RE: Port scan and scvhost overload



Only source addresses of 192.168.x.x are RFC 1918 addresses (private
addresses that are not routable on the Internet). If it was not 192.168.x.x
then it probably came from the Internet. Does their home LAN use a
192.168.x.x address range of is it a 10.x.x.x or 172.16-31.x.x address?

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of reporting4booty@xxxxxxxxx
Sent: Thursday, October 16, 2008 12:26 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Port scan and scvhost overload

My friends Vista operated laptop is receiving attempted entries to ports in
a series, starting with 4756 (at least when I was asked about the pop ups on
their computer). Their Sunbelt firewall pops up with the IP 192.XXX.XX.01.
(I am not with the computer at the moment so I do not remember the exact IP.
I have it written down in another building.) From past experience I get the
impression that all IPs with 192 in the beginning are on your own network.

My friend has two 14 year old twins that spend all day playing XBox and
computer games. I get the impression that they were just messing with their
sibling, pestering them with a ports can for fun. However in the process
list there is around 9 different instances of the svchost.exe process, from
what I was able to find out Before the laptop mysteriously shutdown, the
processes were using services such as plug-in-play and confidential
background transfer services (I am no computer guru, not yet at least, I am
not aware of the full use of Vista's services.).

The siblings all use the same wireless network (Wi-Fi processes found in
process list) in the same house with virtually almost anytime physical
access.

What should I do to pinpoint the cooperate, remove their instillation if I
may call it, and keep them out for next time? Also, is there a way I can
find dump files or something of the sort that will give me a history of what
they have down while in access with the victim laptop? Perhaps I could find
records on their computer(s)?

There are multiple computers in the house that all have access to the
wireless network. 3 laptops and 1 desktop.

Also, if it means anything, while pursuing this suspicion I noticed 2 extra
randomly named networks within access range.



Relevant Pages

  • Re: No connection to internet on wireless
    ... Did you removed recently any Protection software from this laptop?. ... ipconfig /flushdns click ... How to keep others from hijacking your home wireless network ... How to troubleshoot network connectivity problems in Internet Explorer ...
    (microsoft.public.windowsxp.general)
  • Internet connection sharing error 765
    ... on a wireless network, accessing the internet through a wireless ... I want to wire a desktop to it and share internet. ... When I try to enable ICS on the laptop I get error ... My router did ...
    (microsoft.public.windowsxp.network_web)
  • Re: XP SP3 Wireless Issues
    ... I have XP SP3 installed on my laptop. ... I can connect to a wireless network, ... but cannot connect to the Internet. ... This only happend after XP3 was ...
    (microsoft.public.windowsxp.general)
  • Re: internet cafes @ these ports?
    ... of these ports of call: ... Any recommendations for Internet Cafe's at each of the above? ... your laptop on the cruise, ... in St. Maarten and St. Lucia. ...
    (rec.travel.cruises)
  • Re: internet cafes @ these ports?
    ... of these ports of call: ... Any recommendations for Internet Cafe's at each of the above? ... your laptop on the cruise, ... in St. Maarten and St. Lucia. ...
    (rec.travel.cruises)