[Dshield] Strange Behaviour

Kenneth Coney superc at visuallink.com
Sun Dec 28 17:19:57 GMT 2003

If those port's numbers suddenly showed up on my PC's logs over and over, I 
would be very concerned. seems to be the only IP legitimate 
connection, is that correct?  It is probably good the others were rejected. 
  Most of the ports seem to be unassigned ports, so attempts to use those 
ports in the 27 minutes shown are instantly suspicious.  Does your firewall 
include a connection log?  It would be interesting to learn if there were 
any connections to, or from, those IPs that weren't blocked.  If so, then 
there might be a problem.  If you don't have a connection log, then you 
might want to test your firewall for leaks at grc.com or similar.  If these 
attempts show up daily, consider doing a PC AV and anti Trojan scan on your PC.

Subject: [Dshield] Strange Behaviour
From: Glenn Jarvis <gaj at sympatico.ca>
Date: Sat, 27 Dec 2003 13:07:23 -0500
To: list at dshield.org

Should I be concerned with this sudden type of activity?
My advanced apologies if this not an proper post method.

 > Freedom® Firewall
 > Blocked Packets Log
tcp    43811    65372  12/27/03 12:32:19PM
tcp    37322    65372  12/27/03 12:33:08PM
tcp    37322    65372  12/27/03 12:33:11PM
tcp    62535    3691  12/27/03 12:33:12PM
tcp    80    1031    12/27/03 12:33:13PM
tcp    62538    3691  12/27/03 12:33:14PM
tcp    62541    3691  12/27/03 12:33:16PM

More information about the list mailing list