firewall floods with...
am 14.05.2006 20:57:17 von goooglethis
good day everyone. recently i noticed a increase in my firewall logs -
mostly with connections that are being dropped or filtered out through
the firewall. the majority of the failed connections seem to be coming
from RIPE and APNIC (did a search on arin whois) as for the port
numbers they vary some but there seems to be a pattern.
are the port numbers related to normal applications accessing the
internet (aim, browser, etc..) or should i be concerned at all?
basically i want to know why these connections are being made; although
they are being blocked.
thank you everyone for all and any information you can provide to me
about this matter. have a great day.
**firewall log of about 30 recent failed connections** // destination
ip removed
Source IP: 71.162.68.166 Destination IP: *** my ip address ***
Protocol: TCP
Source Port: 1776 Destination Port: 445
TCP Flags: 02 ( syn )
Source IP: 84.29.220.115 Destination IP: *** my ip address ***
Protocol: TCP
Source Port: 4260 Destination Port: 4899
TCP Flags: 02 ( syn )
Source IP: 220.131.34.147 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 26454 Destination Port: 50106
Source IP: 213.40.135.119 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 15767 Destination Port: 50004
Source IP: 219.68.146.143 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 30741 Destination Port: 1026
Source IP: 70.128.101.146 Destination IP: *** my ip address ***
Protocol: TCP
Source Port: 2335 Destination Port: 50962
TCP Flags: 02 ( syn )
Source IP: 204.16.208.102 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 38482 Destination Port: 1027
Source IP: 204.16.208.102 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 38482 Destination Port: 1026
Source IP: 211.162.149.167 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 53405 Destination Port: 50106
Source IP: 84.63.118.202 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 12648 Destination Port: 50004
Source IP: 221.198.79.1 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 17898 Destination Port: 50004
Source IP: 204.16.208.114 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 38567 Destination Port: 1027
Source IP: 204.16.208.114 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 38567 Destination Port: 1026
Source IP: 70.128.101.146 Destination IP: *** my ip address ***
Protocol: TCP
Source Port: 1844 Destination Port: 50962
TCP Flags: 02 ( syn )
Source IP: 218.18.211.34 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 17432 Destination Port: 50004
Source IP: 194.152.21.82 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 44967 Destination Port: 50004
Source IP: 71.246.77.111 Destination IP: *** my ip address ***
Protocol: TCP
Source Port: 3158 Destination Port: 445
TCP Flags: 02 ( syn )
Source IP: 61.183.15.41 Destination IP: *** my ip address ***
Protocol: TCP
Source Port: 59257 Destination Port: 3128
TCP Flags: 02 ( syn )
Source IP: 70.128.101.146 Destination IP: *** my ip address ***
Protocol: TCP
Source Port: 1343 Destination Port: 50962
TCP Flags: 02 ( syn )
Source IP: 71.246.77.111 Destination IP: *** my ip address ***
Protocol: TCP
Source Port: 1694 Destination Port: 445
TCP Flags: 02 ( syn )
Source IP: 222.14.118.46 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 32829 Destination Port: 50004
Source IP: 221.6.67.146 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 9037 Destination Port: 50004
Source IP: 221.223.242.199 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 17434 Destination Port: 50409
Source IP: 70.128.101.146 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 44159 Destination Port: 50962
Source IP: 71.246.77.111 Destination IP: *** my ip address ***
Protocol: TCP
Source Port: 3139 Destination Port: 445
TCP Flags: 02 ( syn )
Source IP: 71.246.77.111 Destination IP: *** my ip address ***
Protocol: TCP
Source Port: 3139 Destination Port: 445
TCP Flags: 02 ( syn )
Source IP: 129.170.143.102 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 17626 Destination Port: 50004
Source IP: 66.160.159.30 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 40030 Destination Port: 1027
Source IP: 66.160.159.30 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 40030 Destination Port: 1026
Source IP: 218.18.211.34 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 17432 Destination Port: 50004
Source IP: 222.136.87.191 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 19902 Destination Port: 50004
Source IP: 80.56.28.241 Destination IP: *** my ip address ***
Protocol: UDP
Source Port: 14379 Destination Port: 50004
A search of the source IP addresses resulted in the following results -
71.162.68.166 - Verizon Internet Services Inc. (VIS)
84.29.220.115 - RIPE Network Coordination Centre (RIPE)
220.131.34.147 - Asia Pacific Network Information Centre (APNIC)
213.40.135.119 - RIPE
219.68.146.143 - APNIC
70.128.101.146 - SBC Internet Services (SBC)
204.16.208.102 - Fast Colocation Services (FCS)
211.162.149.167 - APNIC
84.63.118.202 - RIPE
221.198.79.1 - APNIC
204.16.208.114 - FCS
70.128.101.146 - SBC
218.18.211.34 - APNIC
194.152.21.82 - RIPE
71.246.77.111 - VIS
61.183.15.41 - APNIC
70.128.101.146 - SBC
71.246.77.111 - VIS
222.14.118.46 - APNIC
221.6.67.146 - APNIC
221.223.242.199 - APNIC
Re: firewall floods with...
am 14.05.2006 21:14:42 von Sebastian Gottschalk
goooglethis@yahoo.com wrote:
> as for the port numbers they vary some but there seems to be a pattern.
Yeah, basically an 'ignore' pattern.
> are the port numbers related to normal applications accessing the
> internet (aim, browser, etc..) or should i be concerned at all?
445 is SMB/MS-DS, typically the Sasser worm and co.
1026/1027 is typical for certain RPC services on Windows 2000+XP, like
the task manager service which has been remotely vulnerable for some
time. So this is worm traffic searching for exploitable systems.
3128 is ALG service on Windows, 50000+ the typical mapped NAT port
range. Are you using ICS or is this just some totally stupid scan attempt?
> basically i want to know why these connections are being made; although
> they are being blocked.
Why are they blocked? At least the 4899 is either totally clueless or
even some load balancer response on your request, it should be rejected
with a TCP-RST.
Re: firewall floods with...
am 14.05.2006 21:14:42 von Sebastian Gottschalk
goooglethis@yahoo.com wrote:
> as for the port numbers they vary some but there seems to be a pattern.
Yeah, basically an 'ignore' pattern.
> are the port numbers related to normal applications accessing the
> internet (aim, browser, etc..) or should i be concerned at all?
445 is SMB/MS-DS, typically the Sasser worm and co.
1026/1027 is typical for certain RPC services on Windows 2000+XP, like
the task manager service which has been remotely vulnerable for some
time. So this is worm traffic searching for exploitable systems.
3128 is ALG service on Windows, 50000+ the typical mapped NAT port
range. Are you using ICS or is this just some totally stupid scan attempt?
> basically i want to know why these connections are being made; although
> they are being blocked.
Why are they blocked? At least the 4899 is either totally clueless or
even some load balancer response on your request, it should be rejected
with a TCP-RST.
Re: firewall floods with...
am 14.05.2006 21:26:44 von Duane Arnold
>
> should i be concerned at all?
That about sums it all. The FW is blocking the unsolicited inbound traffic
coming to it. It's everyday normal traffic that's being blocked. The FW is
doing its job, at least that part of it if this is a personal FW/host based
packet filter.
You should forget about it as it's much to do about nothing.
Duane :)
Re: firewall floods with...
am 14.05.2006 21:26:44 von Duane Arnold
>
> should i be concerned at all?
That about sums it all. The FW is blocking the unsolicited inbound traffic
coming to it. It's everyday normal traffic that's being blocked. The FW is
doing its job, at least that part of it if this is a personal FW/host based
packet filter.
You should forget about it as it's much to do about nothing.
Duane :)
Re: firewall floods with...
am 15.05.2006 00:35:31 von unruh
445-- microsoft-ds service. The other I do not know. Maybe games of some
sort.
Your source estimation is terrible All you have discovered is who
registered it, not the owner of the ip
Eg
whois 221.223.242.199
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 221.216.0.0 - 221.223.255.255
netname: CNCGROUP-BJ
descr: CNCGROUP Beijing province network
descr: China Network Communications Group Corporation
descr: No.156,Fu-Xing-Men-Nei Street,
descr: Beijing 100031
country: CN
admin-c: CH455-AP
tech-c: SY21-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-BJ
mnt-routes: MAINT-CNCGROUP-RR
changed: hm-changed@apnic.net 20031119
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20060124
source: APNIC
role: CNCGroup Hostmaster
e-mail: abuse@cnc-noc.net
address: No.156,Fu-Xing-Men-Nei Street,
address: Beijing,100031,P.R.China
nic-hdl: CH455-AP
phone: +86-10-82993155
fax-no: +86-10-82993102
country: CN
admin-c: CH444-AP
tech-c: CH444-AP
changed: abuse@cnc-noc.net 20041119
mnt-by: MAINT-CNCGROUP
source: APNIC
person: sun ying
address: Beijing Telecommunication Administration
address: TaiPingHu DongLi 18, Xicheng District
address: Beijing 100031
country: CN
phone: +86-10-66198941
fax-no: +86-10-68511003
e-mail: suny@publicf.bta.net.cn
nic-hdl: SY21-AP
mnt-by: MAINT-CHINANET-BJ
changed: suny@publicf.bta.net.cn 19980824
source: APNIC
goooglethis@yahoo.com writes:
>good day everyone. recently i noticed a increase in my firewall logs -
>mostly with connections that are being dropped or filtered out through
>the firewall. the majority of the failed connections seem to be coming
>from RIPE and APNIC (did a search on arin whois) as for the port
>numbers they vary some but there seems to be a pattern.
>are the port numbers related to normal applications accessing the
>internet (aim, browser, etc..) or should i be concerned at all?
>basically i want to know why these connections are being made; although
>they are being blocked.
>thank you everyone for all and any information you can provide to me
>about this matter. have a great day.
>**firewall log of about 30 recent failed connections** // destination
>ip removed
>Source IP: 71.162.68.166 Destination IP: *** my ip address ***
>Protocol: TCP
>Source Port: 1776 Destination Port: 445
>TCP Flags: 02 ( syn )
>Source IP: 84.29.220.115 Destination IP: *** my ip address ***
>Protocol: TCP
>Source Port: 4260 Destination Port: 4899
>TCP Flags: 02 ( syn )
>Source IP: 220.131.34.147 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 26454 Destination Port: 50106
>Source IP: 213.40.135.119 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 15767 Destination Port: 50004
>Source IP: 219.68.146.143 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 30741 Destination Port: 1026
>Source IP: 70.128.101.146 Destination IP: *** my ip address ***
>Protocol: TCP
>Source Port: 2335 Destination Port: 50962
>TCP Flags: 02 ( syn )
>Source IP: 204.16.208.102 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 38482 Destination Port: 1027
>Source IP: 204.16.208.102 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 38482 Destination Port: 1026
>Source IP: 211.162.149.167 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 53405 Destination Port: 50106
>Source IP: 84.63.118.202 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 12648 Destination Port: 50004
>Source IP: 221.198.79.1 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 17898 Destination Port: 50004
>Source IP: 204.16.208.114 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 38567 Destination Port: 1027
>Source IP: 204.16.208.114 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 38567 Destination Port: 1026
>Source IP: 70.128.101.146 Destination IP: *** my ip address ***
>Protocol: TCP
>Source Port: 1844 Destination Port: 50962
>TCP Flags: 02 ( syn )
>Source IP: 218.18.211.34 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 17432 Destination Port: 50004
>Source IP: 194.152.21.82 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 44967 Destination Port: 50004
>Source IP: 71.246.77.111 Destination IP: *** my ip address ***
>Protocol: TCP
>Source Port: 3158 Destination Port: 445
>TCP Flags: 02 ( syn )
>Source IP: 61.183.15.41 Destination IP: *** my ip address ***
>Protocol: TCP
>Source Port: 59257 Destination Port: 3128
>TCP Flags: 02 ( syn )
>Source IP: 70.128.101.146 Destination IP: *** my ip address ***
>Protocol: TCP
>Source Port: 1343 Destination Port: 50962
>TCP Flags: 02 ( syn )
>Source IP: 71.246.77.111 Destination IP: *** my ip address ***
>Protocol: TCP
>Source Port: 1694 Destination Port: 445
>TCP Flags: 02 ( syn )
>Source IP: 222.14.118.46 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 32829 Destination Port: 50004
>Source IP: 221.6.67.146 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 9037 Destination Port: 50004
>Source IP: 221.223.242.199 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 17434 Destination Port: 50409
>Source IP: 70.128.101.146 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 44159 Destination Port: 50962
>Source IP: 71.246.77.111 Destination IP: *** my ip address ***
>Protocol: TCP
>Source Port: 3139 Destination Port: 445
>TCP Flags: 02 ( syn )
>Source IP: 71.246.77.111 Destination IP: *** my ip address ***
>Protocol: TCP
>Source Port: 3139 Destination Port: 445
>TCP Flags: 02 ( syn )
>Source IP: 129.170.143.102 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 17626 Destination Port: 50004
>Source IP: 66.160.159.30 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 40030 Destination Port: 1027
>Source IP: 66.160.159.30 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 40030 Destination Port: 1026
>Source IP: 218.18.211.34 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 17432 Destination Port: 50004
>Source IP: 222.136.87.191 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 19902 Destination Port: 50004
>Source IP: 80.56.28.241 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 14379 Destination Port: 50004
>A search of the source IP addresses resulted in the following results -
>71.162.68.166 - Verizon Internet Services Inc. (VIS)
>84.29.220.115 - RIPE Network Coordination Centre (RIPE)
>220.131.34.147 - Asia Pacific Network Information Centre (APNIC)
>213.40.135.119 - RIPE
>219.68.146.143 - APNIC
>70.128.101.146 - SBC Internet Services (SBC)
>204.16.208.102 - Fast Colocation Services (FCS)
>211.162.149.167 - APNIC
>84.63.118.202 - RIPE
>221.198.79.1 - APNIC
>204.16.208.114 - FCS
>70.128.101.146 - SBC
>218.18.211.34 - APNIC
>194.152.21.82 - RIPE
>71.246.77.111 - VIS
>61.183.15.41 - APNIC
>70.128.101.146 - SBC
>71.246.77.111 - VIS
>222.14.118.46 - APNIC
>221.6.67.146 - APNIC
>221.223.242.199 - APNIC
Re: firewall floods with...
am 15.05.2006 00:35:31 von unruh
445-- microsoft-ds service. The other I do not know. Maybe games of some
sort.
Your source estimation is terrible All you have discovered is who
registered it, not the owner of the ip
Eg
whois 221.223.242.199
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 221.216.0.0 - 221.223.255.255
netname: CNCGROUP-BJ
descr: CNCGROUP Beijing province network
descr: China Network Communications Group Corporation
descr: No.156,Fu-Xing-Men-Nei Street,
descr: Beijing 100031
country: CN
admin-c: CH455-AP
tech-c: SY21-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-BJ
mnt-routes: MAINT-CNCGROUP-RR
changed: hm-changed@apnic.net 20031119
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20060124
source: APNIC
role: CNCGroup Hostmaster
e-mail: abuse@cnc-noc.net
address: No.156,Fu-Xing-Men-Nei Street,
address: Beijing,100031,P.R.China
nic-hdl: CH455-AP
phone: +86-10-82993155
fax-no: +86-10-82993102
country: CN
admin-c: CH444-AP
tech-c: CH444-AP
changed: abuse@cnc-noc.net 20041119
mnt-by: MAINT-CNCGROUP
source: APNIC
person: sun ying
address: Beijing Telecommunication Administration
address: TaiPingHu DongLi 18, Xicheng District
address: Beijing 100031
country: CN
phone: +86-10-66198941
fax-no: +86-10-68511003
e-mail: suny@publicf.bta.net.cn
nic-hdl: SY21-AP
mnt-by: MAINT-CHINANET-BJ
changed: suny@publicf.bta.net.cn 19980824
source: APNIC
goooglethis@yahoo.com writes:
>good day everyone. recently i noticed a increase in my firewall logs -
>mostly with connections that are being dropped or filtered out through
>the firewall. the majority of the failed connections seem to be coming
>from RIPE and APNIC (did a search on arin whois) as for the port
>numbers they vary some but there seems to be a pattern.
>are the port numbers related to normal applications accessing the
>internet (aim, browser, etc..) or should i be concerned at all?
>basically i want to know why these connections are being made; although
>they are being blocked.
>thank you everyone for all and any information you can provide to me
>about this matter. have a great day.
>**firewall log of about 30 recent failed connections** // destination
>ip removed
>Source IP: 71.162.68.166 Destination IP: *** my ip address ***
>Protocol: TCP
>Source Port: 1776 Destination Port: 445
>TCP Flags: 02 ( syn )
>Source IP: 84.29.220.115 Destination IP: *** my ip address ***
>Protocol: TCP
>Source Port: 4260 Destination Port: 4899
>TCP Flags: 02 ( syn )
>Source IP: 220.131.34.147 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 26454 Destination Port: 50106
>Source IP: 213.40.135.119 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 15767 Destination Port: 50004
>Source IP: 219.68.146.143 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 30741 Destination Port: 1026
>Source IP: 70.128.101.146 Destination IP: *** my ip address ***
>Protocol: TCP
>Source Port: 2335 Destination Port: 50962
>TCP Flags: 02 ( syn )
>Source IP: 204.16.208.102 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 38482 Destination Port: 1027
>Source IP: 204.16.208.102 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 38482 Destination Port: 1026
>Source IP: 211.162.149.167 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 53405 Destination Port: 50106
>Source IP: 84.63.118.202 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 12648 Destination Port: 50004
>Source IP: 221.198.79.1 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 17898 Destination Port: 50004
>Source IP: 204.16.208.114 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 38567 Destination Port: 1027
>Source IP: 204.16.208.114 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 38567 Destination Port: 1026
>Source IP: 70.128.101.146 Destination IP: *** my ip address ***
>Protocol: TCP
>Source Port: 1844 Destination Port: 50962
>TCP Flags: 02 ( syn )
>Source IP: 218.18.211.34 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 17432 Destination Port: 50004
>Source IP: 194.152.21.82 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 44967 Destination Port: 50004
>Source IP: 71.246.77.111 Destination IP: *** my ip address ***
>Protocol: TCP
>Source Port: 3158 Destination Port: 445
>TCP Flags: 02 ( syn )
>Source IP: 61.183.15.41 Destination IP: *** my ip address ***
>Protocol: TCP
>Source Port: 59257 Destination Port: 3128
>TCP Flags: 02 ( syn )
>Source IP: 70.128.101.146 Destination IP: *** my ip address ***
>Protocol: TCP
>Source Port: 1343 Destination Port: 50962
>TCP Flags: 02 ( syn )
>Source IP: 71.246.77.111 Destination IP: *** my ip address ***
>Protocol: TCP
>Source Port: 1694 Destination Port: 445
>TCP Flags: 02 ( syn )
>Source IP: 222.14.118.46 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 32829 Destination Port: 50004
>Source IP: 221.6.67.146 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 9037 Destination Port: 50004
>Source IP: 221.223.242.199 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 17434 Destination Port: 50409
>Source IP: 70.128.101.146 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 44159 Destination Port: 50962
>Source IP: 71.246.77.111 Destination IP: *** my ip address ***
>Protocol: TCP
>Source Port: 3139 Destination Port: 445
>TCP Flags: 02 ( syn )
>Source IP: 71.246.77.111 Destination IP: *** my ip address ***
>Protocol: TCP
>Source Port: 3139 Destination Port: 445
>TCP Flags: 02 ( syn )
>Source IP: 129.170.143.102 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 17626 Destination Port: 50004
>Source IP: 66.160.159.30 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 40030 Destination Port: 1027
>Source IP: 66.160.159.30 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 40030 Destination Port: 1026
>Source IP: 218.18.211.34 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 17432 Destination Port: 50004
>Source IP: 222.136.87.191 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 19902 Destination Port: 50004
>Source IP: 80.56.28.241 Destination IP: *** my ip address ***
>Protocol: UDP
>Source Port: 14379 Destination Port: 50004
>A search of the source IP addresses resulted in the following results -
>71.162.68.166 - Verizon Internet Services Inc. (VIS)
>84.29.220.115 - RIPE Network Coordination Centre (RIPE)
>220.131.34.147 - Asia Pacific Network Information Centre (APNIC)
>213.40.135.119 - RIPE
>219.68.146.143 - APNIC
>70.128.101.146 - SBC Internet Services (SBC)
>204.16.208.102 - Fast Colocation Services (FCS)
>211.162.149.167 - APNIC
>84.63.118.202 - RIPE
>221.198.79.1 - APNIC
>204.16.208.114 - FCS
>70.128.101.146 - SBC
>218.18.211.34 - APNIC
>194.152.21.82 - RIPE
>71.246.77.111 - VIS
>61.183.15.41 - APNIC
>70.128.101.146 - SBC
>71.246.77.111 - VIS
>222.14.118.46 - APNIC
>221.6.67.146 - APNIC
>221.223.242.199 - APNIC
Re: firewall floods with...
am 15.05.2006 21:56:45 von Anon
I recently installed a new firewall on my laptop. In the course of
checking for potential leaks when traveling, I bypassed my router and
connected it directly to the DSL modem. The firewall was logging a
connection attempt on the average of about every 5 seconds, for the
several minutes I watched. That's apparently normal these days.
Re: firewall floods with...
am 15.05.2006 21:56:45 von Anon
I recently installed a new firewall on my laptop. In the course of
checking for potential leaks when traveling, I bypassed my router and
connected it directly to the DSL modem. The firewall was logging a
connection attempt on the average of about every 5 seconds, for the
several minutes I watched. That's apparently normal these days.