I've got a question of a technical nature

I run System Suite 6 on my PC, and recently I got a message regarding my Firewall. It said that some hostile website was attempting to break into my system, but had been blocked by the SS6 Firewall program. I then went to the Security log, clicked on the IP shown and did a back search.
The name of the organization attempting this security breach blew my mind.

It said that it was Halliburton Corp and gave the address and phone number of the organization.
Thinking this might be a prank, I dialed up the number given on this report, and -lo and behold-I got this pleasant, Texas accented female voice saying , "Thank you for calling Halliburton, How may I help you?"

I am wondering just why in the hell Halliburton would be trying to break into my system. I went through my security logs, and found this had happened numerous times in the past few weeks.

Any idea what this is all about?? I'm really quite curious,and perhaps a bit uncomfortable about this. Since the firewall caught it, I assume they have not gotten into my system yet.
I would appreciate any info or ideas about this.

Thanks:shrug:

Steve:dilemma:

Why wouldn't major corporations try to see what people may be reading about them or their competitors, stored on their computers? I don't think an ethically challenged company would have a problem. Hell, they may be doing it as a proxy for this administration.

Many major companies are, these days, scrimping on IT investment and maintenance. They run with what amounts to skeleton crews that are over-worked and underpaid and who don't have time to get to everything that they know they should do to have a properly running system.

One of the places they scrimp is on security and security audits.

I suspect that either a desktop machine or a server has been comprimised with a bot program. These programs go out and scan ranges of IP addresses for open ports. When they find an open port, they install a clone of itself. In that way, a swarm of bots is made. These bots can be used for DDoS attacks, spam generation and other things.

If you had a "real"(hardware and more sophisticated) firewall, the logs would possably show that just before the attack, the same IP address ran a portscan of your machine.

OrgName: Halliburton Company
OrgID: HALLIB-1
Address: 10200 Bellaire Blvd
City: Houston
StateProv: TX
PostalCode: 77072-5299
Country: US
NetRange: 34.0.0.0 - 34.255.255.255
CIDR: 34.0.0.0/8
NetName: HALLIBURTON
NetHandle: NET-34-0-0-0-1
Parent:
NetType: Direct Assignment
NameServer: A4.NSTLD.COM
NameServer: F4.NSTLD.COM
NameServer: G4.NSTLD.COM
NameServer: H4.NSTLD.COM
NameServer: J4.NSTLD.COM
NameServer: L4.NSTLD.COM
Comment:
RegDate: 1991-03-11
Updated: 2004-05-03
OrgAbuseHandle: IAP2-ARIN
OrgAbuseName: IP Abuse POC
OrgAbusePhone: +1-281-575-3000
OrgAbuseEmail: ipabuse@halliburton.com
OrgTechHandle: DNSAD52-ARIN
OrgTechName: DNSADMIN POC
OrgTechPhone: +1-281-575-3000
OrgTechEmail: dnsadmin@halliburton.com
# ARIN WHOIS database, last updated 2006-04-06 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Done

What the hell are they doing, a private corporation, trying to hack a computer. I don't think you understand, it is my belief you can sue them.

It simply tells us that the IP from which this attack seemed to be coming from was within the Halliburton assigned IP pool. There is a slight possibility that the IP was spoofed.

More likely a bot-comprimed machine. Not as rare as one might think.

Looks like a cloned IP. Similar to receiving spoof e-mails with a legitimate return address.

A computer at Halliburton probably got a trojan that turned it into a zombie. The trojan is propagating itself.

I guess Halliburton does network security as well as they do everything else. :eyes:

I'm not a tecchie myself, but it did make me wonder. With all the noise being made about these guys out there in Bush-land, it just seemed to me to be a bit worrisome.
Sometimes, when they are out to get you, paranoia is just good thinking!!:scared:

Again, thanks for the information. you guys are great!!:toast:

whereas in my case it's always always the Chinese scanning my computer according to my firewall.

dp