[Dshield] Strange Behaviour
superc at visuallink.com
Sun Dec 28 17:19:57 GMT 2003
If those port's numbers suddenly showed up on my PC's logs over and over, I
would be very concerned. 22.214.171.124 seems to be the only IP legitimate
connection, is that correct? It is probably good the others were rejected.
Most of the ports seem to be unassigned ports, so attempts to use those
ports in the 27 minutes shown are instantly suspicious. Does your firewall
include a connection log? It would be interesting to learn if there were
any connections to, or from, those IPs that weren't blocked. If so, then
there might be a problem. If you don't have a connection log, then you
might want to test your firewall for leaks at grc.com or similar. If these
attempts show up daily, consider doing a PC AV and anti Trojan scan on your PC.
Subject: [Dshield] Strange Behaviour
From: Glenn Jarvis <gaj at sympatico.ca>
Date: Sat, 27 Dec 2003 13:07:23 -0500
To: list at dshield.org
Should I be concerned with this sudden type of activity?
My advanced apologies if this not an proper post method.
> Freedom® Firewall
> Blocked Packets Log
tcp 126.96.36.199 43811 188.8.131.52 65372 12/27/03 12:32:19PM
tcp 184.108.40.206 37322 220.127.116.11 65372 12/27/03 12:33:08PM
tcp 18.104.22.168 37322 22.214.171.124 65372 12/27/03 12:33:11PM
tcp 126.96.36.199 62535 188.8.131.52 3691 12/27/03 12:33:12PM
tcp 184.108.40.206 80 220.127.116.11 1031 12/27/03 12:33:13PM
tcp 18.104.22.168 62538 22.214.171.124 3691 12/27/03 12:33:14PM
tcp 126.96.36.199 62541 188.8.131.52 3691 12/27/03 12:33:16PM
More information about the list