[Dshield] Re: list Digest, Vol 12, Issue 36
gaj at sympatico.ca
Thu Jan 1 14:11:42 GMT 2004
> Kenneth Coney <superc at visuallink.com>
> If those port's numbers suddenly showed up on my PC's logs over and
> over, I would be very concerned. 220.127.116.11 seems to be the only IP
> legitimate connection, is that correct? It is probably good the others
> were rejected. Most of the ports seem to be unassigned ports, so
> attempts to use those ports in the 27 minutes shown are instantly
> suspicious. Does your firewall include a connection log? It would be
> interesting to learn if there were any connections to, or from, those
> IPs that weren't blocked. If so, then there might be a problem. If you
> don't have a connection log, then you might want to test your firewall
> for leaks at grc.com or similar. If these attempts show up daily,
> consider doing a PC AV and anti Trojan scan on your PC.
My system is scanned every night for virii as well as the database is
updated constantly. So far, everything is clear. I've noticed an severe
increase of probing to ports 135 and 17300. For the past couple of days,
I've been checking the logs (over 13.5MB of them). I spoke to my ISP
about the situation. Their recommendation was to disconnect from the
network and then reconnect. If it presists, to notify their abuse dept.
I told him I had already done this as their reply came back dated as
12/31/69 (needless to say I didn't notice it right away). They asked for
the times of the occurrence, which I had already given them. Basically
speaking, it was a waste of time. Spoke to a friend who is a networking
consultant, and he recommended I use a router instead to replace the
firewall. He mentioned that it would prevent my ip address from being
broadcasted thereby placing me in "stealth mode". I'm wondering though,
since I have little knowledge of the router idea, would I still need a
firewall and just how safe is the router idea?
(Even as I type this, I'm being probed).
Thanks in advance
More information about the list