Re: Ports getting hammered?


"Somebody." <somebody.@xxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:kzvuf.8299$43.4307@xxxxxxxxxxxxxxx!nnrp1.uunet.ca...
>
> "SHRED" <noone@xxxxxxxxxxx> wrote in message
> news:7Aduf.6614$JT.1576@xxxxxxxxxxxxx
>> Duane Arnold wrote:
>>> "SHRED" <noone@xxxxxxxxxxx> wrote in message
>>> news:baduf.6609$JT.1968@xxxxxxxxxxxxx
>>>
>>>>Duane Arnold wrote:
>>>>
>>>>>"SHRED" <noone@xxxxxxxxxxx> wrote in message
>>>>>news:vLcuf.6541$JT.5496@xxxxxxxxxxxxx
>>>>>
>>>>>
>>>>>>I no very little about firewalls.
>>>>>>My setup:
>>>>>>
>>>>>>Cable access
>>>>>>4 port SMC Barricade Router
>>>>>>2 computers
>>>>>>
>>>>>>
>>>>>>I recently installed ZoneAlarm and it is blocking attempts at port
>>>>>>access.
>
>
>> 7664703 Packet DROPPED: Proto: IP_UDP Flags: 0x0000000a Src:
>> 218.19.119.233 Dest: 192.168.123.143 SrcPort: 23421 DstPort: 1689
>>
>
> Something on your machine is attempting to connect out over the port most
> commonly used for IMAP, a mail protocol.
>
> Probably some spyware calling home.
>
> Your ZA is blocking it, but it's there, and operating.
>
> It may be successfully connecting out on other ports.
>
> Your SMC is likely not configured to block any outbound connections.
>
> -Russ.

How is that possible? The log clearly indicates unsolicited inbound packets
are being dropped. Please explain to me how any PFW or any FW solution knows
that dubious outbound traffic is be sent from a machine and the it's going
to make some decision to start blocking outbound, because something is
phoning home? If the malware running on the machine solicited the traffic
from the remote IP, the PFW is not stopping anything.

Duane :)


.

Relevant Pages

  • Re: Will Exchange using nonstandard port cause problems with Sharepoint?
    ... about changing the std outbound port of Exchange. ... 'SmallBusiness SMTP Connector'. ... Next, click on the Advanced tab, then Outbound Security,, then Basic ...
    (microsoft.public.windows.server.sbs)
  • RE: Unable to print on ports 9100/515
    ... Is the protocol definition for outbound on port 9100 and 515 actually trying ... > the detailed steps to publish a TCP/IP network printer through ISA, ... > 306071 How to Publish a TCP/IP Printer Behind ISA Server ...
    (microsoft.public.windows.server.sbs)
  • Re: Outbound ports
    ... Destination Port 80 outbound ... I would never allow more than port ... >resource need) (or inbound for the DMZ). ... arguing that you meant "outbound from the WAN to the DMZ"? ...
    (comp.security.firewalls)
  • Re: [Newbie alert!] Is the Linksys BEFSX41 hardware Firewall/router a "real" firewall?
    ... there is very little that a real firewall appliance will ... ALL inbound and outbound traffic in real time - a simple KVM switch will ... outbound SMTP then it can spam all it wants. ... Private Ports in some versions - where you can list port ranges to block ...
    (comp.security.firewalls)
  • Re: IPSec policie is not working like it should
    ... outbound have to be enabled. ... > I'm not sure how you can force all your traffic to go out a single port. ... > Almost all of your applications are going to be given dynamic outbound ... Outgoing mail is certified Virus Free. ...
    (microsoft.public.windows.server.networking)