Hello
Ok I have been interested in Internet security for quite a while now but it is only recently that I have been really looking at my firewalls log file and today I have noticed something strange there is a huge amount of access attempts to port: 2089 from the same IP address 68.38.71.169 the access attempts came from various ports from the address in question ranging from port: 14957 to 28133 although Im not sure if that matters,
I am interested to know if I should Permanently block this IP address although all the attacks have already been blocked, and to know whether this seems like a possible attack?
the protocols that have been used to try and gain access are UDP and TCP (flags:S) although I’m not sure what flags:S means
the access attempts often alternate between the two,
I have 39 logged access attempts (which to me seems more than background noise)
a quick whois on the ip address returned this host c-68-38-71-169.hsd1.nj.comcast.net
that is as far as I have got,
could someone tell me if it is an access attempt and I should block it permanently or is it simply background noise and not an attack?
or could they simply point me in the right direction,
any help is much appreciated,
SYSTEM SPECS
MS Windows XP Home SP 2
Firewall: Zone Alarm Security Suit 6.1.737.000
anymore info needed please ask.
thank you
-NEXUS
Full Version: Possible Attack Or Background Noise?
Hi Nexus Mind 
Is this your ISP
If it is, you don't want to block it.
Is this your ISP
QUOTE
Server Used: [ whois.arin.net ]
68.38.71.169 = [ c-68-38-71-169.hsd1.nj.comcast.net ]
OrgName: Comcast Cable Communications Inc.
OrgID: CMCS
Address: 1800 Bishops Gate Blvd
City: Mt Laurel
StateProv: NJ
PostalCode: 08054
Country: US
NetRange: 68.32.0.0 - 68.63.255.255
CIDR: 68.32.0.0/11
NetName: JUMPSTART-1
NetHandle: NET-68-32-0-0-1
Parent: NET-68-0-0-0-0
NetType: Direct Allocation
NameServer: DNS.INFLOW.PA.BO.COMCAST.NET
NameServer: DNS.CMC.CO.DENVER.COMCAST.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-11-29
Updated: 2006-01-26
RTechHandle: IC161-ARIN
RTechName: Comcast Cable Communications Inc
RTechPhone: 1-856-317-7200
RTechEmail: CNIPEO-Ip-registration@cable.comcast.com
OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and Policy Observance
OrgAbusePhone: 1-856-317-7272
OrgAbuseEmail: abuse@comcast.net
68.38.71.169 = [ c-68-38-71-169.hsd1.nj.comcast.net ]
OrgName: Comcast Cable Communications Inc.
OrgID: CMCS
Address: 1800 Bishops Gate Blvd
City: Mt Laurel
StateProv: NJ
PostalCode: 08054
Country: US
NetRange: 68.32.0.0 - 68.63.255.255
CIDR: 68.32.0.0/11
NetName: JUMPSTART-1
NetHandle: NET-68-32-0-0-1
Parent: NET-68-0-0-0-0
NetType: Direct Allocation
NameServer: DNS.INFLOW.PA.BO.COMCAST.NET
NameServer: DNS.CMC.CO.DENVER.COMCAST.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-11-29
Updated: 2006-01-26
RTechHandle: IC161-ARIN
RTechName: Comcast Cable Communications Inc
RTechPhone: 1-856-317-7200
RTechEmail: CNIPEO-Ip-registration@cable.comcast.com
OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and Policy Observance
OrgAbusePhone: 1-856-317-7272
OrgAbuseEmail: abuse@comcast.net
If it is, you don't want to block it.
Hello,
Thank you for the reply.
No, my ISP is wanadoo, (That's the UK name not sure if it runs under a different name else where)
So do you think it is the correct thing to do to block it?
because although I've only just started really looking into internet security,
have been reading about compromised Windows based computers,
and obviously I'm not going to be blocking the (possible) attackers IP address because it will be spoofed,
So really what I mean is, is there much point in blocking this IP because they could just use another bot?
any thoughts?
-NEXUS
Thank you for the reply.
No, my ISP is wanadoo, (That's the UK name not sure if it runs under a different name else where)
So do you think it is the correct thing to do to block it?
because although I've only just started really looking into internet security,
have been reading about compromised Windows based computers,
and obviously I'm not going to be blocking the (possible) attackers IP address because it will be spoofed,
So really what I mean is, is there much point in blocking this IP because they could just use another bot?
any thoughts?
-NEXUS
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.