[Dshield] (no subject)
dshield.org at keithbergen.com
Mon Aug 8 13:56:31 GMT 2005
BL0NDIED0LL at aol.com said:
> After opening an email containing a picture, my firewall zonelabs has been
> targeted wit port scans attacking ports udp 2324,6346 udp 3667 and tcp 6346
> I am not using any gnutella program, any ideas what I should be looking for
> on my computer? I have up to date virus protection, run adaware and spybot,
> come up clean. also what is cosmocall, I find the port information, but
> as to what it is. Any help would be greatly appreciated
My answer applies only if you are on an ISP with a dynamic IP Address.
We have had similar discussions in the past about this type of thing.
Assuming that the picture file was simply a coincidence, if you recently
leased an IP address that the previous "owner" had on a Gnutella service,
then it could literally take days to get your IP out of the "dns" servers
that these types of services use. The longer that the previous "owner" had
that IP and the more files he or she had to share, the more entrenched in the
service he or she became, and the longer it would take to get your IP out of
The quick solution: release and renew (and make certain you get a new IP).
You could also request a static IP from your ISP as a more permanent
solution. Also, I would recommend a hardware NAT router. While that won't
stop the hits, you won't see them in zonelabs, and (if you have inexperienced
users) you won't inadvertently allow a "nasty" in.
I hope this helps.
More information about the list