log queston...
Results 1 to 8 of 8

Thread: log queston...

  1. #1
    Senior Member Syini666's Avatar
    Join Date
    Aug 2001
    Posts
    551

    log queston...

    I was checking my firewall log just a few minutes ago, and saw a slightly suspicous series of entries. First there were 8 individual connection attempts from the same IP to UDP ports 33493 to 33488, then a single portscan entry from the same IP for UDP 33493 to 33488 again. I tried searching for common trojan ports because I couldnt find the port numbers in my rfc printout. Is there any reason to be concerned about this, or is it possibly just someone randomly scanning IPs?
    You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    883
    Do you have MSN messenger or ICQ running? Also, Kazaa and some other file sharing (P2P) apps like to use the high range random ports.
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  3. #3
    Senior Member Syini666's Avatar
    Join Date
    Aug 2001
    Posts
    551
    I have MSN running, but I checked in outpost, its not using anything near the 30000 area. I dont have any filesharing or p2p running.
    You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

  4. #4
    Senior Member
    Join Date
    Jun 2002
    Posts
    394
    probably no need to be concerned, because for one your firewall stopped whatever it was. moreover it was probably just a random scan, which is quite common, and normally harmless. but just because you couldn't find the port on your printout, doesn't mean that something that wasn't supposed to use that port, was using that port.

    max
    Hmm...theres something a little peculiar here. Oh i see what it is! the sentence is talking about itself! do you see that? what do you mean? sentences can\'t talk! No, but they REFER to things, and this one refers directly-unambigeously-unmistakably-to the very sentence which it is!

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    883
    Good. Well, no worry. It means your firewall is doing it's job. Just be sure to have your AV/Trojan software up to date and scan regularly. Also keep your patches applied to your OS.
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  6. #6
    Senior Member Syini666's Avatar
    Join Date
    Aug 2001
    Posts
    551
    AVG scans every night, and updates once a week. I got in the habit of good AV after getting hit by a harmless but annoying worm a couple years ago. I can only imagine the kind of stuff I didnt see going on before I got a firewall.
    You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    371
    I see this all the time. It is a Unix/Linux machine performing a tracert. Unix/Linux uses the UDP Protocol in the 33000's port region as opposed to Microsoft using the ICMP Protocol
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  8. #8
    Senior Member Syini666's Avatar
    Join Date
    Aug 2001
    Posts
    551
    SoggyBottom > thanx, I was wasnt really worried, but I curious as to what would cause those entries. Hmm, now im going to be wondering why I was being traced?
    You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •