Dear Paul & fan j what is going on with my za

Discussion in 'other firewalls' started by Mr.Blaze, Mar 6, 2002.

Thread Status:
Not open for further replies.
  1. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    i hardly get anything relly hiting my fire wall anymore but this same ip  if you look at the ip its almost the same every time i thought it was me but its not my ip so what is it.

    The firewall has blocked Internet access to your computer (HTTP) from 172.195.204.167 (TCP Port 2091) [TCP Flags: S].

    Time: 3/5/2002 9:37:52 PM

    The firewall has blocked Internet access to your computer (HTTP) from 172.194.246.166 (TCP Port 1742) [TCP Flags: S].

    Time: 3/5/2002 9:48:28 PM

    The firewall has blocked Internet access to your computer (HTTP) from 172.195.220.204 (TCP Port 4985) [TCP Flags: S].

    Time: 3/5/2002 9:58:50 PM

    The firewall has blocked Internet access to your computer (HTTP) from 172.192.126.41 (TCP Port 2629) [TCP Flags: S].

    Time: 3/5/2002 10:08:04 PM

    it relly anoying its the only thing that hits my fire wall

    The firewall has blocked Internet access to your computer (HTTP) from 172.193.170.73 (TCP Port 1480) [TCP Flags: S].

    Time: 3/5/2002 10:08:36 PM
     
  2. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    They are AOL IP adresses. The few I checked all point to:

    ACC*****.ipt.aol.com


    where the asterixs are different numbers. They could be from the same guy but it is unlikely he would renew IPs that fast.

    Your log doesn't show the port they attempted to connect to so it is hard to say why this is occurring.
     
  3. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    here's what my router logs look like on average:
    Code:
    Saturday, March 02, 2002 7:15:02 PM Unrecognized access from 172.169.143.185:4533 to TCP port 27374
    Saturday, March 02, 2002 7:15:05 PM Unrecognized access from 172.169.143.185:4533 to TCP port 27374
    Saturday, March 02, 2002 7:15:11 PM Unrecognized access from 172.169.143.185:4533 to TCP port 27374
    Saturday, March 02, 2002 7:15:23 PM Unrecognized access from 172.169.143.185:4533 to TCP port 27374
    Saturday, March 02, 2002 7:21:09 PM Unrecognized access from 217.6.28.5:2019 to TCP port 22
    Saturday, March 02, 2002 7:21:12 PM Unrecognized access from 217.6.28.5:2019 to TCP port 22
    Saturday, March 02, 2002 7:23:25 PM Unrecognized access from 172.157.59.17:3718 to TCP port 27374
    Saturday, March 02, 2002 7:23:28 PM Unrecognized access from 172.157.59.17:3718 to TCP port 27374
    Saturday, March 02, 2002 7:23:34 PM Unrecognized access from 172.157.59.17:3718 to TCP port 27374
    Saturday, March 02, 2002 7:50:54 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
    Saturday, March 02, 2002 7:50:57 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
    Saturday, March 02, 2002 7:51:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
    Saturday, March 02, 2002 7:51:15 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
    Saturday, March 02, 2002 7:51:39 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
    Saturday, March 02, 2002 7:52:27 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
    Saturday, March 02, 2002 7:54:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
    Saturday, March 02, 2002 7:56:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
    Saturday, March 02, 2002 7:58:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
    Saturday, March 02, 2002 8:00:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
    Saturday, March 02, 2002 8:02:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
    Saturday, March 02, 2002 8:04:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
    Saturday, March 02, 2002 8:06:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
    Saturday, March 02, 2002 8:08:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
    Saturday, March 02, 2002 8:10:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
    Saturday, March 02, 2002 8:12:03 PM Unrecognized access from 195.92.193.248:80 to TCP port 12311
    Saturday, March 02, 2002 11:28:09 PM Unrecognized access from 24.69.231.121:21404 to TCP port 139
    Saturday, March 02, 2002 11:28:12 PM Unrecognized access from 24.69.231.121:21404 to TCP port 139
    Saturday, March 02, 2002 11:28:18 PM Unrecognized access from 24.69.231.121:21404 to TCP port 139
    Sunday, March 03, 2002 3:49:58 AM Unrecognized access from 200.178.201.109:1583 to TCP port 27374
    Sunday, March 03, 2002 3:49:58 AM Unrecognized access from 200.178.201.109:1583 to TCP port 27374
    Sunday, March 03, 2002 3:49:59 AM Unrecognized access from 200.178.201.109:1583 to TCP port 27374
    Sunday, March 03, 2002 4:07:13 AM Unrecognized access from 172.173.127.31:4537 to TCP port 27374
    Sunday, March 03, 2002 4:07:16 AM Unrecognized access from 172.173.127.31:4537 to TCP port 27374
    Sunday, March 03, 2002 4:07:22 AM Unrecognized access from 172.173.127.31:4537 to TCP port 27374
    Sunday, March 03, 2002 5:31:52 AM Unrecognized access from 172.188.67.43:1479 to TCP port 27374
    Sunday, March 03, 2002 5:31:55 AM Unrecognized access from 172.188.67.43:1479 to TCP port 27374
    Sunday, March 03, 2002 5:32:01 AM Unrecognized access from 172.188.67.43:1479 to TCP port 27374
    Sunday, March 03, 2002 5:32:13 AM Unrecognized access from 172.188.67.43:1479 to TCP port 27374
    Sunday, March 03, 2002 6:17:14 AM Unrecognized access from 24.67.126.188:4902 to TCP port 111
    Sunday, March 03, 2002 6:40:07 AM Unrecognized access from 24.157.43.120:3618 to TCP port 27374
    Sunday, March 03, 2002 6:40:10 AM Unrecognized access from 24.157.43.120:3618 to TCP port 27374
    Sunday, March 03, 2002 6:40:16 AM Unrecognized access from 24.157.43.120:3618 to TCP port 27374
    Sunday, March 03, 2002 6:52:33 AM Unrecognized access from 165.132.95.101:2875 to TCP port 515
    Sunday, March 03, 2002 6:52:35 AM Unrecognized access from 165.132.95.101:2875 to TCP port 515
    Sunday, March 03, 2002 8:33:46 AM Unrecognized access from 24.157.50.119:2637 to TCP port 27374
    Sunday, March 03, 2002 8:33:49 AM Unrecognized access from 24.157.50.119:2637 to TCP port 27374
    Sunday, March 03, 2002 8:33:55 AM Unrecognized access from 24.157.50.119:2637 to TCP port 27374
    Sunday, March 03, 2002 9:43:21 AM Unrecognized access from 65.227.69.120:3490 to TCP port 27374
    Sunday, March 03, 2002 9:43:24 AM Unrecognized access from 65.227.69.120:3490 to TCP port 27374
    Sunday, March 03, 2002 9:43:30 AM Unrecognized access from 65.227.69.120:3490 to TCP port 27374
    Sunday, March 03, 2002 9:43:42 AM Unrecognized access from 65.227.69.120:3490 to TCP port 27374
    Sunday, March 03, 2002 12:01:51 PM Unrecognized access from 24.186.179.125:3301 to TCP port 27374
    Sunday, March 03, 2002 12:01:54 PM Unrecognized access from 24.186.179.125:3301 to TCP port 27374
    Sunday, March 03, 2002 12:02:00 PM Unrecognized access from 24.186.179.125:3301 to TCP port 27374
    Sunday, March 03, 2002 12:02:12 PM Unrecognized access from 24.186.179.125:3301 to TCP port 27374
    
     
  4. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    and more:
    Code:
    Sunday, March 03, 2002 1:31:37 PM Unrecognized access from 208.183.251.166:1560 to TCP port 111
    Sunday, March 03, 2002 1:58:14 PM Unrecognized access from 68.80.170.233:1537 to TCP port 27374
    Sunday, March 03, 2002 1:58:17 PM Unrecognized access from 68.80.170.233:1537 to TCP port 27374
    Sunday, March 03, 2002 1:58:23 PM Unrecognized access from 68.80.170.233:1537 to TCP port 27374
    Sunday, March 03, 2002 1:58:35 PM Unrecognized access from 68.80.170.233:1537 to TCP port 27374
    Sunday, March 03, 2002 3:08:30 PM Unrecognized access from 172.145.171.109:2649 to TCP port 27374
    Sunday, March 03, 2002 3:08:33 PM Unrecognized access from 172.145.171.109:2649 to TCP port 27374
    Sunday, March 03, 2002 3:08:39 PM Unrecognized access from 172.145.171.109:2649 to TCP port 27374
    Sunday, March 03, 2002 3:43:20 PM Unrecognized access from 24.116.166.113:4420 to TCP port 27374
    Sunday, March 03, 2002 3:43:20 PM Unrecognized access from 24.116.166.113:4421 to TCP port 1243
    Sunday, March 03, 2002 3:43:23 PM Unrecognized access from 24.116.166.113:4420 to TCP port 27374
    Sunday, March 03, 2002 3:43:23 PM Unrecognized access from 24.116.166.113:4421 to TCP port 1243
    Sunday, March 03, 2002 3:43:29 PM Unrecognized access from 24.116.166.113:4420 to TCP port 27374
    Sunday, March 03, 2002 3:43:29 PM Unrecognized access from 24.116.166.113:4421 to TCP port 1243
    Sunday, March 03, 2002 3:43:41 PM Unrecognized access from 24.116.166.113:4421 to TCP port 1243
    Sunday, March 03, 2002 3:43:41 PM Unrecognized access from 24.116.166.113:4420 to TCP port 27374
    Sunday, March 03, 2002 4:06:40 PM Unrecognized access from 172.139.31.214:1985 to TCP port 27374
    Sunday, March 03, 2002 4:06:43 PM Unrecognized access from 172.139.31.214:1985 to TCP port 27374
    Sunday, March 03, 2002 4:06:49 PM Unrecognized access from 172.139.31.214:1985 to TCP port 27374
    Sunday, March 03, 2002 4:41:49 PM Unrecognized access from 172.192.46.181:4743 to TCP port 27374
    Sunday, March 03, 2002 4:41:52 PM Unrecognized access from 172.192.46.181:4743 to TCP port 27374
    Sunday, March 03, 2002 4:41:58 PM Unrecognized access from 172.192.46.181:4743 to TCP port 27374
    Sunday, March 03, 2002 4:53:26 PM Unrecognized access from 24.232.145.118:1871 to TCP port 27374
    Sunday, March 03, 2002 4:53:29 PM Unrecognized access from 24.232.145.118:1871 to TCP port 27374
    Sunday, March 03, 2002 4:53:35 PM Unrecognized access from 24.232.145.118:1871 to TCP port 27374
    Sunday, March 03, 2002 4:53:47 PM Unrecognized access from 24.232.145.118:1871 to TCP port 27374
    Sunday, March 03, 2002 5:59:27 PM Unrecognized access from 172.193.68.230:4280 to TCP port 27374
    Sunday, March 03, 2002 5:59:30 PM Unrecognized access from 172.193.68.230:4280 to TCP port 27374
    Sunday, March 03, 2002 5:59:36 PM Unrecognized access from 172.193.68.230:4280 to TCP port 27374
    Sunday, March 03, 2002 5:59:49 PM Unrecognized access from 172.193.68.230:4280 to TCP port 27374
    Sunday, March 03, 2002 6:02:06 PM Unrecognized access from 24.91.182.208:2720 to TCP port 27374
    Sunday, March 03, 2002 6:02:09 PM Unrecognized access from 24.91.182.208:2720 to TCP port 27374
    Sunday, March 03, 2002 6:02:15 PM Unrecognized access from 24.91.182.208:2720 to TCP port 27374
    Sunday, March 03, 2002 6:11:15 PM Unrecognized access from 24.128.111.123:1677 to TCP port 27374
    Sunday, March 03, 2002 6:11:18 PM Unrecognized access from 24.128.111.123:1677 to TCP port 27374
    Sunday, March 03, 2002 6:11:24 PM Unrecognized access from 24.128.111.123:1677 to TCP port 27374
    Sunday, March 03, 2002 6:11:37 PM Unrecognized access from 24.128.111.123:1677 to TCP port 27374
    Sunday, March 03, 2002 6:29:49 PM Unrecognized access from 24.69.203.43:1610 to TCP port 139
    Sunday, March 03, 2002 6:29:52 PM Unrecognized access from 24.69.203.43:1610 to TCP port 139
    Sunday, March 03, 2002 6:29:58 PM Unrecognized access from 24.69.203.43:1610 to TCP port 139
    Sunday, March 03, 2002 6:49:00 PM Unrecognized access from 212.3.248.147:21 to TCP port 21
    Sunday, March 03, 2002 6:52:56 PM Unrecognized access from 172.164.249.133:2082 to TCP port 27374
    Sunday, March 03, 2002 6:52:59 PM Unrecognized access from 172.164.249.133:2082 to TCP port 27374
    Sunday, March 03, 2002 6:53:05 PM Unrecognized access from 172.164.249.133:2082 to TCP port 27374
    Sunday, March 03, 2002 10:33:09 PM Unrecognized access from 24.69.197.84:2516 to TCP port 139
    Sunday, March 03, 2002 10:33:12 PM Unrecognized access from 24.69.197.84:2516 to TCP port 139
    Sunday, March 03, 2002 10:33:18 PM Unrecognized access from 24.69.197.84:2516 to TCP port 139
    Sunday, March 03, 2002 10:33:30 PM Unrecognized access from 24.69.197.84:2516 to TCP port 139
    Sunday, March 03, 2002 11:28:51 PM Unrecognized access from 24.48.203.127:2829 to TCP port 27374
    Sunday, March 03, 2002 11:28:54 PM Unrecognized access from 24.48.203.127:2829 to TCP port 27374
    Sunday, March 03, 2002 11:29:00 PM Unrecognized access from 24.48.203.127:2829 to TCP port 27374
    Sunday, March 03, 2002 11:48:20 PM Unrecognized access from 66.8.157.20:3232 to TCP port 27374
    Sunday, March 03, 2002 11:48:23 PM Unrecognized access from 66.8.157.20:3232 to TCP port 27374
    Sunday, March 03, 2002 11:48:29 PM Unrecognized access from 66.8.157.20:3232 to TCP port 27374
    Sunday, March 03, 2002 11:48:42 PM Unrecognized access from 66.8.157.20:3232 to TCP port 27374
    Monday, March 04, 2002 2:56:36 AM Unrecognized access from 24.78.6.105:3697 to TCP port 27374
    Monday, March 04, 2002 2:56:38 AM Unrecognized access from 24.78.6.105:3697 to TCP port 27374
    Monday, March 04, 2002 2:56:44 AM Unrecognized access from 24.78.6.105:3697 to TCP port 27374
    Monday, March 04, 2002 2:56:56 AM Unrecognized access from 24.78.6.105:3697 to TCP port 27374
    Monday, March 04, 2002 3:36:14 AM Unrecognized access from 63.117.2.118:3768 to TCP port 111
    Monday, March 04, 2002 4:48:17 AM Unrecognized access from 24.82.60.169:3475 to TCP port 27374
    Monday, March 04, 2002 4:48:20 AM Unrecognized access from 24.82.60.169:3475 to TCP port 27374
    Monday, March 04, 2002 4:48:26 AM Unrecognized access from 24.82.60.169:3475 to TCP port 27374
    Monday, March 04, 2002 4:48:38 AM Unrecognized access from 24.82.60.169:3475 to TCP port 27374
    Monday, March 04, 2002 5:13:23 AM Unrecognized access from 64.148.158.174:2078 to TCP port 515
    Monday, March 04, 2002 6:16:49 AM Unrecognized access from 24.69.68.171:4886 to TCP port 139
    Monday, March 04, 2002 6:16:52 AM Unrecognized access from 24.69.68.171:4886 to TCP port 139
    Monday, March 04, 2002 6:16:58 AM Unrecognized access from 24.69.68.171:4886 to TCP port 139
    Monday, March 04, 2002 6:53:59 AM Unrecognized access from 210.111.129.10:3625 to TCP port 111
    Monday, March 04, 2002 7:24:46 AM Unrecognized access from 128.11.99.45:137 to UDP port 137
    Monday, March 04, 2002 7:24:48 AM Unrecognized access from 128.11.99.45:137 to UDP port 137
    Monday, March 04, 2002 7:24:49 AM Unrecognized access from 128.11.99.45:137 to UDP port 137
    Monday, March 04, 2002 10:53:23 AM Unrecognized access from 199.228.177.52:4169 to TCP port 111
    Monday, March 04, 2002 12:17:50 PM Unrecognized access from 24.69.109.218:1310 to TCP port 139
    Monday, March 04, 2002 12:17:53 PM Unrecognized access from 24.69.109.218:1310 to TCP port 139
    Monday, March 04, 2002 12:17:59 PM Unrecognized access from 24.69.109.218:1310 to TCP port 139
    Monday, March 04, 2002 12:46:52 PM Unrecognized access from 24.188.84.143:4539 to TCP port 27374
    Monday, March 04, 2002 12:46:58 PM Unrecognized access from 24.188.84.143:4539 to TCP port 27374
    Monday, March 04, 2002 12:47:10 PM Unrecognized access from 24.188.84.143:4539 to TCP port 27374
    Monday, March 04, 2002 3:00:52 PM Unrecognized access from 24.69.109.218:1271 to TCP port 139
    Monday, March 04, 2002 3:00:54 PM Unrecognized access from 24.69.109.218:1271 to TCP port 139
    Monday, March 04, 2002 3:01:00 PM Unrecognized access from 24.69.109.218:1271 to TCP port 139
    Monday, March 04, 2002 3:24:04 PM Unrecognized access from 24.69.203.43:2776 to TCP port 139
    Monday, March 04, 2002 3:24:07 PM Unrecognized access from 24.69.203.43:2776 to TCP port 139
    Monday, March 04, 2002 3:24:13 PM Unrecognized access from 24.69.203.43:2776 to TCP port 139
    Monday, March 04, 2002 5:44:16 PM Unrecognized access from 80.134.23.191:4230 to TCP port 21
    Monday, March 04, 2002 5:44:19 PM Unrecognized access from 80.134.23.191:4230 to TCP port 21
    Monday, March 04, 2002 5:44:25 PM Unrecognized access from 80.134.23.191:4230 to TCP port 21
    Monday, March 04, 2002 7:18:49 PM Unrecognized access from 24.49.133.133:3916 to TCP port 27374
    Monday, March 04, 2002 7:18:58 PM Unrecognized access from 24.49.133.133:3916 to TCP port 27374
    Monday, March 04, 2002 7:19:09 PM Unrecognized access from 24.49.133.133:3916 to TCP port 27374
    Monday, March 04, 2002 8:53:17 PM Unrecognized access from 24.57.97.184:4199 to TCP port 27374
    Monday, March 04, 2002 10:52:42 PM Unrecognized access from 136.145.160.39:1524 to TCP port 1524
    Tuesday, March 05, 2002 12:31:23 AM Unrecognized access from 200.61.121.52:65419 to TCP port 1081
    Tuesday, March 05, 2002 12:31:27 AM Unrecognized access from 200.61.121.52:65419 to TCP port 1081
    Tuesday, March 05, 2002 12:31:29 AM Unrecognized access from 200.61.121.52:64461 to TCP port 1081
    Tuesday, March 05, 2002 6:42:18 AM Unrecognized access from 24.64.19.234:137 to UDP port 137
    Tuesday, March 05, 2002 6:42:20 AM Unrecognized access from 24.64.19.234:137 to UDP port 137
    Tuesday, March 05, 2002 6:42:21 AM Unrecognized access from 24.64.19.234:137 to UDP port 137
    Tuesday, March 05, 2002 7:59:39 AM Unrecognized access from 65.193.117.60:32824 to TCP port 1214
    
     
  5. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    yet still more:
    Code:
    Tuesday, March 05, 2002 7:59:42 AM Unrecognized access from 65.193.117.60:32824 to TCP port 1214
    Tuesday, March 05, 2002 9:38:28 AM Unrecognized access from 64.35.94.71:4400 to TCP port 1125
    Tuesday, March 05, 2002 3:54:26 PM Unrecognized access from 24.88.110.226:137 to UDP port 137
    Tuesday, March 05, 2002 3:54:28 PM Unrecognized access from 24.88.110.226:137 to UDP port 137
    Tuesday, March 05, 2002 3:54:29 PM Unrecognized access from 24.88.110.226:137 to UDP port 137
    Tuesday, March 05, 2002 3:59:26 PM Unrecognized access from 142.176.115.84:31790 to UDP port 31789
    Tuesday, March 05, 2002 5:20:44 PM Unrecognized access from 24.69.62.16:3756 to TCP port 139
    Tuesday, March 05, 2002 5:20:47 PM Unrecognized access from 24.69.62.16:3756 to TCP port 139
    Tuesday, March 05, 2002 5:20:53 PM Unrecognized access from 24.69.62.16:3756 to TCP port 139
    Tuesday, March 05, 2002 5:21:05 PM Unrecognized access from 24.69.62.16:3756 to TCP port 139
    Tuesday, March 05, 2002 5:32:58 PM Unrecognized access from 24.208.231.22:137 to UDP port 137
    Tuesday, March 05, 2002 5:32:59 PM Unrecognized access from 24.208.231.22:137 to UDP port 137
    Tuesday, March 05, 2002 5:33:01 PM Unrecognized access from 24.208.231.22:137 to UDP port 137
    
     
  6. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    So don't feel too bad, we all get it. I have dedicated hardware to filter it out to take the load of my PCs

    pretty much everyone of those connection attempts were from our enemies.
     
  7. FanJ

    FanJ Guest

    Hi Unicron,

    MrBlaze wrote for example:

    So it looks to me that he did mention that port: HTTP=port 80

    Or am I now making a mistake?
     
  8. FanJ

    FanJ Guest

    Hi MrBlaze,

    It looks like your firewall is just doing its job!
    Yes, all those "attempts" can be annoying.
    I would advice to set up ZA in such a way that you don't get an alert pop-up every time such a thing occurs.
    In the Alert Tab of ZA disable the box "Show the alert popup window".
     
  9. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    A hearty 'AMEN' to that idea, Jan!

    I'm a firm believer in letting your firewall go about doing its' job - quietly. As long as you're running frequent, full, in-depth scans with your AV/AT programs (and assuming your firewall is correctly set-up, of course), chasing down hits from various (mostly innocent) sources is a waste of time and can draw a lot of un-wanted attention your way.

    mrblaze - I'd suggest (if you don't already have one or the other and you're using ZA) that you get either ZoneLogAnalyzer http://zonelog.co.uk/ or VisualZone v5.6 http://www.wilders.org/downloads.htm . Both will serve to let you know if you're actually getting 'attacked' and give you options to report it (ZLA) or have it reported for you (VZ). Pete
     
  10. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    UNICRON my god i never seen so much ips hiting some one like that "blaze eyes widen" ok i feel better but i do think its the same person every day its that same looking ip lol.

    i know at sos bord femmy look up my many user names that i sighn on with my aol accounts.

    i have 7 aol accounts and for each registers same ip except that for each there is 1 digit or 2 digit diffrence at the end of each aol user name.

    so i know its same person but wondering if its just aol being anoying or some one peson being anoying i was almost tempted to go to the dark side pick up a nuke and read how to use it  and nail the anoyance.

    Anybody other then me ever feels like just pushing a red button and nailing that one anoying ip that bugs you day after day and you know its not a legit scan ping or echo request lol,

    or am i the only one experincing cyber highway road rage lol=)
     
  11. FanJ

    FanJ Guest

    Hey MrBlaze,
    You're definitely not the only one !!!  
     
  12. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada

    doh! I was lookin for numbers, looked right past the HTTP!

    My Bad.
     
  13. me

    me Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    33
    Location:
    New Baden, IL
    MRBLAZE

    You might also want to submit some of these entries in your ZA log to DSHIELD (http://www.dshield.org) using their Web Interface
     
  14. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    ahhhhhhhhhhhhhhhh gasppppppppp im not sure if im being parinoyed but i think i found out whats going on.

    ok you noticed the ip adress is very similar every time so its most likely the same person.

    i notice each za warning like this The firewall has blocked Internet access to your computer (HTTP) from 172.195.124.149 (TCP Port 1556) [TCP Flags: S].

    Time: 3/7/2002 8:48:24 AM

    has http this (HTTP) in front of the ip right so i said what the hell so i put in the http://ip adress here like i would a url and this is what happend

    Date: 3/5/2002, Time: 13:47:44, MRBLAZE on COMPUTER
    The file
    C:\WINDOWS\Temporary Internet Files\Content.IE5\6Z0J0LM1\172.195.251[1]
    was infected with the W32.Nimda.A@mm(html) virus.
    The file was repaired.


    Date: 3/5/2002, Time: 21:46:38, MRBLAZE on COMPUTER
    The file
    C:\WINDOWS\Temporary Internet Files\Content.IE5\AFIL8VGT\172.195.204[1]
    was infected with the W32.Nimda.A@mm(html) virus.
    The file was repaired.

    My nortion antiviruse took out that mofo but its strange that an ip is also a web adress i think what was going on was this .

    some one with aol account made a web site with his or her ip adress as a url as well and was trying to infect me with W32.Nimda.A.

    he was most likely useing messenger spam. Messenger (not to be confused with MSN messenger or aol instant messeanger)

    The easiest way to explain it is to show you the non-ethical ways of using the messenger service

    The non-ethical use of the messenger service turns it into an untraceable spam tool. As you can see in this example, the sender has changed the computer name to "VirusScan." This fools the end user into believing it is a message from his or her antivirus program. The message also refers the user to a website, and as you can probably guess, it's not an antivirus website. The problem here is that anyone can send messages though the messenger service, not just system administrators. The command to send a message is called "net send" and can be executed from the command prompt with the following syntax. Spammers will automate this process using batch files so that they can send hundreds of messages per hour (see an example). You're probably saying to yourself, "No one knows my IP address. I'm safe." Not true. You and your hidden messenger service can easily be detected by running a simple port scan across a range of IP addresses. The messenger service is part of the Netbios service that runs on TCP port 139. To detect potential targets, the spammer will scan IP addresses with port 139 open. To demonstrate this, I downloaded an application named SuperScan and scanned 131 IP addresses for the open port 139. Click here to see a screen shot of my results. Out of 131 computers, 42 of them were open for attack. Using this method thousands of open IP addresses can be harvested and spammed per hour. Stop the spam

    basicly he sends me that spam i click on ok cause its the only way to close that box get redirected to a web page carying a nast viruse and i am infected thats my consperacy theory  lol.

    what about you guys any conspiracy theorys lol
     
  15. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    lol oh by the way i cut and pasted that  spam part from an article lol but you get the ideal lol.
     
  16. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Not unusual to get hits to port 80 from Nimda infected machines.  The scans are on autopilot: a machine gets infected and then scans for other vulnerable machines to infect.  Usually you'll mostly get scans from infected machines who have the same ISP as you.  

    Here's the Symantec write up on the Nimda variant you seem to have run into:

    http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html
     
  17. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    And no, that doesn't mean you have Nimda, it means someone else[/] has Nimda that keeps trying to send itself to everyone it can reach.

    If that address is within your local range from your ISP, you might want to call them and let them know - perhaps they'll be interested enough to do something about it as long as you send them your complete, detailed log.

    If you want to quit seeing the alerts altogether, just get SpyBlocker 4.75 and make sure you select 'Don't Allow Remote Connections' in the 'Options' section.  It'll block the Nimda probes before they ever get to your firewall.

    If you're using ZA and get SpyBlocker, make sure you don't 'Allow Connect' in either "Local" or "Internet" or "Allow Server" for SB in ZA. (Of course, if you want to see the attempts being made - in SB's log with a lot of detail - then leave 'Don't Allow Remote Connections' UN-checked). Pete
     
  18. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    i do have spy blocker and that sounds like a great ideal but lol spyblocker constantly sets off my za fire wall i dont know why.

    they should had made it compatiable with za.
     
Loading...
Thread Status:
Not open for further replies.