[Dshield] new mailing list user for an unfortunate reason

oozi@yahoo.com oozi at yahoo.com
Tue Jan 14 04:02:25 GMT 2003


I have been watching people bouncing off of my firewall all night - specifically port 3676.

I am running Windows 2000 SP3 on a Toshiba cable modem.

The would-be intruders are @ (w/ number of attacks):
27     203.162.0.249 (Hanoi Vietnam)
21     24.130.173.64  (ATT Broadband)
29 194.88.113.108  194-88-113-108-uma.customer.cableandwireless.be
23     24.90.240.249   24-90-240-249.nyc.rr.com
10     207.168.37.9

I did numerous searches on the internet for this specific port, and came up w/ no
vulnerabilities(or known legit programs).

What disturbs me is:
1) The second I login, the notices come up.
2) These 5 addresses have attacked numerous times (ruling out random scanning).
3) Because they are hitting numerous times, I feel like I must have a trojan or something that is
telling them I am here.  I have no idea what.

I have run Microsoft Baseline Security Analyzer (highly recommended for all Windows users):
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/MBSAhome.asp

I had a few vulnerabilities (which I attribute to .Net Studio - which has been uninstalled for
months btw), but nothing that I feel should cause attacks on this specific port.
I also first started noticing attacks on this specific port after I installed Avast! (a trojan
scanner) one that I uninstalled immediately (I am still suspicious of that program btw).

Anyways, a lot of information, but hopefully something will stand out for someone.  Any ideas?

Many thanks for all help/ opinions in advance,

David

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




More information about the list mailing list