[Dshield] Re: list Digest, Vol 12, Issue 36

Glenn Jarvis gaj at sympatico.ca
Thu Jan 1 14:11:42 GMT 2004


> From:
> Kenneth Coney <superc at visuallink.com>

> If those port's numbers suddenly showed up on my PC's logs over and 
> over, I would be very concerned.  198.49.161.205 seems to be the only IP 
> legitimate connection, is that correct?  It is probably good the others 
> were rejected.  Most of the ports seem to be unassigned ports, so 
> attempts to use those ports in the 27 minutes shown are instantly 
> suspicious.  Does your firewall include a connection log?  It would be 
> interesting to learn if there were any connections to, or from, those 
> IPs that weren't blocked.  If so, then there might be a problem.  If you 
> don't have a connection log, then you might want to test your firewall 
> for leaks at grc.com or similar.  If these attempts show up daily, 
> consider doing a PC AV and anti Trojan scan on your PC.
My system is scanned every night for virii as well as the database is 
updated constantly. So far, everything is clear. I've noticed an severe 
increase of probing to ports 135 and 17300. For the past couple of days, 
I've been checking the logs (over 13.5MB of them). I spoke to my ISP 
about the situation. Their recommendation was to disconnect from the 
network and then reconnect. If it presists, to notify their abuse dept. 
I told him I had already done this as their reply came back dated as 
12/31/69 (needless to say I didn't notice it right away). They asked for 
the times of the occurrence, which I had already given them. Basically 
speaking, it was a waste of time. Spoke to a friend who is a networking 
consultant, and he recommended I use a router instead to replace the 
firewall. He mentioned that it would prevent my ip address from being 
broadcasted thereby placing me in "stealth mode". I'm wondering though, 
since I have little knowledge of the router idea, would I still need a 
firewall and just how safe is the router idea?
(Even as I type this, I'm being probed).
Thanks in advance
Glenn




More information about the list mailing list