spoofing ??

ARP spoofing is also known as ARP poisoning, is a technique used to attack an Ethernet network which may allow an attacker to sniff data frames on a local area netowrk (LAN), modify the traffic, or stop the traffic altogether. ( FROM WIKIPEDIA )

From an administrator

i am running a network of 300 computers, sometimes when 60-70 PCs are turned on my lan goes down ping comes request timed out n at that time if i try to open a webpage it comes in status bar "opening page hxxt://8v8 DOT biz" it keeps on blinking unless i close it from task manager n at the same time some PCs runs well ping run well.

Sometimes it just stop all your network, total network traffic will jammed.

Solution

Put a firewall on your gateway or something like that as

iptables -A FORWARD -s 0/0 -d 8v8.biz -j DROP

As this is client based program but causes hamper for full network you should first tear down the connection of those users who are affected. How do you find out who are affected with such malware.

tcpdump -i eth1 host 8v8.biz

Another way to to keep your network clean (i.e. Host those who are not affected with 8v8.biz will never been attacked.

Change the HOST file and put

127.0.0.1 localhost 8v8.biz * *

You can find the host file in C:\windows\system32\drivers\etc\

After changing this your computer / browser trace 8v8.biz to the localhost so that it won't able to connect to the original server.

_________________
Kiss to all of MY FRIENDS Smile
Back to top View user's profile Send private message
rafiq
Posted: Fri Jan 25, 2008 12:58 am Reply with quote
Joined: 19 Apr 2007 Posts: 85 Location: Dhaka
WHO IS information of 8v8.biz

Domain Name: 8V8.BIZ
Domain ID: D21936042-BIZ
Sponsoring Registrar: ENOM, INC.
Sponsoring Registrar IANA ID: 48
Domain Status: clientTransferProhibited
Registrant ID: 3E4049D279A86834
Registrant Name: zi qiming
Registrant Organization: zi qiming
Registrant Address1: bei jing
Registrant City: beijin
Registrant State/Province: bei
Registrant Postal Code: 529200
Registrant Country: China
Registrant Country Code: CN
Registrant Phone Number: +86.7505582048
Registrant Email: weiyudns@56.com
Administrative Contact ID: 3E4049D279A86834
Administrative Contact Name: zi qiming
Administrative Contact Organization: zi qiming
Administrative Contact Address1: bei jing
Administrative Contact City: beijin
Administrative Contact State/Province: bei
Administrative Contact Postal Code: 529200
Administrative Contact Country: China
Administrative Contact Country Code: CN
Administrative Contact Phone Number: +86.7505582048
Administrative Contact Email: weiyudns@56.com
Billing Contact ID: 3E4049D279A86834
Billing Contact Name: zi qiming
Billing Contact Organization: zi qiming
Billing Contact Address1: bei jing
Billing Contact City: beijin
Billing Contact State/Province: bei
Billing Contact Postal Code: 529200
Billing Contact Country: China
Billing Contact Country Code: CN
Billing Contact Phone Number: +86.7505582048
Billing Contact Email: weiyudns@56.com
Technical Contact ID: 3E4049D279A86834
Technical Contact Name: zi qiming
Technical Contact Organization: zi qiming
Technical Contact Address1: bei jing
Technical Contact City: beijin
Technical Contact State/Province: bei
Technical Contact Postal Code: 529200
Technical Contact Country: China
Technical Contact Country Code: CN
Technical Contact Phone Number: +86.7505582048
Technical Contact Email: weiyudns@56.com
Name Server: DNS5.NAME-SERVICES.COM
Name Server: DNS4.NAME-SERVICES.COM
Name Server: DNS3.NAME-SERVICES.COM
Name Server: DNS2.NAME-SERVICES.COM
Name Server: DNS1.NAME-SERVICES.COM
Created by Registrar: ENOM, INC.
Last Updated by Registrar: ENOM, INC.
Domain Registration Date: Tue Dec 11 10:00:20 GMT 2007
Domain Expiration Date: Wed Dec 10 23:59:59 GMT 2008
Domain Last Updated Date: Tue Dec 11 10:00:25 GMT 2

_________________
Kiss to all of MY FRIENDS Smile
Back to top View user's profile Send private message
avijit
Posted: Wed Feb 13, 2008 6:54 am Reply with quote
Joined: 28 Apr 2007 Posts: 25 Location: Melbourne
Welldone man. Keep it up. .................

_________________
Avijit
Back to top View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger
rafiq
Posted: Wed Feb 13, 2008 1:54 pm Reply with quote
Joined: 19 Apr 2007 Posts: 85 Location: Dhaka
Need others to join with their exp.

Any ONE there ???? Idea

_________________
Kiss to all of MY FRIENDS Smile
Back to top View user's profile Send private message

Display posts from previous:  

All times are GMT + 6 Hours
View next topic
View previous topic
Page 1 of 1
Asian University | Forum of 5th Batch Forum Index  ~  Resource
Post new topic

Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Powered by phpBB // Template by AUB5thCSE