weird packet requests
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: weird packet requests

  1. #1
    Senior Member deftones12's Avatar
    Join Date
    Jan 2003
    Location
    cali forn i a
    Posts
    333

    weird packet requests

    I was bored earlier and i was playing around with NMAP and Ethereal to sniff the packets and see what would show up to kill some time. I started the scanner and before i started the scan i started recieving the packets from my other computer (Win2k connected through a hub). In the following screenshots you will see what the packets looked like and how they were tryin to get info on a port or something. Whats the deal? I'm think my machine is clean of worms and virii 'n trojans and stuff but this is like a request on a port to see if its open or something. I dunno...thats why i'm here askin if anyone know what these packets r and what they're askin these ports for. Its not always the same port. It will start at like 2106 then move up after a couple requests. Here r the screenshots...if anyone has any ideas or if this is a Microsoft deal let me know please as i'm curious to know why these requests r coming in.

  2. #2
    Senior Member deftones12's Avatar
    Join Date
    Jan 2003
    Location
    cali forn i a
    Posts
    333
    2nd ss

  3. #3
    Senior Member
    Join Date
    Aug 2003
    Posts
    205
    Hey deftones12 ,

    People here are a bit eary (rightfully so even if bit paranoid) about downloading any attachments unless user has been put through the ringer....Maybe you can change approach a bit till you earn your stars,,,

    Just an opinion...
    Cheers,,,

    Ofcourse Im speaking for myself as well,,being new

  4. #4
    Banned
    Join Date
    Jul 2002
    Posts
    877
    What the hell is your problem, Gunit0072003. His attachments are in JPG format... and even if it did contain malware the image would be screwed up or there probably wouldn't even be a image to show... and besides he'd need something else to run it as executable in order to get anything out of it. Hell you have a more likely chance of getting a virus by visiting questionable sites rather than looking at a few pics.

    Also... you said that he should "Earn his stars" WTF?!? Well damn for a guy who says he's also "speaking for himself" it sure doesn't sound like thats what is going on here, man. It kind of sounds like you think that just because you have a 1 or 2 green dots more than he does in some kind of a ****ing [popularity] or [best avatar] contest means that your better or more trust worthy than him or something.

  5. #5
    Senior Member deftones12's Avatar
    Join Date
    Jan 2003
    Location
    cali forn i a
    Posts
    333
    **** gunit0072003 people like you make this place suck(not sayin it sucks) Its a jpeg...if your afraid of downloading a picture then what the hell r u doin on the internet??? .You've got 1 more green dot thingy than me...not like ur superior or a moderator or anything. I'm surpise you dont think i'm asking this cuz i wanna hack something too. So anyone got any ideas what the packets r by any chance? I dont want this to turn into a flame thread...even though ur an idiot gunit.

    and what the hell is ur idea of "The Ringer"? I'm hoping ur thread was meant as a joke cuz it sounds like it.

  6. #6
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    The machine 192.168.1.2 is trying to connect to a HTTP server on 192.168.1.1

    However, this machine isn't running a HTTP server on port 80, as can be seen by the fact that it's refusing connections.

    It could be just about anything.

    AFAIK, some versions of Windows try to connect over HTTP to machines they're using files from (via SMB shares), for some inexplicable reason (DAV?) - also it's possible that some versions of M$ Office try to do this to get into a Sharepoint server or something.

    Either way, there is probably a reasonable explanation.

    It might also be a worm trying to find hosts to infect.

    Try opening up a web server on 192.168.1.1 (A secure one obviously) and look at the logs to see what it's trying to do. If still in doubt, post those logs here (if they don't have confidential stuff in)

    Slarty

  7. #7
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    AFAIK, some versions of Windows try to connect over HTTP to machines they're using files from (via SMB shares), for some inexplicable reason (DAV?) - also it's possible that some versions of M$ Office try to do this to get into a Sharepoint server or something.
    How can you prevent a windows box from doing this and instead just use SMB?

    Disable the WebClient via services.msc ?

    WebClient
    I have not found a reason to have this service running. I have a hunch that this is going to be required for Microsoft's “.Net Software as a service.” For security reasons, I recommend for this service to be disabled. If some MS products, such as MSN Explorer, Media Player, NetMeeting or Messenger fail to provide a particular function, try to enable this service to see if it is “required” for your configuration.

    Default XP Home: Automatic
    Default XP Pro: Automatic
    Safe Setting: Disabled

    Dependencies:

    WebDav Client Redirector
    http://www.blackviper.com/WinXP/serv....htm#WebClient
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  8. #8
    Senior Member deftones12's Avatar
    Join Date
    Jan 2003
    Location
    cali forn i a
    Posts
    333
    I am using a proxy on 192.168.1.1 which i have been using for my gateway to the internet. I have outpost firewall on it and Wingate Proxy services on it which have been kinda hard to set up between the 2 but it seems to be working fine. 192.168.1.1 has been previously connected to the net...matter of fact thats what machine i'm typing on right now.

  9. #9
    Senior Member
    Join Date
    May 2003
    Posts
    472
    gunit0072003 enuff flayed u are....ur avatar shows up becoz it is downloaded on ur system and then displayed...otherwise it wont...a MALWARE needs an executable to get itself in action
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

  10. #10
    Senior Member
    Join Date
    Aug 2003
    Posts
    205
    ok,ok

    If I offended anybody here especially you deftones12, I apologize. I could have worded my response in a totally different way..

    Iwas really trying to imply what I thought (yea yea I know dont ASSume) why you weren't receiving any feedback..I was chatting with various members about similiar topic (wont mention names) and they conveyed to me their feelings about downloading attachments from newbies..

    Anyway, I've gotten enough feedback from alot of you and have never been called so many F!@#@ING names before in my life,,,,

    I am man enough to admit my hasty comments, and sheepishly apologize for whatever its worth..Let us all move on and get back to technical discussions please..

    Cheers...

    P.S
    Thank you phishphreek80 and slarty for hearing me out before"cussing" me out....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •