The environment and history:
We have a small home network. My computer (Windows XP SP3), My wife's computer (Windows Vista) and the kids' computer (Windows XP SP3) are connected to the router, and we have FiOS with Verizon. All computers have real-time MBAM. My wife's computer and the kids' computer have McAfee antivirus and firewall, I have Avast! 5 free antivirus and ZoneAlarm free firewall.
On Saturday afternoon my son was using the kids' computer to search the internet for a school project and for personal interests (music, anime, general teen interests). He does not use peer-to-peer networks, there is no piracy or porn (we check), but many of the sites he visits are run by amatuers and might easily have been hacked. Anyway, he noticed nothing unusual.
That night, after he turned off his computer, I turned mine on, picked up my email, and used Firefox to get to a couple forums. Almost immediately ZoneAlarm put up several alerts in very quick succession. I'll include a screenshot of the alert log, but these seem to be coming from our router and then an IP address that belongs to Verizon, and seemed to be trying to access Firefox. I denied these attempts because they were unfamiliar. There were a couple of flurries through the night, and then nothing.
My wife is responsible for her computer and the kids' computer, and the router (which we need for her business computer). Scans of the kids' computer with MBAM and McAfee turned up nothing, but (and this was serendipity) we had been planning to replace the kids hard disk (40 GB) with a larger drive, and had cloned the drive several days earlier. She went ahead and replaced the drive.
She also disconnected the router, rebooted it, and changed the password.
I scanned my computer with MBAM (a full scan), Avast! (a full scan) and ran a boot scan with Avast! -- all came up clean.
My next session with Firefox was uneventful, but I used Firefox later that evening and got another flurry of alerts -- again, mostly pairs of alerts from our router and the Verizon address, but also one address that seems to belong to Microsoft. Since then I continue to get short flurries of these alerts -- all from the router and Verizon.
Like any halfway knowledgeable Windows user, I'm paranoid. I don't like new behaviors that appear to happen for no reason. Can anyone tell me if these attempts might be legitimate? Could my son have had our IP address logged by someone who is now trying to get "into" our computers? Can IPs be faked, or are these likely to be really from Verizon and Microsoft? Why haven't I seen them before?
And any other ideas would be welcome. BTW, my wife's computer and the kids' computer aren't giving alerts, but I don't know if my wife has them set to silence alerts.
(Hmmm -- I can't see how to attach the screenshot. I'll add a link.)
Here's the screenshot of the log. The items below the red line are from my first Firefox session, the items above the line are from the next day. There have been a few more flurries since them, but not every time I'm online.
Edited by Capn Easy, 15 June 2010 - 11:22 PM.