Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Same hacker keeps finding my dynamic IP

  1. #1
    Junior Member
    Join Date
    Feb 2003
    Posts
    3

    Angry Same hacker keeps finding my dynamic IP

    My firewall keeps alerting me that the same IP address is trying to connect to my computer on a variety of different port numbers. I renewed my dynamic IP address several times and the person keeps finding me. What should I do? Somebody please help.

    Several times a minute I get these messages.

    "ZoneAlarm blocked traffic to port 3675 on your machine from port 61873 on a remote computer whose IP address is 80.138.209.79."
    |<rac|<0|\\|e

  2. #2
    Have you been giving your IP out to people you dont know because that could be bad.

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Interesting. You could file a complaint with the provider. Sam Spade is good for this kind of thing. And if you are ever wondering what the attacker is going after you can check the IANA's Port list


    http://www.samspade.org/t/lookat?a=80.138.209.79


    BTW, are you by any chance running kazaa, eDonkey or other P2P software?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Junior Member
    Join Date
    Feb 2003
    Posts
    3
    I tracert the IP and it leads to a ISP in Vienna. Have used KAzaa but it is not running on my comupter.
    |<rac|<0|\\|e

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    p508AD14F.dip.t-dialin.net is the account that ip is pointing to. get fport from foundstone.com and run it. look to see what's keep that local port open or if its opened at all. if something that you dont recognise is listening on that port you should run theCleaner which can be gotten from moosoft.com. it wouldn't hurt to do this anyway and keep your virus definitions up to date
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    does any one know wot 35072 is used for...my router log's are Full of it....oh well...
    I think it's just a vuln. scan from rooters.

    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Are you completely sure you're running *NOTHING* that could be making any connections there? That includes spyware and adware?

    Bear in mind that this high port number is not a well-known port, no attacker would reasonably attack that port number unless they had either planted a trojan there, or were scanning a lot of ports (which presumably would show up on your log)

    Bear in mind that this person doesn't necesssarily know your IP; they may just be scanning the same range repeatedly and hitting whatever IP you're using that day.

    Is it TCP or UDP? Is that port actually open? If so, what program is holding it open?

  8. #8
    This site might also give you a little help in finding what part of the world and city he or she lives in

    http://visualroute.visualware.com/ that should help a little bit

  9. #9
    Senior Member
    Join Date
    Dec 2002
    Posts
    110
    Do all of the above mentioned, and d/l a packet sniffer and log the packets and see exactly what it is that is transpiring. For someone to continually find your dynamic ip is extremely unlikely. Were that true then pretty guaranteed your have been trojaned. If not then as mentioned you are possibly seeing the ill effects of having run a p2p app.

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    if i trojaned someones box i would have to be pretty stupid to keep tring to reach it if after the first couple of times i failed because a fw was blocking the connection. your saying this happens repeatedly several times a min. no matter what ip your provider supplies you with. this is obviously some mindless automated device. is your fw configured to allow all outgoing packets or just selected ones?

    try removing all the rules you've created in ZA and set it to ask you for permission for each connection attempt both incoming and outgoing. see if something on your machine is making repeated requests to that ip addy
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •