[Dshield] Strange Behaviour

Kenneth Coney superc at visuallink.com
Sun Dec 28 17:19:57 GMT 2003


If those port's numbers suddenly showed up on my PC's logs over and over, I 
would be very concerned.  198.49.161.205 seems to be the only IP legitimate 
connection, is that correct?  It is probably good the others were rejected. 
  Most of the ports seem to be unassigned ports, so attempts to use those 
ports in the 27 minutes shown are instantly suspicious.  Does your firewall 
include a connection log?  It would be interesting to learn if there were 
any connections to, or from, those IPs that weren't blocked.  If so, then 
there might be a problem.  If you don't have a connection log, then you 
might want to test your firewall for leaks at grc.com or similar.  If these 
attempts show up daily, consider doing a PC AV and anti Trojan scan on your PC.

Subject: [Dshield] Strange Behaviour
From: Glenn Jarvis <gaj at sympatico.ca>
Date: Sat, 27 Dec 2003 13:07:23 -0500
To: list at dshield.org

Should I be concerned with this sudden type of activity?
My advanced apologies if this not an proper post method.

 > Freedom® Firewall
 > Blocked Packets Log
<snip>
tcp    69.31.85.227    43811    67.70.197.215    65372  12/27/03 12:32:19PM
tcp    69.31.85.229    37322    67.70.197.215    65372  12/27/03 12:33:08PM
tcp    69.31.85.229    37322    67.70.197.215    65372  12/27/03 12:33:11PM
tcp    68.49.155.115    62535    67.70.197.215    3691  12/27/03 12:33:12PM
tcp    198.49.161.205    80    67.70.197.215    1031    12/27/03 12:33:13PM
tcp    68.49.155.115    62538    67.70.197.215    3691  12/27/03 12:33:14PM
tcp    68.49.155.115    62541    67.70.197.215    3691  12/27/03 12:33:16PM
snip






More information about the list mailing list