[Dshield] new mailing list user for an unfortunate reason
oozi at yahoo.com
Tue Jan 14 04:02:25 GMT 2003
I have been watching people bouncing off of my firewall all night - specifically port 3676.
I am running Windows 2000 SP3 on a Toshiba cable modem.
The would-be intruders are @ (w/ number of attacks):
27 188.8.131.52 (Hanoi Vietnam)
21 184.108.40.206 (ATT Broadband)
29 220.127.116.11 194-88-113-108-uma.customer.cableandwireless.be
23 18.104.22.168 24-90-240-249.nyc.rr.com
I did numerous searches on the internet for this specific port, and came up w/ no
vulnerabilities(or known legit programs).
What disturbs me is:
1) The second I login, the notices come up.
2) These 5 addresses have attacked numerous times (ruling out random scanning).
3) Because they are hitting numerous times, I feel like I must have a trojan or something that is
telling them I am here. I have no idea what.
I have run Microsoft Baseline Security Analyzer (highly recommended for all Windows users):
I had a few vulnerabilities (which I attribute to .Net Studio - which has been uninstalled for
months btw), but nothing that I feel should cause attacks on this specific port.
I also first started noticing attacks on this specific port after I installed Avast! (a trojan
scanner) one that I uninstalled immediately (I am still suspicious of that program btw).
Anyways, a lot of information, but hopefully something will stand out for someone. Any ideas?
Many thanks for all help/ opinions in advance,
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
More information about the list