-
March 2nd, 2003, 12:52 AM
#1
Junior Member
Same hacker keeps finding my dynamic IP
My firewall keeps alerting me that the same IP address is trying to connect to my computer on a variety of different port numbers. I renewed my dynamic IP address several times and the person keeps finding me. What should I do? Somebody please help.
Several times a minute I get these messages.
"ZoneAlarm blocked traffic to port 3675 on your machine from port 61873 on a remote computer whose IP address is 80.138.209.79."
-
March 2nd, 2003, 12:58 AM
#2
Have you been giving your IP out to people you dont know because that could be bad.
-
March 2nd, 2003, 01:00 AM
#3
Interesting. You could file a complaint with the provider. Sam Spade is good for this kind of thing. And if you are ever wondering what the attacker is going after you can check the IANA's Port list
http://www.samspade.org/t/lookat?a=80.138.209.79
BTW, are you by any chance running kazaa, eDonkey or other P2P software?
-
March 2nd, 2003, 01:05 AM
#4
Junior Member
I tracert the IP and it leads to a ISP in Vienna. Have used KAzaa but it is not running on my comupter.
-
March 2nd, 2003, 01:07 AM
#5
p508AD14F.dip.t-dialin.net is the account that ip is pointing to. get fport from foundstone.com and run it. look to see what's keep that local port open or if its opened at all. if something that you dont recognise is listening on that port you should run theCleaner which can be gotten from moosoft.com. it wouldn't hurt to do this anyway and keep your virus definitions up to date
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
March 2nd, 2003, 01:38 AM
#6
does any one know wot 35072 is used for...my router log's are Full of it....oh well...
I think it's just a vuln. scan from rooters.
- Noia
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .: Bring OS X to x86!:.
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
-
March 2nd, 2003, 02:22 AM
#7
Are you completely sure you're running *NOTHING* that could be making any connections there? That includes spyware and adware?
Bear in mind that this high port number is not a well-known port, no attacker would reasonably attack that port number unless they had either planted a trojan there, or were scanning a lot of ports (which presumably would show up on your log)
Bear in mind that this person doesn't necesssarily know your IP; they may just be scanning the same range repeatedly and hitting whatever IP you're using that day.
Is it TCP or UDP? Is that port actually open? If so, what program is holding it open?
-
March 2nd, 2003, 02:26 AM
#8
This site might also give you a little help in finding what part of the world and city he or she lives in
http://visualroute.visualware.com/ that should help a little bit
-
March 2nd, 2003, 02:59 AM
#9
Do all of the above mentioned, and d/l a packet sniffer and log the packets and see exactly what it is that is transpiring. For someone to continually find your dynamic ip is extremely unlikely. Were that true then pretty guaranteed your have been trojaned. If not then as mentioned you are possibly seeing the ill effects of having run a p2p app.
-
March 2nd, 2003, 03:58 AM
#10
if i trojaned someones box i would have to be pretty stupid to keep tring to reach it if after the first couple of times i failed because a fw was blocking the connection. your saying this happens repeatedly several times a min. no matter what ip your provider supplies you with. this is obviously some mindless automated device. is your fw configured to allow all outgoing packets or just selected ones?
try removing all the rules you've created in ZA and set it to ask you for permission for each connection attempt both incoming and outgoing. see if something on your machine is making repeated requests to that ip addy
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|