Hits on a port
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Hits on a port

  1. #1
    Junior Member
    Join Date
    Aug 2004
    Posts
    18

    Hits on a port

    I am getting hits on my port 1026 from china. Although I have turned off messenger service this bothers me. Is this something that I should be concerned about?And how would I go about stopping it?

  2. #2
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Turned it off on your hardware firewall, or system firewall?

    Concern: You can be as concerned as you want, it won't do you much good though. Unless you *like* ulcers.

    What to do: Short of declaring yourself Ghengis Khan reincarnated and defeating the People's Republic of China, there ain't much you can do.

    Generally these sorts of things are considered 'background noise' on the 'Net these days, and don't warrant much more than low level dilligence to make sure they haven't become real threats. Keep the ports closed, continue to watch for activity, and ignore it.

    Hope that helps. Welcome to AO.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  3. #3
    AO's Mr Grumpy
    Join Date
    Apr 2003
    Posts
    903

    Re: Hits on a port

    Originally posted here by dodd3256
    I am getting hits on my port 1026 from china. Although I have turned off messenger service this bothers me. Is this something that I should be concerned about?And how would I go about stopping it?
    zencoder say it all, good advice, but tell chinese to f*** off. Your port stay your port. 1026 velly good vintage. Keep to self. Tell chinese to stick with shitty tea and rice wine
    Computer says no
    (Carol Beer)

  4. #4
    Junior Member
    Join Date
    Aug 2004
    Posts
    18
    I actually went back and looked at my log. It's getting through my ISP's but not through my router.

    So I will not fret too much over this then. It's happened kinda frequently over the kast couple of hours, but if there is nothing that I can do, aside from getting an ulcer, than I am not going to worry about it too much.

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    If you're worried about this wait till someone does a full blown NMap scan against your computer..... The poor router will light up like a Xmas tree.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Originally posted here by Tiger Shark
    If you're worried about this wait till someone does a full blown NMap scan against your computer..... The poor router will light up like a Xmas tree.....
    Is THAT what all those blinky lights mean? Wow...

    dodd, don't get an ulcer. The fact that you saw this and asked the question shows you are already thinking along the right lines. Don't sweat the small stuff, and this is small stuff. We've stopped reporting scans and probes here, unless they meet certain rules that show it is a 'more engaged' attempt to reconoiter the network. There's just too many, and it's worthless info at that point. Keep an eye on it, but file it as "just one of those things".

    /* Edit */

    <== 399th post! Does my monitor open up in a confetti explosion and I get fabulous parting prizes when I hit 400?!?!? Ooooh! Aaaaah!
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  7. #7
    Junior Member
    Join Date
    Aug 2004
    Posts
    18
    You guys crack me up! Sorry for the paranoria, I am kinda new to this ans still in that learning cycle. I do have a question.

    My log for my router shows that they are getting through on IP 70.1xx.xxx.xxx UDP. How does this work through my router?

    Is this what the scan is seeing, not my static IP for my computer?

  8. #8
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Originally posted here by dodd3256
    You guys crack me up! Sorry for the paranoria, I am kinda new to this ans still in that learning cycle. I do have a question.
    Even paranoids have enemies.

    My log for my router shows that they are getting through on IP 70.1xx.xxx.xxx UDP. How does this work through my router?
    Depends on what port/service they are using with UDP. I mean, the point of a router is to direct traffic (and more recently, as in the definition of 'firewall', to make judgements on if/how to direct the traffic based on its content/behavior). So you have to be allowing some sort of inbound access. Otherwise, there's no point. Communication is 2 way, so there has to be outbound and inbound allowed in SOME way. What is allowed inbound? What ports do those inbound protocols use?
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    and still in that learning cycle
    We all are... Anyone who tells you they aren't is a lying Bastige......

    I'm assuming your router is "stateful" which most are nowadays. A stateful router/firewall is one that looks at the state of the connection and determines if the traffic is valid. Basically that means it looks to see if _you_ initiated the connection... If you did it will allow the inbound traffic. If you didn't then it will block the traffic as "unsolicited" and therefore unwanted....

    The problem here is that you haven't given us enough information because UDP is a "stateless" protocol. What that means is that TCP, being stateful, has a whole connection sequence it goes through before the computers can talk to each other. Once that sequence, (the "Three Way Handshake"), has been gone through then the connection has a "state" known as "established". UDP is different... It "throws" a packet at the target and forgets about it.... It doesn't care if the target receives the packet or not. There are several common communication methods, including DNS, that work on UDP. In the case of your router you may have made a DNS request under UDP and this may be the returning packet that your router will see as "valid but reportable" because you made the request via a stateless protocol, (UDP).

    The bottom line.... What port is getting through? Can you cut and paste an example of this with your IP address obfuscated?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    AO's Mr Grumpy
    Join Date
    Apr 2003
    Posts
    903
    Originally posted here by Tiger Shark
    We all are... Anyone who tells you they aren't is a lying Bastige......
    Ah, the learning cycle. Every day something new is introduced, hardware, software, bugs etc, etc etc. No matter how long you have been involved with computers, regardless of existing knowledge, qualifications and skills, I feel as if I am still just scraping the surface and, as it is impossible to know everything, it is possible to know where to look for the information required in most situations, and even that is a learning experience
    Computer says no
    (Carol Beer)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •