[kegswindows] Re: inbound TCP connection

  • From: "David Dodge" <ddodge@xxxxxxxxxx>
  • To: <kegswindows@xxxxxxxxxxxxx>
  • Date: Fri, 14 Feb 2003 17:47:09 -0800

You are seeing a portscan.  The :2245 after the TCP/IP address is the
port it is trying to connect to.  Many ISP's scan their networks to find
stuff, and register stuff in DNS so it knows how to resolve addresses.
Other stuff is hackers or others trying to get in. If y o have file and
printer sharing enabled, be very cautios of anything trying to connect
to port 137,UDP as that is the netbios port for sharing on a Microsoft
network.  Browse to www.arin.net (American Registry of Internet
Names)and in the upper right cornet there is a "whois" search and you
can look up the ip address to find out where/who is trying to connect to
your computer. You may only be able to resolve it down to the local ISP
only as they have what they call netblocks and they control the
addressing and assigning of the ip's.  I have a hardware firewall
installed and get these attack entries in my logs all the time.  Some of
it is attempts, other times it is just the background noise of the
internet, like servers trying to contact other servers.  I would also
set your firewall to block outbound traffic to stop programs from going
outside like Trojan programs or spyware that you may have inadvertently
downloaded from a web site.

Have fun examining the logs.

David Dodge 

-----Original Message-----
From: kegswindows-bounce@xxxxxxxxxxxxx
[mailto:kegswindows-bounce@xxxxxxxxxxxxx] On Behalf Of Doug & Betty
Sent: Friday, February 14, 2003 7:36 AM
To: kegswindows@xxxxxxxxxxxxx
Subject: [kegswindows] inbound TCP connection

        Having been zapped by a new virus several months ago after not
my Norton anti-virus subscription had lapsed, I upgraded to Norton's
SystemWorks and Personal Firewall 2003 and turned up the security.

        For the past few weeks, the program has blocked over 200
"inbound TCP
connection" attempts and a dozen or so "inbound UDP packets." 

        When I block the transmission, it comes back from the same
source with
a slightly different address. For example, when I block an attempt from,23730 the attempt repeats from,23150 then,23348 and so on. After about as many as six blockings, it
gives up, but tries again later.

        What do TCP connection and UDP packet mean? And how can I get
this to
stop. I'm hooked to the Internet via Earthlink's DSL service. How can I
find out who this entity is that's trying to connect to my computer?

...Doug Pizac

Other related posts: