On Windows XP, to be precise. It was a Microsoft thing, I don't recall the exact phrase being used. 'general host ...' ?? I'm not sure. I was just doing some regular browsing ! Eset Smart Security (firewall at interactive) caught it. The IP was 185.35.62.135. WHOIS 'This IP network is used for Internet security research. Internet-scale port scanning activities are launched from this network.' 'Kudelski Security RnDOI' I don't see the point ... It's just a home machine ... Any thoughts ? It's not in the log. I think I should add that I had to remove the router and connect directly to the router because of ISP issues. Edit: second event, after I had rebooted the computer. I was just reading Wilders'. Unsolicited inbound connection from 185.128.40.122 (general host process for win32 services) 'Foster Banks', 'Panama'. Weird.
Probably just someone portscanning your ISP's IP range. Add router between your computer and ISP's modem and it should go away.
Quite possibly. I just hand't seen anything like that before I took out my router. The first event seemed somewhat sensible, though weird. Why would a foreign security company scan the ports of my ISP ? The other one, just weird. But shouldn't the firewall (set at interactive) just block all incoming unsolicited traffic ?
The Eset firewall will do so in "automatic" mode. However, that mode will also allow all outbound activity. When you set the firewall to interactive mode, you will receive alerts for any inbound or outbound traffic for which no user rule exists to handle the traffic.
@itman, thanks for the clarification. It seems that the router issues may not persist and I can go back to the old configuration.
This IP, 185.128.40.122, shows up multiple times in this IPS honeypot database: http://global-threat.rmjconsulting.net/?op=prv_idstableLimit&limit=5000. Appears to be UDP connection attempts to ports 111, 123 and possibly DNS related. Going back to using your router would be a smart move as long as it has SPI i.e. stateful packet inspection. That feature will drop any unsolicited inbound connections at the router. -EDIT- Relating to the above port 123 reference: Security Concerns: It provides both information and possible avenue of attack for intruders. Info gathered can include system uptime, time since reset, time server pkt, I/O & memory statistics and ntp peer list. If a host is susceptible to time altering via ntp an attacker can possibly: 1) Run replay attacks using captured OTP and Kerberos tickets before they expire. 2) Stop security-related cron jobs from running or cause them to run at incorrect times. 3) Make system and audit logs unreliable since time is alterable. Ref.: http://www.speedguide.net/port.php?port=123
have you tried an online testing site? the one in this link shows down for now but saying should be back up by the end of the day. http://www.auditmypc.com/firewall-test.asp
I have used it in the past but in recent times, the site seems to be in a perpetual down state. Here is a good test but you have to register: https://secure1.securityspace.com/smysecure/basic_index.html Here are also some sites that will detect and give status on any installed proxy servers: http://www.lagado.com/proxy-test http://www.whatismyproxy.com/ http://whatismyipaddress.com/proxy-check I was never a big fan of AdGuard. They advertise that they filter traffic at the network level but still install a local host proxy server. If they used WFP properly and installed a NDIS mini-port filter driver for the network adapter, they can examine all HTTP/S traffic w/o using a proxy server.
