Possible Attack Or Background Noise?

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post.

- BleepingComputer Management

BleepingComputer.com > Security > AntiVirus, Firewall and Privacy Products and Protection Methods

Possible Attack Or Background Noise?, Firewall: Zone Alarm: 6.1.737.000

Options

Nexus Mind View Member Profile	Mar 13 2006, 06:13 PM Post #1
New Member Group: Members Posts: 8 Joined: 2-February 06 From: Boston, England Member No.: 53,414	Hello Ok I have been interested in Internet security for quite a while now but it is only recently that I have been really looking at my firewalls log file and today I have noticed something strange there is a huge amount of access attempts to port: 2089 from the same IP address 68.38.71.169 the access attempts came from various ports from the address in question ranging from port: 14957 to 28133 although Im not sure if that matters, I am interested to know if I should Permanently block this IP address although all the attacks have already been blocked, and to know whether this seems like a possible attack? the protocols that have been used to try and gain access are UDP and TCP (flags:S) although I’m not sure what flags:S means the access attempts often alternate between the two, I have 39 logged access attempts (which to me seems more than background noise) a quick whois on the ip address returned this host c-68-38-71-169.hsd1.nj.comcast.net that is as far as I have got, could someone tell me if it is an access attempt and I should block it permanently or is it simply background noise and not an attack? or could they simply point me in the right direction, any help is much appreciated, SYSTEM SPECS MS Windows XP Home SP 2 Firewall: Zone Alarm Security Suit 6.1.737.000 anymore info needed please ask. thank you -NEXUS This post has been edited by Nexus Mind: Mar 13 2006, 06:16 PM -------------------- The True… Uncorrupted Gospel… of the “Anarchic Sky”

Jacee View Member Profile	Mar 17 2006, 11:28 PM Post #2
Bleeping entraÎner Group: HJT Team Coach Posts: 1,700 Joined: 24-September 04 Member No.: 2,990	Hi Nexus Mind Is this your ISP QUOTE Server Used: [ whois.arin.net ] 68.38.71.169 = [ c-68-38-71-169.hsd1.nj.comcast.net ] OrgName: Comcast Cable Communications Inc. OrgID: CMCS Address: 1800 Bishops Gate Blvd City: Mt Laurel StateProv: NJ PostalCode: 08054 Country: US NetRange: 68.32.0.0 - 68.63.255.255 CIDR: 68.32.0.0/11 NetName: JUMPSTART-1 NetHandle: NET-68-32-0-0-1 Parent: NET-68-0-0-0-0 NetType: Direct Allocation NameServer: DNS.INFLOW.PA.BO.COMCAST.NET NameServer: DNS.CMC.CO.DENVER.COMCAST.NET Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 2001-11-29 Updated: 2006-01-26 RTechHandle: IC161-ARIN RTechName: Comcast Cable Communications Inc RTechPhone: 1-856-317-7200 RTechEmail: CNIPEO-Ip-registration@cable.comcast.com OrgAbuseHandle: NAPO-ARIN OrgAbuseName: Network Abuse and Policy Observance OrgAbusePhone: 1-856-317-7272 OrgAbuseEmail: abuse@comcast.net If it is, you don't want to block it. This post has been edited by Jacee: Mar 17 2006, 11:29 PM -------------------- *MS MVP Windows-Security 2006-2008* *Member of UNITE, the Unified Network of Instructors and Trusted Eliminators* Admin PC Pitstop

Nexus Mind View Member Profile	Mar 18 2006, 02:39 AM Post #3
New Member Group: Members Posts: 8 Joined: 2-February 06 From: Boston, England Member No.: 53,414	Hello, Thank you for the reply. No, my ISP is wanadoo, (That's the UK name not sure if it runs under a different name else where) So do you think it is the correct thing to do to block it? because although I've only just started really looking into internet security, have been reading about compromised Windows based computers, and obviously I'm not going to be blocking the (possible) attackers IP address because it will be spoofed, So really what I mean is, is there much point in blocking this IP because they could just use another bot? any thoughts? -NEXUS This post has been edited by Nexus Mind: Mar 18 2006, 02:40 AM -------------------- The True… Uncorrupted Gospel… of the “Anarchic Sky”

« Next Oldest · AntiVirus, Firewall and Privacy Products and Protection Methods · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 22nd November 2008 - 03:13 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides