Firewall help? - DPChallenge Forums

Sigma 70-200mm f/2.8 EX DG APO IF for Pentax

01/29/2006 10:06:00 PM · #1

So I installed McAfee anti-virus, privacy, and firewall today, about 30 minutes ago. So far, it has blocked 6 events...I'm curious as to what in the heck these events could be...

one says:

A computer at IP Address 203.241.121.188 has attempted an unsolicited connection to UDP port 1025 on your computer. (then under Even information, it says network blackjack)

another says:

A computer at IP Address 221.203.189.44 has attempted an unsolicited connection to UDP port 1031 on your computer. UDP port 1031 is commonly used by the "BBN IAD" service or program

Just curious, what would these computers be trying to connect to my computer for? I had a firewall previously, Sygate, and I never got information like this -- I traced the one, and it basically bounced off of like 10 different places, then ended up back in Philadelphia...

--

Anyway, can anyone simplify what is going on here for an idiot?

Nobody

Pentax K-S2

01/29/2006 10:42:46 PM · #2

Try this whois tool - check the blackhole checkbox:

//www.dslreports.com/whois

Looks like a couple of spam engines either trying to find machines to take control of, or possibly to communicate with a machine that has already been compromised.

Nikon AF-S NIKKOR 24-70mm f/2.8G ED

01/29/2006 10:48:56 PM · #3

hrmm, I see that, sweet tool...

Now what in the heck could they be trying to do if they get 'control of' my computer? And if my computer has already been compromised, it's probably safe now though, right, since it seems to be blocking it?

I've gotten 3 more blocked events since I posted this 45 minutes ago lol...man and I thought my computer was clean.

thegrandwazoo

Nikon D750

01/29/2006 10:59:03 PM · #4

Some bot is likely port scanning you looking to see what service may be running on that port possibly allowing a compromise of many kinds. The most common would be an email relay or install of spy ware, backdoor etc... If it blocking the events then it sounds like the software is doing its job. Here is a list of the port numbers and what they do Port #'s

Sigma 70-200mm f/2.8 EX DG APO IF for Pentax

01/29/2006 11:05:40 PM · #5

heh 2 more blocked events since that last post.

That's just insane...hopefully they'll think no one's home and quit lol...although one was a scan on port 80 by comcast.net -- I know that's the web server port, and it said they may be trying to request a web page.

Maybe comcast thinks I'm on the internet too much, transfering too much data, so they were checking to see if I was running a webserver to charge me extra monthly fees heh, I wouldn't doubt that.

Nobody

Pentax K-S2

01/29/2006 11:25:50 PM · #6

Originally posted by deapee:

ISPs periodically run scans to look for web servers being run by their clients that are against their terms of service. That could be what you are seeing. Could be other stuff, but that is one possiblity.

Canon EF 100mm f/2.8 USM Macro

01/30/2006 12:26:57 AM · #7

I'm starting to get worried -- I've had 12 bocked since 24 minutes ago (midnight) -- most of them are originating from china, then being bounced somewhere in california, then phillidelphia, then I guess coming here.

Most say UDP and BBN...the thing that is getting me is that sometimes it says:

A computer you were communicating with at IP Address 221.10.158.140 has attempted to access a different port than expected (UDP port 1032).

A computer I was communicating with? Now I was in the shower, and not communicating with anyone...

We'll see what it says when I wake up.

Spork99

OM System OM-1

01/30/2006 12:44:53 AM · #8

I'm pretty sure that the NSA is behind it.

Luck

Nikon D40

01/30/2006 02:49:46 AM · #9

well mcafee is good but you shoul try Kaspersky Anti-Hacker, I think is the best firewall (for me it worked just fine), I've recieved messages reporting different attacks but you can also stop them from poping-up everytime.

01/30/2006 07:32:59 AM · #10

I had to have a new hard drive installed last Friday as mine broke (luckly I had backed up my photos!). Anyway within 5 mins of connecting to the net I had an attempt to access my pc. As I was only running with the Windows XP firewall this was bad! Downloaded zone alarm and by the next day it had blocked over 1600 attempts!

01/30/2006 08:02:10 AM · #11

wow 1600 attempts...mine's not that bad, 29 blocked attempts while I was sleeping...I thought it was going to be higher lol.

Canon EF 28-135mm f/3.5-5.6 IS USM

01/31/2006 12:59:46 PM · #12

Its up to 4892 now!

ClubJuggle

Canon EOS-400D Rebel XTi

01/31/2006 01:08:26 PM · #13

Do you use ICQ or AIM? They may use these ports.

Also, do/did either of you use any kind of peer-to-peer file-sharing software?

~Terry

Message edited by author 2006-01-31 13:12:40.

Canon EF 28-135mm f/3.5-5.6 IS USM

01/31/2006 03:43:40 PM · #14

No I dont use ICQ, AIM or anything like it or p2p. My son on the other hand does use AIM. I always blame him for anything that happens on the pc anyway!

ClubJuggle

Canon EOS-400D Rebel XTi

01/31/2006 03:47:02 PM · #15

I can take a look at the firewall log if you like, and probably tell you what's going on.

If you'd like to send me your log file, PM me and I'll send you an email address to use.

~Terry

Artifacts

Canon EOS-5D Mark II

Canon EF 24-105mm f/4.0L IS

01/31/2006 03:53:06 PM · #16

Originally posted by deapee:

heh 2 more blocked events since that last post.

That's just insane...hopefully they'll think no one's home and quit lol...

Don't kid yourself... they are far more persistant at trying to get to your machine than that and there are likely 10s of thousands of them trying to gain access to your computer for nefarious purposes.

The battle against unauthorized access to your computer resources is relentless and never ending. You have to be on your guard at all times, especially since you have a high bandwidth connection which makes you a highly desired target.

There are many legitimate reasons why another computer system should have access to your machine at any given time. You just have to know enough to be able to tell which is which. :)