-
log queston...
I was checking my firewall log just a few minutes ago, and saw a slightly suspicous series of entries. First there were 8 individual connection attempts from the same IP to UDP ports 33493 to 33488, then a single portscan entry from the same IP for UDP 33493 to 33488 again. I tried searching for common trojan ports because I couldnt find the port numbers in my rfc printout. Is there any reason to be concerned about this, or is it possibly just someone randomly scanning IPs?
-
Do you have MSN messenger or ICQ running? Also, Kazaa and some other file sharing (P2P) apps like to use the high range random ports.
-
I have MSN running, but I checked in outpost, its not using anything near the 30000 area. I dont have any filesharing or p2p running.
-
probably no need to be concerned, because for one your firewall stopped whatever it was. moreover it was probably just a random scan, which is quite common, and normally harmless. but just because you couldn't find the port on your printout, doesn't mean that something that wasn't supposed to use that port, was using that port.
max
-
Good. Well, no worry. It means your firewall is doing it's job. Just be sure to have your AV/Trojan software up to date and scan regularly. Also keep your patches applied to your OS.
-
AVG scans every night, and updates once a week. I got in the habit of good AV after getting hit by a harmless but annoying worm a couple years ago. I can only imagine the kind of stuff I didnt see going on before I got a firewall.
-
I see this all the time. It is a Unix/Linux machine performing a tracert. Unix/Linux uses the UDP Protocol in the 33000's port region as opposed to Microsoft using the ICMP Protocol
-
SoggyBottom > thanx, I was wasnt really worried, but I curious as to what would cause those entries. Hmm, now im going to be wondering why I was being traced?