Re: Am I attacked ?
From: Psyko Niko (nico.bagnati_at_*enlever)
Date: 03/31/04
- Next message: Toya: ""Disable logging" in NIS"
- Previous message: JB: "Re: Zone Alarm & DSL"
- In reply to: Zebedee: "Re: Am I attacked ?"
- Next in thread: NeoSadist: "Re: Am I attacked ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 31 Mar 2004 22:51:53 +0200
English will be ok, I'll translate better than a machine ( but thanks for
the care ) ;-)
Have looked closer to my log, and have noticed some more intriguing things
...
1) The same IP is STILL trying to connect right now. I forgot to mention ( I
hadn't realized in fact ) that it tries different remote ports, but same
local port ( this is MY port, isn't it ? ), number 3049.
2) I have noticed the same important traffic from another IP in Belgium, but
with two differences : earlier today, it tried to connect from various (
found no logic ) TCP ports, to various ports, and it wasn't blocked !?!
Now, new statments, new questions :
1) In the first case, do you think I should report ( I mean is that what you
would call persistance ) ?
2) What should I do about that belgium intrusion ( report ? check for
viruses or deleted files ? check for troyans ? ) and why the hell wasn't it
blocked ? ( I haven't set any special rule apart from blocking/allowing some
applications, and my log does not indicate any application responsible for
the connection )
Please, anyone, give me some good news :-s
-- Psyko Niko "Zebedee" <abuse@127.0.0.1> a écrit dans le message de news:406b2b1a$0$7850$afc38c87@news.ukonline.co.uk... > If it's that many, all from the same IP, it's likely that the user is either > a student doing some hacking in his spare time or they have an infected > machine. It might be best to report this to the administrator of the > university network. > > Generally, unless there's persistance in port scanning then there's no point > in bothering network admins. Rest assured though that your firewall has > blocked those connection attempts :) > > And now in French :) > > Si c'est que beaucoup, tous du même IP, il est probable que l'utilisateur > soit ou un étudiant en faisant qui entaille dans son temps disponible ou > elles ont une machine infectée. Elle pourrait être la meilleure pour > rapporter ceci à l'administrateur du réseau d'université. > Généralement, à moins qu'il y ait de persistance dans le balayage gauche > puis là n'est aucun point dans les admins de tracassement de réseau. Le > repos s'est assuré cependant que votre mur à l'épreuve du feu a bloqué ces > tentatives de raccordement :) > Et maintenant en français :) > > > -- > Yours > > Zebedee > > (Claiming asylum in an attempt > to escape paying his debts to > Dougal and Florence) > > > > "Psyko Niko" <nico.bagnati@*enlever ca*magic.fr> wrote in message > news:c4f8nt$riu$1@news-reader5.wanadoo.fr... > > First, hello to everybody here since this is my first post. > > My problem ( if it's a problem ) is the following : > > > > I am running Sysgate Personal Firewall, and I noticed something unusual > > today. > > Within an hour, my traffic log indicated about 250 incoming connections > > blocked, all of them from the same IP ( an american university ). > > It tried to connect to differents TCP ports, changing each time after 5-6 > > tries, ranging from 52392 to 54727. > > > > Now, about myself, I live in France, have a DSL connection and ( I admit ) > > am running a P2P app. > > English is not my native language ( but I can deal with it ) and I'm an > > amateur when it comes to computers ( and a real newbie when it comes to > > firewalls and security ) > > > > The question is : is this a current situation, or does someone really is > > trying to hack my computer ? And in this case, since SPF blocked every > > connection, do I have to worry about it and report it to any kind of > > authority, or create some specific rule for that IP ? > > > > Thanx to anyone willing to spend some time with me. > > > > -- > > > > Psyko Niko > > > > > > > > > > > >
- Next message: Toya: ""Disable logging" in NIS"
- Previous message: JB: "Re: Zone Alarm & DSL"
- In reply to: Zebedee: "Re: Am I attacked ?"
- Next in thread: NeoSadist: "Re: Am I attacked ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
