I am getting hits on my port 1026 from china. Although I have turned off messenger service this bothers me. Is this something that I should be concerned about?And how would I go about stopping it?
Printable View
I am getting hits on my port 1026 from china. Although I have turned off messenger service this bothers me. Is this something that I should be concerned about?And how would I go about stopping it?
Turned it off on your hardware firewall, or system firewall?
Concern: You can be as concerned as you want, it won't do you much good though. Unless you *like* ulcers. ;)
What to do: Short of declaring yourself Ghengis Khan reincarnated and defeating the People's Republic of China, there ain't much you can do.
Generally these sorts of things are considered 'background noise' on the 'Net these days, and don't warrant much more than low level dilligence to make sure they haven't become real threats. Keep the ports closed, continue to watch for activity, and ignore it.
Hope that helps. Welcome to AO.
zencoder say it all, good advice, but tell chinese to f*** off. Your port stay your port. 1026 velly good vintage. Keep to self. Tell chinese to stick with shitty tea and rice wine :DQuote:
Originally posted here by dodd3256
I am getting hits on my port 1026 from china. Although I have turned off messenger service this bothers me. Is this something that I should be concerned about?And how would I go about stopping it?
I actually went back and looked at my log. It's getting through my ISP's but not through my router.
So I will not fret too much over this then. It's happened kinda frequently over the kast couple of hours, but if there is nothing that I can do, aside from getting an ulcer, than I am not going to worry about it too much.
If you're worried about this wait till someone does a full blown NMap scan against your computer..... The poor router will light up like a Xmas tree..... ;)
Is THAT what all those blinky lights mean? Wow...Quote:
Originally posted here by Tiger Shark
If you're worried about this wait till someone does a full blown NMap scan against your computer..... The poor router will light up like a Xmas tree..... ;)
dodd, don't get an ulcer. The fact that you saw this and asked the question shows you are already thinking along the right lines. Don't sweat the small stuff, and this is small stuff. We've stopped reporting scans and probes here, unless they meet certain rules that show it is a 'more engaged' attempt to reconoiter the network. There's just too many, and it's worthless info at that point. Keep an eye on it, but file it as "just one of those things".
/* Edit */
<== 399th post! Does my monitor open up in a confetti explosion and I get fabulous parting prizes when I hit 400?!?!? Ooooh! Aaaaah! :p
You guys crack me up! Sorry for the paranoria, I am kinda new to this ans still in that learning cycle. I do have a question.
My log for my router shows that they are getting through on IP 70.1xx.xxx.xxx UDP. How does this work through my router?
Is this what the scan is seeing, not my static IP for my computer?
Even paranoids have enemies. :lildevil:Quote:
Originally posted here by dodd3256
You guys crack me up! Sorry for the paranoria, I am kinda new to this ans still in that learning cycle. I do have a question.
Depends on what port/service they are using with UDP. I mean, the point of a router is to direct traffic (and more recently, as in the definition of 'firewall', to make judgements on if/how to direct the traffic based on its content/behavior). So you have to be allowing some sort of inbound access. Otherwise, there's no point. Communication is 2 way, so there has to be outbound and inbound allowed in SOME way. What is allowed inbound? What ports do those inbound protocols use?Quote:
My log for my router shows that they are getting through on IP 70.1xx.xxx.xxx UDP. How does this work through my router?
We all are... Anyone who tells you they aren't is a lying Bastige...... ;)Quote:
and still in that learning cycle
I'm assuming your router is "stateful" which most are nowadays. A stateful router/firewall is one that looks at the state of the connection and determines if the traffic is valid. Basically that means it looks to see if _you_ initiated the connection... If you did it will allow the inbound traffic. If you didn't then it will block the traffic as "unsolicited" and therefore unwanted....
The problem here is that you haven't given us enough information because UDP is a "stateless" protocol. What that means is that TCP, being stateful, has a whole connection sequence it goes through before the computers can talk to each other. Once that sequence, (the "Three Way Handshake"), has been gone through then the connection has a "state" known as "established". UDP is different... It "throws" a packet at the target and forgets about it.... It doesn't care if the target receives the packet or not. There are several common communication methods, including DNS, that work on UDP. In the case of your router you may have made a DNS request under UDP and this may be the returning packet that your router will see as "valid but reportable" because you made the request via a stateless protocol, (UDP).
The bottom line.... What port is getting through? Can you cut and paste an example of this with your IP address obfuscated?
Ah, the learning cycle. Every day something new is introduced, hardware, software, bugs etc, etc etc. No matter how long you have been involved with computers, regardless of existing knowledge, qualifications and skills, I feel as if I am still just scraping the surface and, as it is impossible to know everything, it is possible to know where to look for the information required in most situations, and even that is a learning experienceQuote:
Originally posted here by Tiger Shark
We all are... Anyone who tells you they aren't is a lying Bastige...... ;)
The only thing that I can see that might possibly have caused this was an outbond UDP off of my port 137. This was right after my router IP let in a inbounf UDP to port 1027.
But I also see that there were two other instances of inbound UDP to port 1026 and 1027. These were the first ones that were logged after installing the log viewer software. If it was doing it before than I have no idea.
Should I install zone alarm or some kind of firewall software. I am running XP SP2 and running the Windows firewall.
As far as what is being let inbound, I don't know. I guess that this is my fault because I haven't yet learned how to set up the router to let what ports get through and which ones don't get through. But that is the only outbound UDP I see.
I hope this helps. I can download points where the input and output was.
At least you reach a point where the "critical" mistakes are less likely. But learn we must. Technology and inovation evolve exponentially.Quote:
Anyone who tells you they aren't is a lying Bastige......
I have contemplated blocking the entire asian IP block. Many many times.
If you left the router, (what make and model is that by the way?), in it's default configuration you should be just fine....
If you messed with it there a way to reset it to factory default.... Read the little "booky" thing that came with it and reset it.... You'll be peachy... ;)
OK. I think I got it.
I was using a text program that I had setup with an included FTP client that I could use to log into my web site and work on files. The firewall had given it access. I removed the program from the firewall.
Now my router is blocking the incoming UDP to my ports again. I am HOPING that this is what was the problem. I shall have to monitor the log a bit and see. I do see that the china guy tried to probe that port agin, and was blocked. So hopefully that is done with.
Could a program such as this open the FTP port and leave it wide open like that? Even when I am not using it?
And is there a way to see this in action, or look at a log to see what happened?
Thanks for the help. I come here all the time and read almost everthing that I can. Great site!
No, ftp is a service on machines running it and just a utility for everyone else. Service runs on port 21, opening an ftp connection will pick a port anywhere above 1024 and netstat -a will show all connections.