Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unusually heavy Zonealarm (free) log entries


  • Please log in to reply
4 replies to this topic

#1 ghot1

ghot1

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:07 AM

Posted 11 January 2011 - 04:35 PM

This activity started about 5 days ago....and hasn't let up since. The two main ports being scanned are 48416 and 23531.

I run Zonealarm (free) v 9.2.057.000 and have just about everything blocked from the internet. My computer scans clean, HiJack This shows nothing unusual etc. Windows XP Pro SP3 fully updated, no IM clients or any clients installed, no toolbars etc. Zonealarm is blocking everything...but it just seems strange. These two ports are getting scanned about 1-3 per minute at worst.

Posted Image

Should I be worried about this??

Edited by hamluis, 11 January 2011 - 05:39 PM.
Moved from XP forum to AV, Firewall, Privacy forum ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 Baltboy

Baltboy

    Bleepin' Flame Head


  • BC Advisor
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:10:07 AM

Posted 11 January 2011 - 05:39 PM

My intial feeling is no. It seems Zonealarm is doing its job. It could be exactly what you are seeing. Someone is scanning those ports on your IP range looking for someone who doesn't have their computer protected. I would keep an eye on it and if it doesn't end in a few weeks I would consider possibly contacting your ISP about it. Odds are they have noticed it too and are trying to block out/find the attacks.
Get your facts first, then you can distort them as you please.
Mark Twain

#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 PM

Posted 11 January 2011 - 05:50 PM

Like Baltboy says, no need to worry, ZA is blocking access.

And what's even more, it's very unlikely your machine has these ports open for listening. You can check with TCPView if you really want to be sure.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 ghot1

ghot1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:07 AM

Posted 11 January 2011 - 11:37 PM

Well apparently Java just released a new update _23 that seemed to stop most of the 48416 port scans....but check this new screen shot...especially WHERE they are coming from...on the right...

Posted Image

#5 Baltboy

Baltboy

    Bleepin' Flame Head


  • BC Advisor
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:10:07 AM

Posted 12 January 2011 - 05:48 PM

Most of the across the board attacks come from overseas anymore so seeing that they are coming from the netherlands isn't real suprising. The surprising thing is it is all the same IP.
Get your facts first, then you can distort them as you please.
Mark Twain




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users