IP Address attempting to access my computer
Results 1 to 10 of 10

Thread: IP Address attempting to access my computer

  1. #1
    Junior Member
    Join Date
    Feb 2003
    Posts
    4

    IP Address attempting to access my computer

    Over the past couple of days my firewall has been telling me that group of about four sequential IP's have to trying to access my computer. I used an ip locator to find them and they are all from Marina Del Ray, California and I live in Atlanta. The same ip addresses have been coming up at least 5 times a day for the past couple of days. I was wondering why someone would be attempting to access my computer. Also is it possible that they are accessing my computer and my firewall is just catching some of the attempts. I'm really new to all of this and am trying to learn as quickly as I can. Any help would be appreciated.

    agent007

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    What type of attempt is it TCP? UDP? What port(s) are being probed?

    Cheers:
    DjM

  3. #3
    Senior Member
    Join Date
    Nov 2002
    Posts
    139
    Well you have to take into account that there are a hell of a lot of dumb script kiddies out there attempting to access all sorts of computers, from gov to home users. What firewall are you using by the way? Just curious.

  4. #4
    Senior Member
    Join Date
    Aug 2001
    Location
    Calgary, AB Canada
    Posts
    140
    Could you perhaps tell us what kind of firewall (and version) you are running and just what the firewall is loggin? Is it an attemp at port 135 for example?

    Did you install any new software (especially network based) on your computer? Perhaps it could be a program tyring to contact remote servers to funtion. Kazaa will often cause some interesting results on some firewalls.

    The more information we have, the better we can help you. If you still believe that these are attack attempts, use http://www.samspade.org and run the IP through there, then contact the abuse desk of whatever network comes up. Just be quick, to the point, and include firewall type/version, and the necessary parts of the logs. (They don't have time to see what you did on your computer for the past 90 days... )

    Dave
    Alcohol & calculus don't mix. Never drink & derive.

  5. #5
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    As for why take a look at this: http://www.antionline.com/showthread...+their+victims
    If I were you I would print out the logs and contact the isp. If you do a whois on the ip there should be an email like
    abuse@provider.com
    where provider is their isp, send some logs to that email and tell them to take care of the user with that ip. As for the people access your computer without your firewall catching it, possible but not likely. Just look for new programs popping up, or new folders, or your harddrive light blinking frantically when you are not using the computer. For the whois lookup you can go here: http://www.networksolutions.com/en_US/whois/index.jhtml

    edit
    now that's what I call response, 4 replies in 8 minutes.

  6. #6
    Senior Member
    Join Date
    Aug 2001
    Location
    Calgary, AB Canada
    Posts
    140
    now that's what I call response, 4 replies in 8 minutes.
    Thats what makes this community so great isn't it? Long live AO!

    But I really do agree with reporting it to the abuse desk of the network them IP's belong to. I do the same thing, and it doesn't take long before you no longer see them IP's showing up in your logs anymore... I do the same with SPAM email, mind you the results take more like a week, but you usually get results.

    Dave
    Alcohol & calculus don't mix. Never drink & derive.

  7. #7
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Shouldn't we wait for a little more information before we tell him/her to start reporting things to an ISP. Could be nothing, normal network noise, could be a worm (blaster) looking for machines to infect. Lets wait until he/she fills us in a little more before we start making recommendations.

    Cheers:
    DjM

  8. #8
    Junior Member
    Join Date
    Feb 2003
    Posts
    4
    The firewall I am using is ZoneAlarm Pro not sure what version. It looks like most of the attempts are TCP but some were UDP. I do have kazaa which I guess could be whats happening. It looks like it is attempting to access port 139 on my computer.

  9. #9
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    And how many scans are you seeing? Port 139 is a NETBIOS port and is scanned for on a regular basis, failure to secure this port can lead to your machine being hacked. Having said that, ZoneAlarm seems to be blocking the attacks so if the volume is not that high, I would just forget about it.

    Cheers:
    DjM

  10. #10
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    By agent007
    I do have kazaa which I guess could be whats happening. It looks like it is attempting to access port 139 on my computer.
    When I use Kazaa or someone on my network uses Kazaa. I get a couple of port scans showing up in my logs. Have you been using Kazaa 5 times a day for the past two days?
    By agent 007
    the same ip addresses have been coming up at least 5 times a day for the past couple of days
    (suggestion) Turn off as many services as you can. www.BlackViper.com Give the kiddies less options. Scanning with a trojan scanner wouldnt hurt.
    (personal opinion)
    I think port scanning is rude and I have turned in some IP's in my time. But usually when I get the first suspicious port scan. I do one right back with good ole Suse. After I do some of my own ivestigative work then I turn in the IP's Via the Report abuse Em@il. Works everytime!!!

    Here are all the softwares I use. Hope it helps!!!

    !mitaionRust’s Linked Online Security For XP
    SOFTWARE

    Top Four Security Downloads
    (you must have these types of tools)
    · SPY WARE REMOVER DOWNLOAD HERE
    · SPY WARE REMOVER DOWNLOAD HERE
    · FIRE WALL DOWNLOAD HERE
    · ANTI-VIRUS DOWNLOAD HERE
    · ANTI-TROJAN DOWNLOAD HERE


    Note: All downloads above are worthless without updates

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •