May 5th, 2005, 08:44 PM
PORTS are listening is this normal? what is normal?
Hi, just got registered,I hope this is the right place for this poat, I have aTRIAL version Mcafee firwall using it till it expires(gonna get ZonealarmPRO after that---)anyway,
I have been getting my PORTS scanned/i guess or PINGED?... I did a trace back to a CHINA RAILROAD SERVER near Bejing? Then, I started to trace/sending a ping, then I would get just 1 back, i sent 2 then I got 2 back etc... it was as if someone was on the other end watching me???
So now I am paranoid they turned my computer into a "BOT"????
I scanned it seems clean nothing unsual ,no excessive traffic,in or out.
My questions is i have noticed my PORTS from "roughly 33,000---to--45444 have been requested to contact? I am guessing this might have something to do with this SOBER worm going around?, well it is right?....? anyway I have it all archived and saver as logs,
IS THIS NORMAL INTERNET TRAFFIC? SHOULD i BE PARANOID?
THEN RIGHT STARTING A FEW DAYS AGO I HAVE BEEN SENT THE SOBER Virus Advisory
W32/Sober.p@MM is a Medium Risk viruS AS OF MCAFEE TODAY, ANY WAY IT STARTED AS LOW BUT NOW IS SLOWLY CLIMBING?
i HAVE not BEEN INFECCTED WITH IT AND i HAVE RAN MANY SCANS TO QUADRUPLE CHECK ,
i WANT TO LEARN ABOUT ALL THOSE REGITRIES I AHVE IN MY xp hOME SYSTEM,ETC,...?
anyonw have any comments suggestions or advice to relieve me? I guess all this stuff I have watch for several years with my zone alrm free version but now with my new system I never really paid attention to all the alerts until the TRIAL VERSION from McAfee,...so any knowledge is greatful???
May 5th, 2005, 08:51 PM
Slow down. You seem a little paranoid now that you can see what is actually happening over your network connection.
You said you pinged them once and got a response and then pinged them twice and got two. This is... how ping works. You ping and get a response. If you mean you pinged them and then they pinged you, it might just be a script on their end to respond to pings.
As far as getting scanned on those high port numbers, its probably just stuff trying to spread through the net. No specific application. A lot of trojans listen on these ports and they're checking to see if you're infected. Its mostly computerized so don't feel like you're being targetted. Just keep that firewall going and you'll be in good hands.
May 5th, 2005, 09:03 PM
OK, Thanks,yes I got a millions questions, ha ha, OK, I would NOT dream of getting online without a firewall of some sort,is it normal for my SYSTE PROCESS to be liste 8 diffrent times for listening on port 2639 i think it was/? I read all the HELP files with the FirewallMcafee program but they dont get very specific?... Ok Im gonna kick back and read the replies, if I get anymore,...
May 5th, 2005, 09:12 PM
You can visit http://www.iana.org/assignments/port-numbers to find out what specific port numbers might be used for. That one is listed as AMInet. You said you're not sure about the number so I won't assume that that is for sure, but give that a go.
May 5th, 2005, 10:32 PM
Slow down and try keeping your thoughts organized and spelling in tact. I am horrible with anything having to do with grammar, but have realised you will get many more responses if your posts are easily readable.
start by turning on the firewall. that will close all non-necessary ports, then one by one you can open the ones you need. simple. And in addition to your firewall have an anti-virus running. AVG is great and free. There are thousands of virus warnings that go out all the time, becasue new viruses come out every day, most wont matter, they are just notifications. There are TONS of threads here about how to secure your box, I suggest reading those.
May 5th, 2005, 10:46 PM
I should probably be negged for this but I just found it funny....
Slow down and try keeping your thoughts organized and spelling in tact.
There's no space in the word intact.....
You are suffering the same information overload that everyone who runs a software firewall does when they first fire it up..... There's just too much information for the non-geek person to deal with sensibly. All you need to do is make sure that your firewall is running and that you haven't altered any of the default settings and you'll be fine...
Take deep breaths and get a beer from the fridge....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
May 5th, 2005, 11:28 PM
Intact? That's what XTC46 meant? I read it as written and thought it very appropriate!
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
May 5th, 2005, 11:48 PM
It seems to me, that your questions were twofold:
This one has been thoroughly answered - follow the
advices. Just in general: Incoming traffic, ie traffic
you have not requested, is daily business. Don't panic
Usually, configure your firewall such that everything incoming
is dropped - except you have a server running, and you know
what you are doing.
Nowadays, personal firewalls also can be configured
to disallow outgoing traffic. Which kind of outgoing
traffic is fine? Standard-approach: Disallow everything
and allow step by step. But what about such obscure request
from SYSTEM and svchost.exe? See below.
In a standard installation (which OS?), there always
are listening ports. Often, in particular for stand-alone
machines (machines not in a LAN), most are not needed.
Find a tutorial, which explains how to disable most
of them. It will also give advice, which obscure request
from SYSTEM and svchost.exe should be allowed.
It seems to me, that you have some experience (SYSTEM
listening on port so and so, Pinging etc.) In case you
have problems, pm me or post here.
Final comment: It feels strange to me, that SYSTEM is listening
on Port ~2639. Ok, it refers to AMInet - but do you actually
have an AMInet server running? And if so - why is not the
AMInet server listening there? Which services (services.msc)
are running? Which software is installed? Which programs are
running (eg. taskmanager, msconfig)? Try to check it - try
to use the tools mentioned in the tutorial
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
May 6th, 2005, 01:17 AM
"Do as i say, not as I do"
May 6th, 2005, 05:24 PM
I got back on this morning and NOW my Firewall is gone!
OK,..OK, good advice from everybody,Now I log on this morning and NO McAfee,or , well I got it back on turns out it was a scheduling conflict with SPYBOT,
Anyway as far as the ports on my computer they are ALL stealth,so if this is the case everything is copacetic.(this is correct spelling if not please advise as this word is rarley listed in ANY dictionary.