Below is a common thing for my firwall everytime a log on a trace this UNSOLICETED ATTACK/REQUEST back to china/bejing area, i have been getting this unsoliceted request for about 3 weeks, it is only on this machine ,when I get online, I have scanned and rescanned, I have posted HJT logs and everything I could think of, yet everyone claims my machine is clean?

My concern is "why does this happen"? it almost as if there is some malware in here trying to "call home" you know?

2005/05/13 09:35:58 222.77.185.242:60840 216.203.252.150:1027 Port 1027 (UDP)

2005/05/13 09:35:58 222.77.185.242:60840 216.203.252.150:1027 Port 1027 (UDP)

2005/05/13 09:35:58 222.77.185.242:60840 216.203.252.150:1026 Port 1026 (UDP)

2005/05/13 09:39:35 61.172.249.200:32831 216.203.252.150:1026 Port 1026 (UDP)


2005/05/13 09:39:43 61.129.34.19:1195 216.203.252.150:1434 Microsoft-SQL-Monitor


2005/05/13 09:46:11 61.129.94.146:0 216.203.252.150:0 ICMP Ping



If you look this has all happening in the time it took me to post this, I am really worried?

It always traced back to the Bejing area in China...

This is not just a normal scanning of ports, (tell me so if I am wrong) I dont know that much about this so I am turning to your folks who know a lot more than me about this issue anyone tell what this means?










2005/05/13 09:19:00

64.102.120.188:23044


216.203.252.150:1026 Port 1026 (UDP)