Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Outgoing Firewall Log


  • Please log in to reply
No replies to this topic

#1 Willo2010

Willo2010

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:10:39 AM

Posted 01 July 2010 - 09:35 AM

Hi, I hope you can help me with my problem, my PC is running Vista Business SP2 and lives on a network behind a Multitech Router on which nearly all outgoing ports are blocked.

The logs for the router have recently started showing the ip of this machine (10.0.0.65) making multiple Outgoing attempts (every few seconds) to access a number of IP addresses on seemingly random port numbers (sample of log below).

I have tried tracing some of these ip addresses to find they are located in various countries like China, Germany, Australia etc. Some are listed in WHOIS as "known bad sites"

The machine is installed with Symantec Endpoint Protection (11.0.6005.562) which has never reported anything unusual

I have recently installed PC Tools Spyware Doctor+AV which has blocked a few attempts to contact sites quoting "Worm.Bobax" although it never found any actual infection.

I have also run SpyBot S&D which found nothing

I installed and ran a full scan with Malawarebytes (1.46) - again nothing found

Basically I have now run out of ideas and any help would be greatly appreciated.

Many Thanks in advance

===================================

Sl No Date & Time Source IP Destination IP Protocol Source Port Destination Port Remarks

1 Jul 1 15:15:32 10.0.0.65 108.21.32.131 TCP 50638 9759 -
2 Jul 1 15:15:23 10.0.0.65 108.21.32.131 TCP 50638 9759 -
3 Jul 1 15:15:11 10.0.0.65 24.8.188.74 TCP 50633 5113 -
4 Jul 1 15:15:02 10.0.0.65 24.8.188.74 TCP 50633 5113 -
5 Jul 1 15:14:50 10.0.0.65 67.111.16.66 TCP 50632 64444 -
6 Jul 1 15:14:41 10.0.0.65 67.111.16.66 TCP 50632 64444 -
7 Jul 1 15:14:29 10.0.0.65 193.35.132.13 TCP 50631 24951 -
8 Jul 1 15:14:20 10.0.0.65 193.35.132.13 TCP 50631 24951 -
9 Jul 1 15:14:08 10.0.0.65 72.220.201.92 TCP 50630 24048 -
10 Jul 1 15:13:59 10.0.0.65 72.220.201.92 TCP 50630 24048 -
11 Jul 1 15:13:20 10.0.0.65 203.213.127.215 TCP 50624 38706 -
12 Jul 1 15:13:17 10.0.0.65 203.213.127.215 TCP 50624 38706 -
13 Jul 1 15:12:59 10.0.0.65 125.212.63.14 TCP 50623 43720 -
14 Jul 1 15:12:56 10.0.0.65 125.212.63.14 TCP 50623 43720 -
15 Jul 1 15:12:38 10.0.0.65 91.60.198.199 TCP 50621 23864 -
16 Jul 1 15:12:35 10.0.0.65 91.60.198.199 TCP 50621 23864 -
17 Jul 1 15:12:23 10.0.0.65 220.239.249.143 TCP 50617 34043 -
18 Jul 1 15:12:17 10.0.0.65 220.239.249.143 TCP 50617 34043 -
19 Jul 1 15:12:14 10.0.0.65 220.239.249.143 TCP 50617 34043 -
20 Jul 1 15:12:02 10.0.0.65 60.228.249.130 TCP 50616 55502 -
21 Jul 1 15:11:56 10.0.0.65 60.228.249.130 TCP 50616 55502 -
22 Jul 1 15:11:53 10.0.0.65 60.228.249.130 TCP 50616 55502 -
23 Jul 1 15:11:41 10.0.0.65 99.178.251.245 TCP 50615 11881 -
24 Jul 1 15:11:32 10.0.0.65 99.178.251.245 TCP 50615 11881 -
25 Jul 1 15:11:20 10.0.0.65 205.200.12.32 TCP 50610 58377 -
26 Jul 1 15:11:11 10.0.0.65 205.200.12.32 TCP 50610 58377 -
27 Jul 1 15:10:59 10.0.0.65 65.95.29.112 TCP 50609 48717 -
28 Jul 1 15:10:50 10.0.0.65 65.95.29.112 TCP 50609 48717 -
29 Jul 1 15:10:38 10.0.0.65 110.33.103.179 TCP 50608 27993 -
30 Jul 1 15:10:29 10.0.0.65 110.33.103.179 TCP 50608 27993 -
31 Jul 1 15:10:08 10.0.0.65 70.74.176.119 TCP 50607 65162 -
32 Jul 1 15:09:50 10.0.0.65 78.73.110.142 TCP 50606 46043

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users