Re: unsolicited connection attempts
From: Alun Jones [MSFT] (alunj_at_online.microsoft.com)
Date: 09/08/04
- Next message: mosquito_hippy: "Re: Stolen Laptop"
- Previous message: Ryan: "Adminastration changed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 8 Sep 2004 12:22:04 -0700
Don't forget, also, that there is a benign explanation for a small
percentage of the unsolicited connection attempts hitting your router. It's
possible that a server existed at that IP address, and that port, at some
time in the past, before the IP address became yours.
If you're at an ISP that likes to give out DHCP addresses, and doesn't renew
leases with the same IP address, you'll run into these connections more
frequently - it's a bit like having your phone number changed several times
a day, someone who was cut off in the middle of a call, or remembered
something they forgot to say earlier, will call back, and they'll use the
same number they used earlier, not realising it's been assigned to you now,
instead of the party they were talking to.
Alun.
~~~~
"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:W_MXc.71114$Fg5.25761@attbi_s53...
> Many of these attempts are from zombie computers that are connected to the
internet
> and infected and the owner does not even know it. These computers often
randomly try
> to connect to ranges of internet addresses. I would make sure you at least
weekly do
> a full system scan of your computer with your Norton and make sure it is
updated
> before the scan. I use Norton and Live Update keeps my virus definitions
current
> automatically though I still check at least once a week to make sure. Also
be sure to
> scan ALL of your emails, even those that appear to come from trusted
sources and be
> sure to keep your computer current with Critical Updates at Windows
Updates. If you
> are curious you can lookup ports at the second link below under port
lookup to see
> what it reports for current known common uses of a port though that does
not
> necessarily mean that is why a computer was trying to access your computer
on that
> port. --- Steve
>
> http://www.microsoft.com/athome/security/protect/default.aspx
> http://isc.sans.org//index.php
>
> "p2hvt" <p2hvt@discussions.microsoft.com> wrote in message
> news:74A45738-0CD8-4DFA-BFC4-77BFC2095F92@microsoft.com...
> > Can anyone help me to understand why anyone would want to connect on
port
> > 2074, 1266, 1192 or 1230? I just started using McAfee Personnel Firewall
And
> > last night I looked at my log and I had all these unsolicited connection
> > attempts on the above ports? Any ideas? Is this worm or trojan related?
I
> > use, Norton AV 2003, Spybot SD, Ad-Aware and Spyware Blaster. Prior to
McAfee
> > Firewall I just used the windows built in Firewall, could these attempts
have
> > also been happing prior to my use of McAfee Firewall and I was just
unaware
> > as the Windows firewall does not log/notify you of these attempts? Any
help
> > would be great!! Thanks
>
>
- Next message: mosquito_hippy: "Re: Stolen Laptop"
- Previous message: Ryan: "Adminastration changed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
