OT. Question toTechies re firewall

Commander Jamieson · Post by **Commander Jamieson** » Thu, 14. Nov 02, 22:53

Can someone in the know explain to me these alerts I get from one of my firewalls regularily? I edited my own IP out of this log extract of over one hour's of alerts today. The last number in each line is the port number, does this mean someone is looking for open ports when I am online? I know some of the alerts are pings from either my own INet Provider or Hotmail or MS Messenger or one of the carriers I travel through but what about the others?
Sometimes I might get a couple of hundred alerts over a 2-3 hour period from mostly different IP addresses and trying to access a wide range of ports. Some are even asking for a port list. I also have several security programs running, for example a port listing telling me what is going through each port while online. Either IN or OUT. I checked also with WhoIs some of these IP numbers, some I get an idea who they are, some I don't.
Any of you Admins working for corporations or knowing about these things got any idea? I am not worried I will be breached but I would still like to know what is going on.
I also scan my PC regulary for viruses, trojans etc with anti virus software and with other security software. As well as doing regular port scans or probes myself to see if any ports are open which should not be open.
I also noticed if I log on to the INet at times I normally do not log on the alert list count is very low but as soon as I post here in any of the forums or the regular time I normally start to browse the INet, the alert frequencies increase. Would this be just a coincidence?
.

FWIN,2002/11/15,05:47:30 +9:30 GMT,80.33.206.86:14666,UDP
FWIN,2002/11/15,05:48:38 +9:30 GMT,168.234.145.36:1028,UDP
FWIN,2002/11/15,05:49:36 +9:30 GMT,213.6.254.242:1030,,UDP
FWIN,2002/11/15,05:54:06 +9:30 GMT,4.47.246.105:1036,,UDP
FWIN,2002/11/15,05:54:48 +9:30 GMT,148.223.217.164:1032,,UDP
FWIN,2002/11/15,05:56:44 +9:30 GMT,61.35.93.91:1039,UDP
FWIN,2002/11/15,05:57:05 +9:30 GMT,200.204.149.76:1036,,UDP
FWIN,2002/11/15,05:58:07 +9:30 GMT,216.139.109.89:1027,,UDP
FWIN,2002/11/15,06:00:40 +9:30 GMT,209.91.155.150:1026,,UDP
FWIN,2002/11/15,06:03:52 +9:30 GMT,213.168.122.118:1065,,UDP
FWIN,2002/11/15,06:08:30 +9:30 GMT,202.125.146.56:1028,,UDP
FWIN,2002/11/15,06:08:56 +9:30 GMT,149.225.88.128:1029,,UDP
FWIN,2002/11/15,06:09:52 +9:30 GMT,66.122.17.207:1026,,UDP
FWIN,2002/11/15,06:11:36 +9:30 GMT,218.163.205.183:1027,UDP
FWIN,2002/11/15,06:12:18 +9:30 GMT,200.148.38.124:1028,,UDP
FWIN,2002/11/15,06:13:10 +9:30 GMT,61.81.82.40:1033,UDP
FWIN,2002/11/15,06:15:19 +9:30 GMT,211.228.96.89:1027,UDP
FWIN,2002/11/15,06:17:49 +9:30 GMT,210.168.225.164:10992,UDP
FWIN,2002/11/15,06:26:51 +9:30 GMT,208.180.233.49:1081,,UDP
FWIN,2002/11/15,06:28:13 +9:30 GMT,24.82.51.238:1028,UDP
FWIN,2002/11/15,06:30:07 +9:30 GMT,65.120.98.56:1027,UDP
FWIN,2002/11/15,06:36:30 +9:30 GMT,213.8.185.116:1026,UDP
FWIN,2002/11/15,06:38:51 +9:30 GMT,207.115.185.67:1025,UDP
FWIN,2002/11/15,06:39:02 +9:30 GMT,216.93.124.160:1040,UDP
FWIN,2002/11/15,06:39:09 +9:30 GMT,148.215.14.8:1028,UDP
FWIN,2002/11/15,06:43:33 +9:30 GMT,165.128.66.67:1027,,UDP
FWIN,2002/11/15,06:43:59 +9:30 GMT,66.141.246.101:1028,UDP
FWIN,2002/11/15,06:45:13 +9:30 GMT,209.53.210.186:1025,,UDP
FWIN,2002/11/15,06:46:24 +9:30 GMT,80.83.35.11:1027,UDP
FWIN,2002/11/15,06:49:45 +9:30 GMT,202.217.76.12:1026,UDP
FWIN,2002/11/15,06:52:31 +9:30 GMT,80.198.57.85:1025,UDP
FWIN,2002/11/15,06:53:35 +9:30 GMT,200.17.87.130:1026,UDP
FWIN,2002/11/15,06:56:27 +9:30 GMT,67.68.108.39:1029,UDP
FWIN,2002/11/15,06:57:44 +9:30 GMT,148.224.200.21:1027,UDP
FWIN,2002/10/18,07:08:32 +9:30 GMT,65.135.22.14:1025,UDP
FWIN,2002/10/18,07:16:39 +9:30 GMT,61.175.140.189:1025,,UDP
FWIN,2002/10/18,07:25:22 +9:30 GMT,63.214.123.29:1026,,UDP
FWIN,2002/10/18,07:25:52 +9:30 GMT,209.216.84.184:1026,,UDP
FWIN,2002/10/18,07:32:47 +9:30 GMT,200.240.172.6:1025,UDP
FWIN,2002/10/18,07:40:17 +9:30 GMT,205.172.173.185:1065,UDP
FWIN,2002/10/18,07:50:10 +9:30 GMT,61.77.65.5:1025,UDP
FWIN,2002/10/18,08:06:46 +9:30 GMT,211.230.224.15:1025,UDP
FWIN,2002/10/18,08:07:20 +9:30 GMT,208.169.76.76:1027,UDP
FWIN,2002/10/18,08:10:10 +9:30 GMT,200.44.17.243:1025,UDP
FWIN,2002/10/18,08:15:23 +9:30 GMT,80.50.47.131:1025,UDP
FWIN,2002/10/18,08:16:53 +9:30 GMT,80.144.70.226:1026,UDP
FWIN,2002/10/23,06:15:03 +9:30 GMT,62.253.130.219:1025,UDP
FWIN,2002/10/23,06:25:37 +9:30 GMT,202.164.39.81:1026,UDP
FWIN,2002/10/23,06:29:49 +9:30 GMT,212.95.90.162:1025,UDP
FWIN,2002/10/23,06:48:07 +9:30 GMT,207.249.181.149:38855,UDP
FWIN,2002/10/23,06:50:46 +9:30 GMT,195.68.95.22:21,TCP (flags:SF)
FWIN,2002/10/23,07:02:33 +9:30 GMT,212.46.37.123:1025,UDP
FWIN,2002/10/23,07:14:37 +9:30 GMT,67.17.8.40:1044,UDP
FWIN,2002/10/23,07:15:42 +9:30 GMT,211.63.232.116:1026,UDP
FWIN,2002/10/23,07:24:31 +9:30 GMT,65.163.1.201:1028,UDP
FWIN,2002/10/23,07:28:02 +9:30 GMT,217.185.190.105:1025,UDP
FWIN,2002/10/23,07:44:50 +9:30 GMT,67.113.106.200:1028,UDP
FWIN,2002/10/23,07:47:23 +9:30 GMT,62.83.185.169:1025,UDP
FWIN,2002/10/29,05:02:14 +9:30 GMT,68.153.197.52:1028,UDP
FWIN,2002/10/29,05:09:10 +9:30 GMT,200.158.75.42:1026,UDP
FWIN,2002/10/29,05:22:48 +9:30 GMT,200.17.224.100:1026,UDP
FWIN,2002/10/30,06:36:33 +9:30 GMT,200.72.141.238:1025,UDP
FWIN,2002/10/30,06:39:46 +9:30 GMT,24.232.20.137:21026,UDP
FWIN,2002/10/30,06:43:24 +9:30 GMT,217.2.158.186:1028,UDP
FWIN,2002/10/30,06:44:45 +9:30 GMT,200.68.38.86:1054,UDP
FWIN,2002/10/30,06:52:02 +9:30 GMT,65.69.89.204:1026,UDP
FWIN,2002/10/30,07:01:00 +9:30 GMT,162.39.169.62:1036,UDP
FWIN,2002/10/30,07:01:44 +9:30 GMT,150.186.47.10:1027,UDP
FWIN,2002/10/30,07:05:08 +9:30 GMT,218.160.8.61:1027,UDP
FWIN,2002/10/30,07:06:11 +9:30 GMT,200.190.38.170:1031,UDP
FWIN,2002/10/30,07:07:20 +9:30 GMT,208.187.51.246:1026,UDP
FWIN,2002/10/30,07:07:58 +9:30 GMT,213.22.126.163:1052,,UDP
FWIN,2002/10/30,07:11:15 +9:30 GMT,129.229.50.171:1033,UDP
FWIN,2002/10/30,07:16:57 +9:30 GMT,65.68.150.159:1031,UDP
FWIN,2002/10/30,07:23:53 +9:30 GMT,211.220.79.22:1025,UDP
FWIN,2002/10/30,07:24:24 +9:30 GMT,66.98.79.98:1029,UDP
FWIN,2002/10/30,07:25:42 +9:30 GMT,141.157.211.157:1027,UDP
FWIN,2002/10/30,07:25:51 +9:30 GMT,200.66.97.254:22777,UDP
FWIN,2002/10/30,07:27:47 +9:30 GMT,66.81.54.195:1026,UDP
FWIN,2002/10/30,07:46:11 +9:30 GMT,200.89.37.240:1026,UDP
FWIN,2002/10/30,07:48:43 +9:30 GMT,212.242.112.250:10011,UDP
FWIN,2002/10/30,07:58:12 +9:30 GMT,200.164.21.10:1028,UDP
FWIN,2002/10/30,08:11:59 +9:30 GMT,159.134.210.113:1025,UDP
FWIN,2002/10/30,08:15:55 +9:30 GMT,211.219.8.158:1037,UDP
FWIN,2002/10/30,08:20:50 +9:30 GMT,160.39.138.163:1027,UDP
FWIN,2002/10/30,08:29:03 +9:30 GMT,200.45.189.104:1084,UDP
FWIN,2002/10/30,08:37:57 +9:30 GMT,148.221.27.179:1024,UDP
FWIN,2002/10/30,08:42:27 +9:30 GMT,12.158.67.33:1027,UDP
FWIN,2002/10/30,08:49:36 +9:30 GMT,66.76.150.164:1027,UDP
FWIN,2002/10/30,08:56:23 +9:30 GMT,61.16.33.226:34593,TCP (flags:S)
FWIN,2002/10/30,09:09:06 +9:30 GMT,63.75.237.7:1033,UDP
FWIN,2002/10/30,09:24:41 +9:30 GMT,65.33.250.202:1025,UDP
FWIN,2002/10/30,09:41:25 +9:30 GMT,68.155.176.196:1029,UDP
FWIN,2002/10/30,09:42:35 +9:30 GMT,211.167.20.73:1027,UDP
FWIN,2002/10/30,09:44:37 +9:30 GMT,63.51.87.203:1027,UDP
FWIN,2002/10/30,09:54:06 +9:30 GMT,200.223.79.235:1025,UDP
FWIN,2002/10/30,09:56:21 +9:30 GMT,217.39.161.174:1024,UDP
FWIN,2002/10/30,10:06:21 +9:30 GMT,4.65.246.59:1027,UDP
FWIN,2002/10/30,10:17:30 +9:30 GMT,68.154.70.230:1027,UDP
FWIN,2002/10/30,10:37:00 +9:30 GMT,63.231.148.23:50000,UDP
FWIN,2002/10/30,10:40:11 +9:30 GMT,68.14.48.60:1027,UDP
FWIN,2002/10/30,10:42:55 +9:30 GMT,211.159.26.195:22,TCP (flags:S)
FWIN,2002/11/01,06:07:26 +9:30 GMT,62.136.213.105:1026,UDP
FWIN,2002/11/01,06:12:44 +9:30 GMT,200.158.80.55:1029,UDP
FWIN,2002/11/01,06:17:37 +9:30 GMT,64.178.109.190:1029,UDP
FWIN,2002/11/01,06:23:05 +9:30 GMT,200.81.31.154:1026,UDP
FWIN,2002/11/01,06:23:56 +9:30 GMT,63.195.212.230:1027,UDP
FWIN,2002/11/01,06:24:30 +9:30 GMT,200.34.87.82:1066,UDP
FWIN,2002/11/01,06:24:30 +9:30 GMT,200.39.123.202:1033,UDP
FWIN,2002/11/01,06:27:17 +9:30 GMT,209.88.133.231:1025,UDP
FWIN,2002/11/01,06:28:34 +9:30 GMT,12.250.0.64:1024,UDP
FWIN,2002/11/01,06:31:28 +9:30 GMT,64.8.70.202:1026,UDP
FWIN,2002/11/01,06:33:00 +9:30 GMT,207.168.246.226:1025,UDP
FWIN,2002/11/01,06:39:31 +9:30 GMT,63.110.225.193:45142,UDP
FWIN,2002/11/01,06:40:04 +9:30 GMT,148.76.67.22:1027,UDP
FWIN,2002/11/01,06:43:49 +9:30 GMT,218.27.106.58:1028,UDP
FWIN,2002/11/01,06:46:13 +9:30 GMT,66.236.81.172:1026,UDP
FWROUTE,2002/11/02,06:06:37 +9:30 GMT,203.220.233.201:3015,UDP
FWIN,2002/11/02,06:08:19 +9:30 GMT,200.200.80.211:1027,UDP
FWIN,2002/11/09,07:15:42 +9:30 GMT,211.97.179.108:4909,TCP (flags:S)
FWIN,2002/11/09,07:16:20 +9:30 GMT,131.164.240.85:1025,UDP
FWIN,2002/11/09,07:20:11 +9:30 GMT,200.80.139.116:1026,UDP
FWIN,2002/11/09,07:25:06 +9:30 GMT,148.243.103.205:1028,UDP
FWIN,2002/11/09,07:26:20 +9:30 GMT,207.69.113.231:1034,UDP
FWIN,2002/11/09,07:40:18 +9:30 GMT,206.29.145.8:1026,UDP
FWIN,2002/11/09,07:41:02 +9:30 GMT,218.43.66.231:32775,UDP
FWIN,2002/11/09,07:42:52 +9:30 GMT,62.151.115.89:1026,UDP
FWIN,2002/11/09,07:44:06 +9:30 GMT,148.233.201.134:1026,UDP
FWIN,2002/11/09,07:45:18 +9:30 GMT,164.119.56.7:1027,UDP
FWIN,2002/11/09,07:46:41 +9:30 GMT,166.82.235.36:1025,UDP
FWIN,2002/11/09,07:48:41 +9:30 GMT,206.96.67.245:1041,UDP
FWIN,2002/11/09,07:49:08 +9:30 GMT,218.223.102.92:1028,UDP
FWIN,2002/11/09,07:50:59 +9:30 GMT,61.252.20.25:1029,UDP
FWIN,2002/11/09,07:56:22 +9:30 GMT,66.167.203.106:1028,UDP
FWIN,2002/11/09,07:58:08 +9:30 GMT,200.204.77.103:1128,UDP
FWIN,2002/11/09,08:00:48 +9:30 GMT,213.99.64.183:1026,UDP
FWIN,2002/11/09,08:03:41 +9:30 GMT,80.104.50.135:1025,UDP
FWIN,2002/11/09,08:07:23 +9:30 GMT,66.190.109.187:1028,UDP
FWIN,2002/11/09,08:12:26 +9:30 GMT,200.28.203.181:1027,UDP
FWIN,2002/11/09,08:19:46 +9:30 GMT,208.184.232.142:0,ICMP (type:3/subtype:1)
FWIN,2002/11/09,08:20:32 +9:30 GMT,216.142.183.58:1033,UDP
FWIN,2002/11/09,08:22:39 +9:30 GMT,208.138.40.101:1028,UDP
FWIN,2002/11/09,08:38:02 +9:30 GMT,200.66.74.122:1065,UDP
FWIN,2002/11/09,08:41:01 +9:30 GMT,211.26.76.88:1025,UDP
FWIN,2002/11/09,08:49:30 +9:30 GMT,195.175.193.245:1029,UDP
FWIN,2002/11/09,08:49:58 +9:30 GMT,138.88.89.201:1026,UDP
FWIN,2002/11/09,08:57:15 +9:30 GMT,209.15.179.176:60077,TCP (flags:S)
FWIN,2002/11/09,08:59:30 +9:30 GMT,216.93.32.11:1027,UDP
FWIN,2002/11/09,09:07:13 +9:30 GMT,67.26.81.214:2280,UDP
FWIN,2002/11/09,09:10:59 +9:30 GMT,148.219.125.10:1032,UDP
FWIN,2002/11/09,09:12:43 +9:30 GMT,217.4.26.184:1027,UDP
FWIN,2002/11/09,09:13:28 +9:30 GMT,66.157.76.132:1024,UDP
FWIN,2002/11/10,06:54:10 +9:30 GMT,66.42.119.192:1025,UDP
FWIN,2002/11/10,06:55:55 +9:30 GMT,80.135.109.28:1027,UDP
FWIN,2002/11/10,07:08:23 +9:30 GMT,200.206.236.80:1046,UDP
FWIN,2002/11/10,07:15:45 +9:30 GMT,80.14.192.124:1025,UDP
FWIN,2002/11/10,07:18:41 +9:30 GMT,211.180.188.130:1027,UDP
FWIN,2002/11/10,07:49:20 +9:30 GMT,195.23.180.86:1027,UDP
FWIN,2002/11/10,07:51:59 +9:30 GMT,61.121.247.206:2718,TCP (flags:S)
FWIN,2002/11/10,07:55:38 +9:30 GMT,204.31.18.44:1027,UDP
FWIN,2002/11/10,08:08:11 +9:30 GMT,24.97.120.87:1028,UDP
FWIN,2002/11/10,08:28:15 +9:30 GMT,200.173.167.109:1026,UDP
FWIN,2002/11/10,08:40:00 +9:30 GMT,61.220.32.235:1864,TCP (flags:S)
FWIN,2002/11/10,08:44:47 +9:30 GMT,216.208.56.1:65117,UDP
FWIN,2002/11/10,08:59:35 +9:30 GMT,195.163.231.112:1026,UDP
FWIN,2002/11/10,08:59:45 +9:30 GMT,66.119.138.205:1029,UDP
FWIN,2002/11/10,09:12:15 +9:30 GMT,67.33.52.42:2981,TCP (flags:S)
FWIN,2002/11/10,09:27:57 +9:30 GMT,66.76.166.108:1028,UDP
FWIN,2002/11/10,09:30:51 +9:30 GMT,196.40.62.90:1025,UDP
FWIN,2002/11/10,09:31:56 +9:30 GMT,149.225.118.109:1028,UDP
FWIN,2002/11/10,09:38:13 +9:30 GMT,24.27.53.112:1025,UDP
FWIN,2002/11/10,09:50:12 +9:30 GMT,208.37.112.55:4680,TCP (flags:S)
FWIN,2002/11/10,09:54:40 +9:30 GMT,211.248.136.5:1028,UDP
FWIN,2002/11/10,10:07:13 +9:30 GMT,200.206.209.59:1026,UDP
FWIN,2002/11/10,10:14:33 +9:30 GMT,24.198.61.41:34758,UDP
FWIN,2002/11/10,10:33:12 +9:30 GMT,64.229.56.244:63653,UDP
FWIN,2002/11/10,10:35:03 +9:30 GMT,218.0.119.194:1027,UDP
FWIN,2002/11/10,10:39:14 +9:30 GMT,216.155.68.86:1026,UDP
FWIN,2002/11/15,05:47:30 +9:30 GMT,80.33.206.86:14666,UDP
FWIN,2002/11/15,05:48:38 +9:30 GMT,168.234.145.36:1028,UDP
FWIN,2002/11/15,05:49:36 +9:30 GMT,213.6.254.242:1030,UDP
FWIN,2002/11/15,05:54:06 +9:30 GMT,4.47.246.105:1036,UDP
FWIN,2002/11/15,05:54:48 +9:30 GMT,148.223.217.164:1032,UDP
FWIN,2002/11/15,05:56:44 +9:30 GMT,61.35.93.91:1039,UDP
FWIN,2002/11/15,05:57:05 +9:30 GMT,200.204.149.76:1036,UDP
FWIN,2002/11/15,05:58:07 +9:30 GMT,216.139.109.89:1027,UDP
FWIN,2002/11/15,06:00:40 +9:30 GMT,209.91.155.150:1026,UDP
FWIN,2002/11/15,06:03:52 +9:30 GMT,213.168.122.118:1065,UDP
FWIN,2002/11/15,06:08:30 +9:30 GMT,202.125.146.56:1028,UDP
FWIN,2002/11/15,06:08:56 +9:30 GMT,149.225.88.128:1029,UDP
FWIN,2002/11/15,06:09:52 +9:30 GMT,66.122.17.207:1026,UDP
FWIN,2002/11/15,06:11:36 +9:30 GMT,218.163.205.183:1027,UDP
FWIN,2002/11/15,06:12:18 +9:30 GMT,200.148.38.124:1028,UDP
FWIN,2002/11/15,06:13:10 +9:30 GMT,61.81.82.40:1033,UDP
FWIN,2002/11/15,06:15:19 +9:30 GMT,211.228.96.89:1027,UDP
FWIN,2002/11/15,06:17:49 +9:30 GMT,210.168.225.164:10992,UDP
FWIN,2002/11/15,06:26:51 +9:30 GMT,208.180.233.49:1081,UDP
FWIN,2002/11/15,06:28:13 +9:30 GMT,24.82.51.238:1028,UDP
FWIN,2002/11/15,06:30:07 +9:30 GMT,65.120.98.56:1027,UDP
FWIN,2002/11/15,06:36:30 +9:30 GMT,213.8.185.116:1026,UDP
FWIN,2002/11/15,06:38:51 +9:30 GMT,207.115.185.67:1025,UDP
FWIN,2002/11/15,06:39:02 +9:30 GMT,216.93.124.160:1040,UDP
FWIN,2002/11/15,06:39:09 +9:30 GMT,148.215.14.8:1028,UDP
FWIN,2002/11/15,06:43:33 +9:30 GMT,165.128.66.67:1027,UDP
FWIN,2002/11/15,06:43:59 +9:30 GMT,66.141.246.101:1028,UDP
FWIN,2002/11/15,06:45:13 +9:30 GMT,209.53.210.186:1025,UDP
FWIN,2002/11/15,06:46:24 +9:30 GMT,80.83.35.11:1027,UDP
FWIN,2002/11/15,06:49:45 +9:30 GMT,202.217.76.12:1026,UDP
FWIN,2002/11/15,06:52:31 +9:30 GMT,80.198.57.85:1025,UDP
FWIN,2002/11/15,06:53:35 +9:30 GMT,200.17.87.130:1026,UDP
FWIN,2002/11/15,06:56:27 +9:30 GMT,67.68.108.39:1029,UDP
FWIN,2002/11/15,06:57:44 +9:30 GMT,148.224.200.21:1027,UDP
FWIN,2002/11/15,07:02:59 +9:30 GMT,66.76.204.35:1032,UDP
FWIN,2002/11/15,07:05:56 +9:30 GMT,155.239.136.217:1029,UDP
FWIN,2002/11/15,07:07:05 +9:30 GMT,212.198.137.216:1036,UDP
FWIN,2002/11/15,07:07:08 +9:30 GMT,24.158.145.87:1033,UDP
FWIN,2002/11/15,07:15:32 +9:30 GMT,218.164.168.167:1032,UDP
FWIN,2002/11/15,07:21:39 +9:30 GMT,216.252.250.104:1029,UDP
FWIN,2002/11/15,07:22:44 +9:30 GMT,24.26.124.134:1043,UDP
FWIN,2002/11/15,07:24:38 +9:30 GMT,65.134.188.6:1035,UDP
FWIN,2002/11/15,07:28:08 +9:30 GMT,200.225.244.47:1027,UDP
FWIN,2002/11/15,07:28:38 +9:30 GMT,63.208.30.95:1028,UDP
FWIN,2002/11/15,07:28:53 +9:30 GMT,213.22.115.141:1031,UDP
FWIN,2002/11/15,07:29:02 +9:30 GMT,216.214.209.45:1026,UDP
FWIN,2002/11/15,07:29:20 +9:30 GMT,206.151.52.199:1028,UDP
FWIN,2002/11/15,07:35:14 +9:30 GMT,65.104.67.52:1032,UDP
FWIN,2002/11/15,07:37:22 +9:30 GMT,163.121.226.70:1028,UDP
FWIN,2002/11/15,07:38:25 +9:30 GMT,200.155.33.239:1056,UDP
FWIN,2002/11/15,07:39:36 +9:30 GMT,211.189.53.254:44206,UDP
FWIN,2002/11/15,07:43:10 +9:30 GMT,200.70.125.6:1033,UDP
FWIN,2002/11/15,07:46:02 +9:30 GMT,210.115.13.69:1027,UDP
FWIN,2002/11/15,07:47:15 +9:30 GMT,62.42.96.90:1048,UDP
FWIN,2002/11/15,07:48:14 +9:30 GMT,63.205.215.138:1030,UDP
FWIN,2002/11/15,07:50:45 +9:30 GMT,217.208.212.36:33219,UDP

Any ideas anyone?

Cheers

Dutchman · Post by **Dutchman** » Thu, 14. Nov 02, 23:58

Hi CJ,

I'll try and explain what a good friend of mine told me about those portscans etc. He works for an internet provider and is quite keen on these things

There are many internet services who have , as a side product, delivering information on internet behaviour of internet users. I for example get many portscans from a french telecom company who thry to scan my ports and track my behaviour on the internet. They sell this information to all kinda organisations who are interrested in this. Your firewall blocks the access to your port so the company scanning your port has no access to your behaviourinformation stored on your system like the use of cookies, tmp files etc. Their scan bounces off on your firewall so to speak. Don't ask me the in's and out's though. The reason why this happens so many times in a row is simply because it's an automated system doing this that keeps trying as long as you're online. Sometimes it keeps your outgoing ip adress listed for a period of time and keeps on trying for several days or even longer every time you logon to the internet. People with a fixed ip have more problems with this then people using a phone connection because their ip adress changes more often.
When having a fixed ip adress this scanning company can find out who your provider is and set an automated scan on all ip's beginning with a certain number that revers to that provider's ip sequence.
Most scans don't do any harm and are only to gather an insight in people's behaviour on the internet so others (the one's buying this info) can change their ad's etc corresponding to the people's interrest on the net. Those scans are not personal aimed at you specificaly. Others can be direct attacks though to get info from your computer or even wreck havoc there, but that doesn't happen as much as some would make you believe.

My two cents worth,
Hope to be of some help here,

Cheers

Dutchman

The_Abyss · Post by **The_Abyss** » Fri, 15. Nov 02, 00:07

I knew that someone (everyone?!) out there knew more than me! Nice reply Dutchman.

Dutchman · Post by **Dutchman** » Fri, 15. Nov 02, 00:13

The_Abyss wrote:I knew that someone (everyone?!) out there knew more than me! Nice reply Dutchman.

Just passing on what i've been told by someone who works for an internet provider, I wouldn't have known either otherwise

Dutchman

Commander Jamieson · Post by **Commander Jamieson** » Fri, 15. Nov 02, 00:59

@Dutchman, I had an idea something like this is going on, only the sheer number of different places this is coming from baffles me. I removed all spyware items these specific programs load you with, I rarely get messages out. Thanks for confirming my suspicions.

@kiwinz: I get explicit and accurate descriptions what is trying to send out, this was never a problem with me. One ping for example is to my networked other PC, which is NEVER on when I am on the INet, others are various updates which I deleted from the firewall alert log or carrier pings. I have 5 different firewalls running at the same time (you might call me paranoid

) but in the years I have been on the internet I always caught viruses, trojans etc before they did any harm plus I was always aware of the alerts and who is trying what and where. Lately they seem to have increased about 4-5 fold more to what they were in the past, hence my query here. I always try to read up about the latest security holes in Windows, OutlookExpress and so on but one can never be sure.

Thanks again peeps

Cheers

KiwiNZ · Post by **KiwiNZ** » Fri, 15. Nov 02, 01:10

yes you are paranoid

If you have pings in your intranet then that should be an indication that one of your computers sent those out.

re the increase in activity ... praise broadband internet access

Guest · Post by **Guest** » Fri, 15. Nov 02, 01:56

keep of the porn sites

felter · Post by **felter** » Fri, 15. Nov 02, 03:24

Dutchman wrote:Most scans don't do any harm and are only to gather an insight in people's behaviour on the internet so others (the one's buying this info) can change their ad's etc corresponding to the people's interrest on the net. Those scans are not personal aimed at you specificaly. Others can be direct attacks though to get info from your computer or even wreck havoc there, but that doesn't happen as much as some would make you believe.

I would say that these type of scans do do harm. They are spying on your privacy, it is like having someone follow you around with a clipboard writting everything down that you do, writting down everywhere that you go, writting down the names of everyone that you talk to and what you are saying. Having someone peeping theough your window while you watch TV writting down what you watch and when you watch it or even watching you while you're with your mrs/gf timeing how long you lasted or what you favorite position was. These kind of scans are obtrusive and highly unethical these companys take your online life and sell it to make a profit without your permission which is not right. So yes they do harm.

Deleted User · Post by **Deleted User** » Fri, 15. Nov 02, 03:26

XX thanks Guys you have taught me a lot.
When i get bored I sometimes i sometimes print out all the IP addresses
Logged by my firewall
then one by one will try to connect to then .
A lot just get ----page cannot be displayed---- message
So would they be computers I am trying to connect to.
Some are web addresses that i do connect to mostly they are Asian I there own language.
I understand there is a freeware programme maybe available at Simtelhttp://www.simtel.net/newfilelist.php
you put in the ip numbers in it and when the offender trys to connect to your computer the programme will send out 1/2 million messages you have typed, to that address. As you know some coms are set up to print out emails as they come.
A bit like star wars when you wait for the attacker to drop his shields to fire at you and you have a couple of seconds to get a shot in.
all this will get boring too. Because you wont know if you have achieved anything.
there are several sites where you can pick up programs that will allow you to change their websites if you want and to see your results.
You will have to find them yourselves though.
I'm sure i would be banned if i put them on this forum
good luck.

pjknibbs · Post by **pjknibbs** » Fri, 15. Nov 02, 08:43

I would agree with Dutchman that these are some sort of automated scan. If you saw a lot of accesses from the same IP address but with an increasing port number then you might have somebody running a portscan to find open ports on your machine--if they found an open port they'd use other means to determine what server was operating on that port and would then hack in. However, something like that would tend to be done by a more professional hacker--the average s'kiddie would stick to well-known (and easy!) attack vectors such as IIS (port 80) or SQL server (port 1433).

Deleted User · Post by **Deleted User** » Sun, 17. Nov 02, 00:38

XX Some files you may find useful.

http://www.simtel.net/pub/pd/18837.htm
--------------------------------------
http://www.simtel.net/pub/pd/55099.html
-------------------------------------

------------------------------------------
http://www.simtel.net/pub/pd/55109.html

WinME,WinNT 3.x,WinNT 4.x,WinXP,Windows2000 File Size: 3087502 File Date: 2002-11-06 13:41:00 Description: GhostSurf lets you surf the web anonymously Privacy is currently the greatest concern of Internet users. Tenebril's GhostSurf product is designed to actively protect your privacy ...
http://www.simtel.net/pub/pd/60591.html
~~~~~~~~~~~~~~~~~~Regards,
~~~~~~~~~~~~~~~~~~~~~~~Patricia

Commander Jamieson · Post by **Commander Jamieson** » Sun, 17. Nov 02, 01:33

I use the "Anonymizer" toolbar (for INetEx only) for a few months already, which is similar to GhostSurf. My cookie manager is CookiePal and is doing a great job for a few years too. I only have cookies from EGOSOFT, MS Messenger and Hotmail most times enabled on my "temp" Inet files plus the odd one where I can not log on without accepting them (Adobe, Ulead etc). My browser options also delete ALL temporary internet files including cookies at log off (or is it log on).

Cheers

Scruffy · Post by **Scruffy** » Sun, 17. Nov 02, 12:54

Although i can't really help you with this question, i just wanted to mention that i have tried most of the free firewall programs avaliable and even purchased a few. What i am using now is McAfee Personnel Firewall Pro. I have found that it offers a lot more information as to what each Event actually is. It also has a builtin link to trace each event and a direct link to hackerwatch to report an event.

Here is an example of an Event:

2002/11/13 05:52:07 216.12.216.207:2024 (np-dsl-216-12-216-207.ev1.net) 216.12.216.228:12345 GabanBus / NetBus Trojan / Pie Bill Gates Trojan / X-Bill trojan

and here is an example of information on this Event:

A computer at np-dsl-216-12-216-207.ev1.net has attempted an unsolicited connection to TCP port 12345 on your computer.
TCP port 12345 is commonly used by the "GabanBus / NetBus Trojan / Pie Bill Gates Trojan / X-Bill trojan" service or program. The source computer has scanned your computer for this trojan, but it has been blocked by your firewall.

The source IP is on your local network. Click here for more information about what this means.

Commander Jamieson · Post by **Commander Jamieson** » Sun, 17. Nov 02, 21:42

I find it only strange when for example last night (saturday) I only had 8 alerts in a 4 hour period whereas I normally have around 100 or more of them in a similar period. Does that mean the automatic scanners take time off too

I still have my suspicions

Cheers

xaotik · Post by **xaotik** » Sun, 17. Nov 02, 22:37

CJ, the majority of the attempted connections you have received are MS-RPC related - UDP ports 1028 to 1032 are usually assigned to services that can communicate using RPC (remote procedure calls). you can get all kinds of details from a windows machine by querying TCP port 135 - where the system's "portmapper" of sorts resides.
under windows you can use a collection called "rpctools" to find out more about such services on a given computer - under unix there is SPIKE for similar and more detailed protocol tests.
as a sidenote - many currently running DoS attacks and compromising vulnerabilities found in various services provided by MS products can be conducted via MS-RPC. atleast one such vuln that i know of has been open since august and no solution has been provided for it yet (i suppose because MS-RPC isn't all that "popular" as to be widely exploited).

EDIT:
more info could be found about it all if you had logs that showed the source port and the destination port - as i see it, currently it shows you in a rather erroneous fashion the destination port (srcIPADDR:dstPORT - whereas it would be more descriptive to be srcIPADDR:srcPORT -> dstPORT)

Commander Jamieson · Post by **Commander Jamieson** » Sun, 17. Nov 02, 22:49

Thank you xao, I will read up about this subject. I do not worry myself too much about what is happening, it is only I want to find out why, what and who is causing this. For all purposes I should be "invisible" which I seem to be by checking this myself, even from my brothers PC or from various sites one can check this from.

Cheers

egosoft.com

egosoft.com

OT. Question toTechies re firewall

OT. Question toTechies re firewall

from some1 who is too lazy to sign in.....

Re: OT. Question toTechies re firewall

@xao