Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I Being Probed?


  • Please log in to reply
3 replies to this topic

#1 Capn Easy

Capn Easy

  • Members
  • 597 posts
  • OFFLINE
  •  
  • Location:New Jersey
  • Local time:06:29 PM

Posted 15 June 2010 - 11:11 PM

Since Saturday my Firewall, ZoneAlarm free version, has been giving me a bunch of new alerts. They come in flurries, and all indicate that either our router or my Internet Provider (Verizon) is trying to access and use Firefox as a server.

The environment and history:

We have a small home network. My computer (Windows XP SP3), My wife's computer (Windows Vista) and the kids' computer (Windows XP SP3) are connected to the router, and we have FiOS with Verizon. All computers have real-time MBAM. My wife's computer and the kids' computer have McAfee antivirus and firewall, I have Avast! 5 free antivirus and ZoneAlarm free firewall.

On Saturday afternoon my son was using the kids' computer to search the internet for a school project and for personal interests (music, anime, general teen interests). He does not use peer-to-peer networks, there is no piracy or porn (we check), but many of the sites he visits are run by amatuers and might easily have been hacked. Anyway, he noticed nothing unusual.

That night, after he turned off his computer, I turned mine on, picked up my email, and used Firefox to get to a couple forums. Almost immediately ZoneAlarm put up several alerts in very quick succession. I'll include a screenshot of the alert log, but these seem to be coming from our router and then an IP address that belongs to Verizon, and seemed to be trying to access Firefox. I denied these attempts because they were unfamiliar. There were a couple of flurries through the night, and then nothing.

My wife is responsible for her computer and the kids' computer, and the router (which we need for her business computer). Scans of the kids' computer with MBAM and McAfee turned up nothing, but (and this was serendipity) we had been planning to replace the kids hard disk (40 GB) with a larger drive, and had cloned the drive several days earlier. She went ahead and replaced the drive.

She also disconnected the router, rebooted it, and changed the password.

I scanned my computer with MBAM (a full scan), Avast! (a full scan) and ran a boot scan with Avast! -- all came up clean.

My next session with Firefox was uneventful, but I used Firefox later that evening and got another flurry of alerts -- again, mostly pairs of alerts from our router and the Verizon address, but also one address that seems to belong to Microsoft. Since then I continue to get short flurries of these alerts -- all from the router and Verizon.


Like any halfway knowledgeable Windows user, I'm paranoid. I don't like new behaviors that appear to happen for no reason. Can anyone tell me if these attempts might be legitimate? Could my son have had our IP address logged by someone who is now trying to get "into" our computers? Can IPs be faked, or are these likely to be really from Verizon and Microsoft? Why haven't I seen them before?

And any other ideas would be welcome. BTW, my wife's computer and the kids' computer aren't giving alerts, but I don't know if my wife has them set to silence alerts.

(Hmmm -- I can't see how to attach the screenshot. I'll add a link.)


Here's the screenshot of the log. The items below the red line are from my first Firefox session, the items above the line are from the next day. There have been a few more flurries since them, but not every time I'm online.


Posted Image

Edited by Capn Easy, 15 June 2010 - 11:22 PM.


BC AdBot (Login to Remove)

 


#2 Capn Easy

Capn Easy
  • Topic Starter

  • Members
  • 597 posts
  • OFFLINE
  •  
  • Location:New Jersey
  • Local time:06:29 PM

Posted 18 June 2010 - 01:08 AM

Just wanted to bump this up and take one last chance.

The "flurries" have subsided slightly. When I get alerts it's usually only a few, but they come all at once. They also happen almost exclusively in a window from a couple hours before midnight to a couple hours after midnight -- never in the morning or afternoon.

Any ideas?

Anyone?

#3 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:05:29 PM

Posted 18 June 2010 - 06:44 PM

All the blocked connections are to your router or to Verizon(ISP). All the remote ports are 53 (DNS). It appears that you are using Verizon's Domain Name Servers and they are trying to connect back to you. Nothing suspicious about it.

Only one IP's remote port is 123, but that is from Microsoft's time server. Your computer is trying to synchronize with Windows time server. Again no problems.

One thing I can detect from these is that your router is accessible from outside IP address. You need to enable NAT and Firewall in your router to block, just anyone to connect to any port of your system.

#4 Capn Easy

Capn Easy
  • Topic Starter

  • Members
  • 597 posts
  • OFFLINE
  •  
  • Location:New Jersey
  • Local time:06:29 PM

Posted 20 June 2010 - 02:30 AM

Thanks, Romeo29! I was concerned because I've gone many months without any unusual alerts, and I was suspicious that I was suddenly getting so many, so fast.

As far as the router goes, I'll bring it up with my wife. She needs it for her business computer, so it's her responsibility. I do know that other company computers have to have access to hers, but I don't know if she can fine-tune it.

Thanks again! :thumbsup:

Edited by Capn Easy, 20 June 2010 - 02:32 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users