Hacking Myself ???

Discussion in 'other firewalls' started by nervous noob, Jan 19, 2004.

Thread Status:
Not open for further replies.
  1. nervous noob

    nervous noob Guest

    My firewall detects connection requests from
    Also something called My Address Attack.
    I can't seem to find usefull info on this.
    Can someone explain this anomaly please?
  2. LowWaterMark

    LowWaterMark Administrator

    Aug 10, 2002
    New England
    Can you post a part of the firewall log so we can see some details on the events? Also, what firewall is it?

    I'm going to move this to the "other firewalls" section in a little while because that'll be a better place to get help.
  3. nervous noob

    nervous noob Guest

    Thanks for responding.
    Firewall is Outpost free I have used 1 yr. This anomaly I have noted only recently.
    Is this the log info as you request? It is pasted from attack detection (plug-in) page.
    If you need the entire session log I can give it but I have to close first. I'll have it ready if you need it.

    01/19/2004 19:43:28   Port scanned TCP(1455) TCP(1695)

    01/19/2004 19:43:28   Connection request   TCP(1455)

    01/19/2004 19:42:54   My address   

    01/19/2004 19:42:54   Connection request   TCP(1695)
  4. LowWaterMark

    LowWaterMark Administrator

    Aug 10, 2002
    New England
    Actually a full log would be helpful. You can of course blank out your ISP provided public IP address, though make sure it's clear from the changes you make that it is just your address that has been removed. Also, leave any or references in place, and let us see all protocols, flags and even time stamps, so we can get a good idea about what is going on.
  5. nervous noob

    nervous noob Guest

    Here is partial copy of Attack Detection Log. I hope this is what you need to help me.
    Stupid program will not allow copy paste of logs, only line by line.
    There are other logs like Allowed, Blocked, DNS Cache, etc... all equally cryptic.
    Please let me know if you need more info.
    Thank you.

    Date/Time Attack Type Ip Address Scan Port Details

    01/20/2004 11:03:27   Port scanned   TCP(110:cool: TCP(1852)
    01/20/2004 11:02:37   My address   
    01/20/2004 11:02:37   Connection request   TCP(1852)
    01/20/2004 10:58:36   Port scanned   TCP(135)
    01/20/2004 11:15:31   Connection request   UDP(137)
    01/20/2004 11:14:56   Connection request   TCP(1182)
    01/20/2004 11:07:12   Port scanned   TCP(135)
    01/20/2004 11:07:12   Connection request   TCP(135)
    01/20/2004 11:03:27   Port scanned   TCP(110:cool: TCP(1852)
    01/20/2004 11:03:27   Connection request   TCP(110:cool:
    01/20/2004 11:02:37   My address   
    01/20/2004 11:02:37   Connection request   TCP(1852)
    01/20/2004 10:58:36   Connection request   TCP(135)
    01/20/2004 10:58:36   Connection request   TCP(135)
    01/20/2004 10:41:46   Port scanned   TCP(113:cool: TCP(1749)
    01/20/2004 10:41:46   Connection request   TCP(113:cool:
    01/20/2004 10:41:43   My address   
    01/20/2004 10:41:43   Connection request   TCP(1749)
    01/20/2004 10:30:56   Port scanned   TCP(1805) TCP(1541)
    01/20/2004 10:30:56   Connection request   TCP(1805)
    01/20/2004 10:30:39   Connection request   TCP(1541)
    01/20/2004 10:25:38   My address   
    01/20/2004 10:25:38   Connection request   TCP(1567)
    01/19/2004 20:58:45   Connection request   TCP(1523)
    01/19/2004 20:56:45   Connection request   TCP(1523)
    01/19/2004 20:56:41   Port scanned   TCP(135)
    01/19/2004 20:56:41   Connection request   TCP(135)
    01/19/2004 20:54:45   Connection request   TCP(1523)
    01/19/2004 20:54:28   Connection request   TCP(1415)
    01/19/2004 20:53:24   Connection request   TCP(1415)
    01/19/2004 20:52:45   Connection request   TCP(1523)
    01/19/2004 20:52:19   Connection request   TCP(1415)
    01/19/2004 20:52:01   Connection request   UDP(137)
    01/19/2004 20:51:16   Connection request   TCP(1415)
    01/19/2004 20:51:11   Connection request   TCP(1523)
    01/19/2004 20:50:31   Port scanned   TCP(1951) TCP(1455)
    01/19/2004 20:50:31   Connection request   TCP(1951)
    01/19/2004 20:50:16   My address   
    01/19/2004 20:50:16   Connection request   TCP(1455)
    01/19/2004 20:50:12   Connection request   TCP(1415)
    01/19/2004 20:48:33   Connection request   TCP(1433)
    01/19/2004 20:42:19   Port scanned   TCP(135)
    01/19/2004 20:42:19   Connection request   TCP(135)
    01/19/2004 20:42:19   Connection request   TCP(135)
    01/19/2004 20:40:51   Connection request   TCP(135)
    01/19/2004 20:34:33   Connection request   TCP(6129)
    01/19/2004 20:33:51   Port scanned   TCP(135)
    01/19/2004 20:33:51   Connection request   TCP(135)
    01/19/2004 20:32:30   My address   
    01/19/2004 20:32:30   Connection request   TCP(1067)

    BTW, all entries for 01/20 are from sitting right here at Wilders if that means anything.
  6. root

    root Registered Member

    Feb 19, 2002
    Missouri, USA
    I'm a long time user of Outpost and I have never seen anything named my address, but I still do not see anything to be alarmed about. It looks like Outpost is effectively blocking a lot of internet background scans and connection attempts, but that does not indicate any problem.
    You might try the Outpost Forum and see if anyone has any ideas about what you are experiencing. It's been a long time since I have used version 1 and you might find someone there that is still using it.
  7. Sumire

    Sumire Registered Member

    Sep 26, 2002
    I'm not a Outpost user but looking at your Outpost log, (source ip address spoofed port scan) ,this must be ms blaster or nachi type worm's leftovers.

    Here is the good description about source ip address spoofed port scan issues.

    I've discussed many times about source ip address spoofed( port scan on another Outpost related forum. You don't need to worry about this type of port scan, Outpost just drop unnecessary packets.

    Best Regards
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.