[Dshield] new mailing list user for an unfortunate reason

oozi@yahoo.com oozi at yahoo.com
Tue Jan 14 04:02:25 GMT 2003

I have been watching people bouncing off of my firewall all night - specifically port 3676.

I am running Windows 2000 SP3 on a Toshiba cable modem.

The would-be intruders are @ (w/ number of attacks):
27 (Hanoi Vietnam)
21  (ATT Broadband)
29  194-88-113-108-uma.customer.cableandwireless.be
23   24-90-240-249.nyc.rr.com

I did numerous searches on the internet for this specific port, and came up w/ no
vulnerabilities(or known legit programs).

What disturbs me is:
1) The second I login, the notices come up.
2) These 5 addresses have attacked numerous times (ruling out random scanning).
3) Because they are hitting numerous times, I feel like I must have a trojan or something that is
telling them I am here.  I have no idea what.

I have run Microsoft Baseline Security Analyzer (highly recommended for all Windows users):

I had a few vulnerabilities (which I attribute to .Net Studio - which has been uninstalled for
months btw), but nothing that I feel should cause attacks on this specific port.
I also first started noticing attacks on this specific port after I installed Avast! (a trojan
scanner) one that I uninstalled immediately (I am still suspicious of that program btw).

Anyways, a lot of information, but hopefully something will stand out for someone.  Any ideas?

Many thanks for all help/ opinions in advance,


Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.

More information about the list mailing list