Ok I have been interested in Internet security for quite a while now but it is only recently that I have been really looking at my firewalls log file and today I have noticed something strange there is a huge amount of access attempts to port: 2089 from the same IP address 126.96.36.199 the access attempts came from various ports from the address in question ranging from port: 14957 to 28133 although Im not sure if that matters,
I am interested to know if I should Permanently block this IP address although all the attacks have already been blocked, and to know whether this seems like a possible attack?
the protocols that have been used to try and gain access are UDP and TCP (flags:S) although I’m not sure what flags:S means
the access attempts often alternate between the two,
I have 39 logged access attempts (which to me seems more than background noise)
a quick whois on the ip address returned this host c-68-38-71-169.hsd1.nj.comcast.net
that is as far as I have got,
could someone tell me if it is an access attempt and I should block it permanently or is it simply background noise and not an attack?
or could they simply point me in the right direction,
any help is much appreciated,
MS Windows XP Home SP 2
Firewall: Zone Alarm Security Suit 6.1.737.000
anymore info needed please ask.
Edited by Nexus Mind, 13 March 2006 - 06:16 PM.