I have been hanging around antionline for a while trying to learn a little about computer security and how to apply it to my own box but I am new to this, so please bear with me
My ISP using rotating IPs and I have been monitoring the requests the receive in my ZoneAlarm log. Usually they appear to be more or less random background noise or requests associated with P2P programs but occassionally I will receive repeated access attemps from the same source or from a few different sources on the same port, even though the port doesn't seem to be associated with anything in particular. Here is the latest :
Source :220.127.116.11:xxxx hsd1.il.comcast.net (Australia)
Destination : port 10169 (shows up as unassociated in Shield's Up)
I receive upwards of one attempt every minute.
I have been playing with Ethereal but am lead to believe that it can't sniff packets outside a firewall and I am reluctant to disable it to see what this might be.
My question is : what is this intruder up to ? What was the last person with this IP up to ? How can I find these things out ?
DSL line, Win Xp, Zone Alarm