Tech Support Guy banner
Cancel
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

tcp inbound endless attempts?

1508 Views 10 Replies 4 Participants Last post by  TOGG
J
I had something weird happen last night. I have norton firewall and antivirus 2003, used 2002 before. Around 8:45 till 9:45, my firewall kept going off with a high risk inbound tcp. Now, not only did it go on for the whole time, it was non stop. Every 4 to 5 seconds, sometimes every second, i was getting inbound tcp at a high risk. Now, only one or two of the numbers are the same, the rest are all different numbers of the computers. Now when I called my isp, they told me that they could trace the calls but thats about all they could do as there were about 245 hits. They checked out a few and they were from allover the place. One, a highway state maintenance in Alabama? an aol subscriber, and another one from a hotmail in atlanta. Weird, anyway, they said that it might be one of my programs. wouldn't it be the same tcp number if it was? my firewall is set up to automatically allow updates to enter so it should not be that, also they can access whenever, but the above items are monitored before access. Any ideas? suggestions?:confused:
Save
Like
Status
Not open for further replies.
1 - 11 of 11 Posts
G
Someone was using a scanner and scanned your port holes ;)

Perfectly legal....however disconcerting it maybe. Probably behind a proxy or using a zombie to do the bidding.

I wouldn't worry about it.
Save
Like
J
Wasn't really worried about it. Firewall stopped it, but it went on for 50 minutes. My firewall said nothing about my ports or backdoors being probbed. Only inbound computer reports.
Save
Like
Monstrous Mi
I would change your IP address. What are you using to connect to the Internet?
Save
Like
J
My ISP number changes every time I log on. My isp provider uses a random selection? That's what I was told. My computer number is different every time I log on. Believe me, my firewall keeps track of my log-ons and hits. I use a dial-up modem. It didn't happen last night, or yet today.
Save
Like
Monstrous Mi
In that case, it may have been a onetime occurence.

It would be interesting to find out if any other customers who use the same ISP as you do experienced the same probes. That would indicate someone was scanning a range of IP addresses and not you specifically.
Save
Like
bellgamin
I sometimes have similar experience, mostly affecting port 137.

I just kill my connection [dial-up, like yours] & get a new IP. That always kills the problem for a while.
Save
Like
J
The wife was just on a few minutes ago and she got hit with about 10. All different. She got fed up and shut it down. Now, I have been on for about 15 minutes now and have not had a single hit. I guess going off the dial-up and then dialing back on is the only way to go. Had 240 hits that night it happened.
Save
Like
J
The wife was just on a few minutes ago and she got hit with about 10. All different. She got fed up and shut it down. Now, I have been on for about 15 minutes now and have not had a single hit. I guess going off the dial-up and then dialing back on is the only way to go. Had 240 hits that night it happened.
Save
Like
J
When I wrote this problem, I haven't had any problems since. Now, we get that virus running around and am wondering if it was a thing to come? It would of been almost impossible to do anything on the net as long as it was going on. Quite logging on the net after a while but I did save the hits to floppy.
Thanks for all the advice.
Save
Like
T
When I got a cluster of hits on my firewall I checked the IANA ports list (http://www.iana.org/assignments/port-numbers) and found that most of the hits were on ports 6346/7 which are the ones assigned to the Gnutella file sharing network.

As I use a dialup, it is likely that the person who had my IP immediately before me had been file swapping and I was getting contacts meant for him.

If your firewall provides destination port details you could check and see if your hits were limited to a few ports like mine. If not, then it seems likely that you were being randomly scanned, which is worrying, but at least you know they didn't gain access.
Save
Like
1 - 11 of 11 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top