Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
My Zone Alarm has recorded over 32,000 attempts in the last 48 hrs. The majority of the hits seem to be aimed at tcp port 16358 and are coming from one IP on the east coast. Is this cause for concern?
Robert
Get details and look at the the given address. It may be your own isp thich sends data packets on regular basis. If you really feel froggy, type the IP numbers into the address bar and see where you land. Frank
0 
I stand corrected. May be hacker or something else then. Probably a spyware. Do you have spybot,adaware or spywareblaster? Frank (ps= keep in mind, I'm a rookie)
0
These are Intrusions attempts, not attempts to get out of my computer. I have already ran hijack this and checked....... It is not a spyware or an adware problem.
Robert
0
Got me. Kevin or somebody smart will have to help on this one. Sorry. Frank ps Did you go to the site?
0
Yes I did go to the site. It is Cox Cable based in Atlanta. Their abuse department has been absolutely ZERO help. Thank you for trying Frank.
Robert
0
If you have any doubts about your comp safety, McAfee has a security link on it's homepage to a group of 'hackers' who will at request try to hack you. Ive used that site and another somewhere to test my unit. It's free and can give you peace of mind, or not if you have a leak. Might want to try it out.
Wish I could've given you real help before. Frank
0
hacherwatch.org. It was on a dell/Mcafee page.copy and paste http://www.hackerwatch.org/probe/?affid=105-01&langid=1
0
Have you done a virus scan...
There is a virus, I believe its called w32.welchia.worm that is a RPC worm that attacks your firewall...
Norton has a removal tool for it...
0
Did this only start recently; or have you just picked up on it by close observation?
Posting a log line from ZA here may help.
The details may show up something >>what services are involved with that port.
Check out what type of packets are being transmitted: ICMP, TCP, UDP.....
Do a bit of research on whois. Do some packet sniffing and find out exactly what the data and information detail for each packet is…
Ethereal
http://www.ethereal.com/
It may all be nothing or nothing exciting – often isn’t,
But good luck with it.
0
They are all TCP and they are aimed (is that the right term) at Port 16358. The majority of the hits are coming from 68.227.132.19. which is cox.net. I hope that is more of an explanation. There are over 34000 log entries in the last 48 hrs so I wont bore you with that. If you would like a sample, let me know how much of a sample you would like.
Thank You,
Robert
0
FWIN,2003/12/14,18:48:52 -7:00 GMT,68.227.132.19:3961,209.89.237.120:16358,TCP (flags:S)
FWIN,2003/12/14,18:48:52 -7:00 GMT,68.227.132.19:3962,209.89.237.120:16358,TCP (flags:S)
0
Zone Alarm is reporting these as an intrusion, right? It isn’t just silently blocking packets from this IP, and recording them in a log, where they dominate the log book… What is that exact notification from ZA?
hmmm,
NO Trojans are listed for that port which is reassuring.
http://www.doshelp.com/trojanports.htmYou could do a Shields Up! online port scan on that port to check it is stealthed /blocked, and not just closed. They have a user specified custom port probe.
http://grc.com/default.htm
And also sensible is an SOS Trojan scan from Sygate Online services, which scans all 65000 ports in case a Trojan is holed up in one of them.
Both these port scans will be regarded by your firewall as ‘Intrusions‘ and should alert you to them.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
