Results 1 to 7 of 7

Thread: Firewall going nuts..

  1. #1

    Question Firewall going nuts..

    Ok people i logged into AO just before, and my firewall started going crazy.
    Anyhow i've attached two screen dumps of the information.
    Just wondering before i make a complaint to the possible attackers ISP. Is the firewall going bananas because of AO trying to connect to a port i've closed?
    Or is there something sinister going on

    Any sort of imput would be handy, as this has never happened before when i log into AO..


  2. #2
    AntiOnline Senior Medicine Man
    Join Date
    Nov 2001
    Perhaps there is something infecting Iexplore, or set to run when ever you run iexplore. I dont think this has anything to do with Antionline. Have you checked to see if you are listening on 1027. Run a quick netstat -a. If you are listening, then you may be infected with something. Other than the obvious, run a virus scan, start monitoring bandwidth usage, and sniff packets regularly on your local machine, until you figure out what this is all about.
    It is better to be HATED for who you are, than LOVED for who you are NOT.

    THC/IP Version 4.2

  3. #3
    Senior Member
    Join Date
    Apr 2003
    So are those trojans on your computer? If their not, then that's probably just a random netwide scan for trojans somebodies making. Nothing to really worry about, as long as you do block those ports. If you get any more activity from those specific addresses, you may as well block their address.

    Sounds like random scan traffic to me, nothing to worry about unless you get a whole lot more.


  4. #4
    Thanks people, i'm sorry it has taken me this long to respond.
    But unfortunatly after further investigating and reading.
    I found to my dismay that my box was being used as a Zombie..
    So hopefully by formatting the hard disk and doing a clean re-install of all Os on the network the problem at hand should be fixed..

    Anyhow after starting this thread, i started recieving large amounts of traffic through the firewall, so i did as Dr Toker suggested and ran a quick netstat -a and i was amazed at what i found.
    There were at least 2 strange connections.
    I've traced the strange connections back to there origin, and hopefully i have found the people involved in turning my Box's into Zombies.
    I have sent e-mails to the relevant ISP and hopefully i will recieve some kind of reply back..

    So thanks to the those that helped both on this thread and via Pm's.


  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Rotterdam, Netherlands
    Just checked the offending IP and it looks a lot like an open proxy. Somebody probably abused it to scan you. Send an email to the abuse address informing them of an open proxy on their network and have them shut it down.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Well i sent an e-mail to the Company that issued that IP, i haven't heard anything back, + i also lodged a complaint with another company..
    I received a reply and they asked for evidence.
    So i sent both screen dumps plus some other info that i collected from my Box's. So hopefully they should reply back soon, as i'm eager to find out what they heck the moron was up to..


  7. #7
    Join Date
    Jun 2002
    just asking :
    what firewall do you use ?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts