Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Possible Attack Or Background Noise?


  • Please log in to reply
2 replies to this topic

#1 Guest_Nexus Mind_*

Guest_Nexus Mind_*

  • Guests
  • OFFLINE
  •  

Posted 13 March 2006 - 06:13 PM

Hello

Ok I have been interested in Internet security for quite a while now but it is only recently that I have been really looking at my firewalls log file and today I have noticed something strange there is a huge amount of access attempts to port: 2089 from the same IP address 68.38.71.169 the access attempts came from various ports from the address in question ranging from port: 14957 to 28133 although Im not sure if that matters,

I am interested to know if I should Permanently block this IP address although all the attacks have already been blocked, and to know whether this seems like a possible attack?

the protocols that have been used to try and gain access are UDP and TCP (flags:S) although I’m not sure what flags:S means

the access attempts often alternate between the two,

I have 39 logged access attempts (which to me seems more than background noise)

a quick whois on the ip address returned this host c-68-38-71-169.hsd1.nj.comcast.net

that is as far as I have got,

could someone tell me if it is an access attempt and I should block it permanently or is it simply background noise and not an attack?

or could they simply point me in the right direction,

any help is much appreciated,

SYSTEM SPECS

MS Windows XP Home SP 2
Firewall: Zone Alarm Security Suit 6.1.737.000

anymore info needed please ask.

thank you

-NEXUS

Edited by Nexus Mind, 13 March 2006 - 06:16 PM.


BC AdBot (Login to Remove)

 


#2 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female

Posted 17 March 2006 - 11:28 PM

Hi Nexus Mind :thumbsup:
Is this your ISP

Server Used: [ whois.arin.net ]

68.38.71.169 = [ c-68-38-71-169.hsd1.nj.comcast.net ]
OrgName: Comcast Cable Communications Inc.
OrgID: CMCS
Address: 1800 Bishops Gate Blvd
City: Mt Laurel
StateProv: NJ
PostalCode: 08054
Country: US
NetRange: 68.32.0.0 - 68.63.255.255
CIDR: 68.32.0.0/11
NetName: JUMPSTART-1
NetHandle: NET-68-32-0-0-1
Parent: NET-68-0-0-0-0
NetType: Direct Allocation
NameServer: DNS.INFLOW.PA.BO.COMCAST.NET
NameServer: DNS.CMC.CO.DENVER.COMCAST.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-11-29
Updated: 2006-01-26
RTechHandle: IC161-ARIN
RTechName: Comcast Cable Communications Inc
RTechPhone: 1-856-317-7200
RTechEmail: CNIPEO-Ip-registration@cable.comcast.com
OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and Policy Observance
OrgAbusePhone: 1-856-317-7272
OrgAbuseEmail: abuse@comcast.net


If it is, you don't want to block it.

Edited by Jacee, 17 March 2006 - 11:29 PM.

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop


#3 Guest_Nexus Mind_*

Guest_Nexus Mind_*

  • Guests
  • OFFLINE
  •  

Posted 18 March 2006 - 02:39 AM

Hello,

Thank you for the reply.

No, my ISP is wanadoo, (That's the UK name not sure if it runs under a different name else where)

So do you think it is the correct thing to do to block it?

because although I've only just started really looking into internet security,

have been reading about compromised Windows based computers,
and obviously I'm not going to be blocking the (possible) attackers IP address because it will be spoofed,

So really what I mean is, is there much point in blocking this IP because they could just use another bot?

any thoughts?

-NEXUS

Edited by Nexus Mind, 18 March 2006 - 02:40 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users