What are these odd connection attempts?
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: What are these odd connection attempts?

  1. #1
    Junior Member
    Join Date
    Mar 2006
    Posts
    5

    What are these odd connection attempts?

    Sometimes I get strange connection attempts in my firewall IP addresses always looking to access my system or leave it through port 137 mostly but there are a few others but mostly this one. I always click deny and usually just click to make the rule permanent. I was told that these are most likely port scans from an average joe and nothing to worry about but, I was wondering if there was anything I could do to stop them for good like messege the scanner "What do you want from me?".


    Here are 2 that popped up while typing this messege before I edited to make them permanent

    221.211.255.11 connect out through 137

    Someone from ip248-237-59-62.adsl.versatel.nl [62.59.237.248], port 1095 wants to send UDP datagram to port 137 owned by 'SYSTEM' on your computer.

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Well, the incoming stuff would probably be internet worms coming from infected machines.

    The outgoing stuff is more of a concern. I would suggest that you update your AV, boot into safe mode and run it. That IP is apparently in China!

    Then get

    1. Ewido
    2. Spybot Search & Destroy
    3. A-Squared
    4. AdAware

    Update them and run them in safe mode.

    I suspect that the Dutch one is some sort of advertising pop-up.




  3. #3
    Junior Member
    Join Date
    Mar 2006
    Posts
    5
    Originally posted here by nihil
    Well, the incoming stuff would probably be internet worms coming from infected machines.

    The outgoing stuff is more of a concern. I would suggest that you update your AV, boot into safe mode and run it. That IP is apparently in China!

    Then get

    1. Ewido
    2. Spybot Search & Destroy
    3. A-Squared
    4. AdAware

    Update them and run them in safe mode.

    I suspect that the Dutch one is some sort of advertising pop-up.




    I have AVG free edition and avast anti virus both of them havent found anything in months. I used to have some trojans before I got a firewall and learned how to use it pretty well. I also have spybot and adaware but I have never heard of ewido and a-squared. I'll get those two and update them then I'll boot to safe mode and use them all. This is what I need to do right?

  4. #4
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Greeting's

    Get an online scan done at either Trendmicro or Microsoft

    1. http://housecall.trendmicro.com

    2. http://ideas.live.com/

    If you have XP disable system restore. DO NOT RUN 2 ANTI-VIRUSES AT THE SAME TIME. Stick to anyone one you like and do you have a firewall ?

    Go to your network connetion and see that NetBios is disabled over TCP/IP if it isnt do it now.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Well, did you update them and run them in safe mode? They might not catch something that has already started.

    I would also clear your browser cache and check your cookies, BHOs etc (use the "tools" option in Spybot for this)

    Ewido and A-Squared are pretty good. Unfortunately you cannot rely on just one product these days. Yes, update them and run them in safe mode.

    You might also try an online scanner such as Trend Micro's "Housecall"

    The incoming stuff is not much to worry about it is the outgoing ones that worry me.


  6. #6
    Senior Member
    Join Date
    Feb 2002
    Posts
    856
    I was wondering if there was anything I could do to stop them for good like messege the scanner "What do you want from me?".
    You really don't want to do that, or do anything like scanning them in return. It will just let them know they have a "live target." Port scanning is an attempt to find targets. Don't make it easy for them.
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Preacherman is right, and, as most of this traffic is from bots and worms your message would not be read anyway

  8. #8
    Junior Member
    Join Date
    Mar 2006
    Posts
    5

    I have win98 and kerio

    I did a scan with all of the scanners I can some didnt allow win98 I did them in safe mode and even the one from trendmicro and still didn't find anything. On my computer I just made the rule for the system one trying to connect out to deny it. I'm using kerio 2.1.5. .

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Do your logs tell you what programs, etc that are trying to make the outward connection?

  10. #10
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Greeting's

    Is your system all patched up ? Have you disabled NetBios ?

    Kerio 2.1.5 is a very old verion and is affected with 6 vulnerablities out of which *3 ARE UNPATCHED*, One of them is a program exicution protection bypass vunerablity. There are no patches of it and the only way you can be more secure is to either upgrade to 4.2.3.912 (http://www.sunbelt-software.com/Kerio.cfm)

    Have you disabled any one of your anti-viruses ? Also I have never used kerio but anyway go thoroug the help file or if you know creat 2 new rules

    1. Disable all additional protocol except TCP, UDP.
    2. Close ports like 137, 139 etc with a specific rule

    If you can buy a new firewall then buy the one you like or go through the Firewall and honeypot forum and decide on any one.

    Disable activex in your browser if you have IE. Win98 is a very old operation system if i were you i would upgrade. Or if you want use any other browser except IE. If you use firefox i would advise you to get the Noscript plugin

    Post a Hijackthis Log we can give you more information after that.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •