[Dshield] Strange Behaviour
superc at visuallink.com
Sun Dec 28 17:19:57 GMT 2003
If those port's numbers suddenly showed up on my PC's logs over and over, I
would be very concerned. 184.108.40.206 seems to be the only IP legitimate
connection, is that correct? It is probably good the others were rejected.
Most of the ports seem to be unassigned ports, so attempts to use those
ports in the 27 minutes shown are instantly suspicious. Does your firewall
include a connection log? It would be interesting to learn if there were
any connections to, or from, those IPs that weren't blocked. If so, then
there might be a problem. If you don't have a connection log, then you
might want to test your firewall for leaks at grc.com or similar. If these
attempts show up daily, consider doing a PC AV and anti Trojan scan on your PC.
Subject: [Dshield] Strange Behaviour
From: Glenn Jarvis <gaj at sympatico.ca>
Date: Sat, 27 Dec 2003 13:07:23 -0500
To: list at dshield.org
Should I be concerned with this sudden type of activity?
My advanced apologies if this not an proper post method.
> Freedom® Firewall
> Blocked Packets Log
tcp 220.127.116.11 43811 18.104.22.168 65372 12/27/03 12:32:19PM
tcp 22.214.171.124 37322 126.96.36.199 65372 12/27/03 12:33:08PM
tcp 188.8.131.52 37322 184.108.40.206 65372 12/27/03 12:33:11PM
tcp 220.127.116.11 62535 18.104.22.168 3691 12/27/03 12:33:12PM
tcp 22.214.171.124 80 126.96.36.199 1031 12/27/03 12:33:13PM
tcp 188.8.131.52 62538 184.108.40.206 3691 12/27/03 12:33:14PM
tcp 220.127.116.11 62541 18.104.22.168 3691 12/27/03 12:33:16PM
More information about the list