Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Repeated requests at port 10169

  1. #11
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Zone a'lama comes in VERY handy when traveling with a laptop. Who know what lurks in yonder airports.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  2. #12
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    1. The IP info came from AntiOnline IP finder.
    as others, no comment on this

    2. Nothing out of the oridinary running (as per Hijack This).
    But the question asked, what programs are running when this happens?

    What I am getting at here with this question is were you running something during, or just prior to these entries? Could you have been running some type of game or other that you shut down just prior?

    It is an unusual port. What protocol ( type of packet : ZA tells you that ) ?
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  3. #13
    Senior Member hesperus's Avatar
    Join Date
    Jan 2005
    Posts
    416
    It is TCP protocol, as I said earlier.

    I really don't think it is related to any program I am running. The hits started as soon as I logged on with this particular IP and now have stopped since I have been assigned a new one. I used Fport as you suggested and it shows nothing at that port. The only things I had running were my mail program (uses different ports), AVG, ZA, and thats about it.

    I am not sure if I can open a specific port in ZA but it does allow me to designate a certain incoming IP as friendly, which would in effect open the port it knocks at, I assume. I was tempted to do this for just a minute with Ethereal running but I don't know enough about what might be on the other side or what harm it might cause. I probably should have just done it but thought I might regret it. Thus I asked the question here. Better than asking how to clean up a screwed up system, I thought : )

    Zencoder, no offense taken. As I said, I am new to this and still figuring things out. I keep everything updated and check for malware and viruses regularly. So far no major problems. Can you tell me a bit more about why I should be using a router ?

    As I said, my IP has changed today and so far no hits at that port. I have burned Knoppix as suggested. I will experiment a little and be ready for next time.

    Thanks all for the help. (Its 'he', by the way)

  4. #14
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    It is TCP protocol, as I said earlier.
    I was interested in the flags, but that's ok

    The hits started as soon as I logged on with this particular IP and now have stopped since I have been assigned a new one
    Then it sounds like the computer that had that dynamic addy before you may have been running something on that port, old connections trying to reconnect to it.
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  5. #15
    Senior Member hesperus's Avatar
    Join Date
    Jan 2005
    Posts
    416
    It said 'flag:S'.

    What you say is what I assumed but I was interested in the odd port number. I am not concerned about it, only wanted to figure out as much as I can so I can understand how things work. Every other hit I looked into was explicable. Thanks to the suggestions given I think I can sniff the packet a couple of differnet ways if it happens again.

    Have got Knoppix running and will look into a router.

    Just trying to learn.

    PS.

    My family owns garage and I know how little most know about the vehicles that are so central to their lives. So it is with computers. If you don't have some understanding of those little squeeks and rattles, even though they may be insignificant, your general ignorance is likely to leave you stranded when you least want to be. I give my automotive advice on other forum sites and I am happy to be able to glean some computer advice here.

  6. #16
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    which would in effect open the port it knocks at
    No... It won't.... Please make sure you understand this. It will allow packets sent to that port to reach the port - which is closed. That is significantly different from "opening" the port which means that a service is listening and will respond to a SYN packet with a SYN/ACK. As it is the SYN will reach the port which will respond with an RST packet as it is supposed to.... This will however allow the WinPcap driver to see the packet and log it. However, since this is a simple SYN packet there will most probably be nothing much to be learned from it unless it carries data, which it isn't _supposed_ to. There are however some sneaky forms of malware that only require the data encapsulated in a SYN packet to activate and target them..... In this case I doubt it is anything more than a basic SYN packet trying to contact a "service" it thinks is still at your address.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •