tcp inbound endless attempts?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

jdemnyan1116

Thread Starter
Joined
Mar 18, 2000
Messages
850
I had something weird happen last night. I have norton firewall and antivirus 2003, used 2002 before. Around 8:45 till 9:45, my firewall kept going off with a high risk inbound tcp. Now, not only did it go on for the whole time, it was non stop. Every 4 to 5 seconds, sometimes every second, i was getting inbound tcp at a high risk. Now, only one or two of the numbers are the same, the rest are all different numbers of the computers. Now when I called my isp, they told me that they could trace the calls but thats about all they could do as there were about 245 hits. They checked out a few and they were from allover the place. One, a highway state maintenance in Alabama? an aol subscriber, and another one from a hotmail in atlanta. Weird, anyway, they said that it might be one of my programs. wouldn't it be the same tcp number if it was? my firewall is set up to automatically allow updates to enter so it should not be that, also they can access whenever, but the above items are monitored before access. Any ideas? suggestions?:confused:
 
B

Balzac

Someone was using a scanner and scanned your port holes ;)

Perfectly legal....however disconcerting it maybe. Probably behind a proxy or using a zombie to do the bidding.

I wouldn't worry about it.
 

jdemnyan1116

Thread Starter
Joined
Mar 18, 2000
Messages
850
Wasn't really worried about it. Firewall stopped it, but it went on for 50 minutes. My firewall said nothing about my ports or backdoors being probbed. Only inbound computer reports.
 

jdemnyan1116

Thread Starter
Joined
Mar 18, 2000
Messages
850
My ISP number changes every time I log on. My isp provider uses a random selection? That's what I was told. My computer number is different every time I log on. Believe me, my firewall keeps track of my log-ons and hits. I use a dial-up modem. It didn't happen last night, or yet today.
 
Joined
Jul 20, 2002
Messages
623
In that case, it may have been a onetime occurence.

It would be interesting to find out if any other customers who use the same ISP as you do experienced the same probes. That would indicate someone was scanning a range of IP addresses and not you specifically.
 
Joined
Apr 6, 2001
Messages
123
I sometimes have similar experience, mostly affecting port 137.

I just kill my connection [dial-up, like yours] & get a new IP. That always kills the problem for a while.
 

jdemnyan1116

Thread Starter
Joined
Mar 18, 2000
Messages
850
The wife was just on a few minutes ago and she got hit with about 10. All different. She got fed up and shut it down. Now, I have been on for about 15 minutes now and have not had a single hit. I guess going off the dial-up and then dialing back on is the only way to go. Had 240 hits that night it happened.
 

jdemnyan1116

Thread Starter
Joined
Mar 18, 2000
Messages
850
The wife was just on a few minutes ago and she got hit with about 10. All different. She got fed up and shut it down. Now, I have been on for about 15 minutes now and have not had a single hit. I guess going off the dial-up and then dialing back on is the only way to go. Had 240 hits that night it happened.
 

jdemnyan1116

Thread Starter
Joined
Mar 18, 2000
Messages
850
When I wrote this problem, I haven't had any problems since. Now, we get that virus running around and am wondering if it was a thing to come? It would of been almost impossible to do anything on the net as long as it was going on. Quite logging on the net after a while but I did save the hits to floppy.
Thanks for all the advice.
 
Joined
Apr 2, 2002
Messages
5,945
When I got a cluster of hits on my firewall I checked the IANA ports list (http://www.iana.org/assignments/port-numbers) and found that most of the hits were on ports 6346/7 which are the ones assigned to the Gnutella file sharing network.

As I use a dialup, it is likely that the person who had my IP immediately before me had been file swapping and I was getting contacts meant for him.

If your firewall provides destination port details you could check and see if your hits were limited to a few ports like mine. If not, then it seems likely that you were being randomly scanned, which is worrying, but at least you know they didn't gain access.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top