1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

tcp inbound endless attempts?

Discussion in 'Virus & Other Malware Removal' started by jdemnyan1116, Jan 22, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. jdemnyan1116

    jdemnyan1116 Thread Starter

    Joined:
    Mar 18, 2000
    Messages:
    850
    I had something weird happen last night. I have norton firewall and antivirus 2003, used 2002 before. Around 8:45 till 9:45, my firewall kept going off with a high risk inbound tcp. Now, not only did it go on for the whole time, it was non stop. Every 4 to 5 seconds, sometimes every second, i was getting inbound tcp at a high risk. Now, only one or two of the numbers are the same, the rest are all different numbers of the computers. Now when I called my isp, they told me that they could trace the calls but thats about all they could do as there were about 245 hits. They checked out a few and they were from allover the place. One, a highway state maintenance in Alabama? an aol subscriber, and another one from a hotmail in atlanta. Weird, anyway, they said that it might be one of my programs. wouldn't it be the same tcp number if it was? my firewall is set up to automatically allow updates to enter so it should not be that, also they can access whenever, but the above items are monitored before access. Any ideas? suggestions?:confused:
     
  2. Balzac

    Balzac Guest

    Someone was using a scanner and scanned your port holes ;)

    Perfectly legal....however disconcerting it maybe. Probably behind a proxy or using a zombie to do the bidding.

    I wouldn't worry about it.
     
  3. jdemnyan1116

    jdemnyan1116 Thread Starter

    Joined:
    Mar 18, 2000
    Messages:
    850
    Wasn't really worried about it. Firewall stopped it, but it went on for 50 minutes. My firewall said nothing about my ports or backdoors being probbed. Only inbound computer reports.
     
  4. Monstrous Mi

    Monstrous Mi

    Joined:
    Jul 20, 2002
    Messages:
    623
    I would change your IP address. What are you using to connect to the Internet?
     
  5. jdemnyan1116

    jdemnyan1116 Thread Starter

    Joined:
    Mar 18, 2000
    Messages:
    850
    My ISP number changes every time I log on. My isp provider uses a random selection? That's what I was told. My computer number is different every time I log on. Believe me, my firewall keeps track of my log-ons and hits. I use a dial-up modem. It didn't happen last night, or yet today.
     
  6. Monstrous Mi

    Monstrous Mi

    Joined:
    Jul 20, 2002
    Messages:
    623
    In that case, it may have been a onetime occurence.

    It would be interesting to find out if any other customers who use the same ISP as you do experienced the same probes. That would indicate someone was scanning a range of IP addresses and not you specifically.
     
  7. bellgamin

    bellgamin

    Joined:
    Apr 6, 2001
    Messages:
    123
    I sometimes have similar experience, mostly affecting port 137.

    I just kill my connection [dial-up, like yours] & get a new IP. That always kills the problem for a while.
     
  8. jdemnyan1116

    jdemnyan1116 Thread Starter

    Joined:
    Mar 18, 2000
    Messages:
    850
    The wife was just on a few minutes ago and she got hit with about 10. All different. She got fed up and shut it down. Now, I have been on for about 15 minutes now and have not had a single hit. I guess going off the dial-up and then dialing back on is the only way to go. Had 240 hits that night it happened.
     
  9. jdemnyan1116

    jdemnyan1116 Thread Starter

    Joined:
    Mar 18, 2000
    Messages:
    850
    The wife was just on a few minutes ago and she got hit with about 10. All different. She got fed up and shut it down. Now, I have been on for about 15 minutes now and have not had a single hit. I guess going off the dial-up and then dialing back on is the only way to go. Had 240 hits that night it happened.
     
  10. jdemnyan1116

    jdemnyan1116 Thread Starter

    Joined:
    Mar 18, 2000
    Messages:
    850
    When I wrote this problem, I haven't had any problems since. Now, we get that virus running around and am wondering if it was a thing to come? It would of been almost impossible to do anything on the net as long as it was going on. Quite logging on the net after a while but I did save the hits to floppy.
    Thanks for all the advice.
     
  11. TOGG

    TOGG

    Joined:
    Apr 2, 2002
    Messages:
    5,899
    When I got a cluster of hits on my firewall I checked the IANA ports list (http://www.iana.org/assignments/port-numbers) and found that most of the hits were on ports 6346/7 which are the ones assigned to the Gnutella file sharing network.

    As I use a dialup, it is likely that the person who had my IP immediately before me had been file swapping and I was getting contacts meant for him.

    If your firewall provides destination port details you could check and see if your hits were limited to a few ports like mine. If not, then it seems likely that you were being randomly scanned, which is worrying, but at least you know they didn't gain access.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/114792

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice