Multiple scans port 11511

Discussion in 'Trojan Defence Suite' started by Arctic, Jan 7, 2005.

Thread Status:
Not open for further replies.
  1. Arctic

    Arctic Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    46
    I was not sure where to post this but I hope someone can help me. I have been searching the web for almost 4 hours and have not come up with an answer. Last night I turned my computer on and with in 10 minutes I got 465 hits on my linksys logger. It was coming from hundreds of different ip addresses. (the IPs were from all over the world,, Norway, Sweden, UK, USA, China, etc) It is the most unusual thing I have ever seen in my life. The linksys logger indicated it was normal traffic and it was blocked. So, it was not really a scan, or someone looking for open ports. It was as if maybe someone had file sharing on their system for like swaping songs, like kazza or something like that. I do not have any file sharing programs on my computer. I do not use kazza or any of the other progams like that. The port it was hitting was always 11511.

    I run the following applications on my computer. Windows XP Home, Linksys router, Wormguard, TDS-3, Process Guard, Port Explorer, Zone Alarm, Mcafee Antivirus. I phoned Time Warner Cable Company, (my internet provider) and they said there was nothing they could do. They said I would have to leave my computer off for over 24 hours to get a new ip number. Now I must say this really did make me angry, considering how much I pay for this fast internet connection.

    Linksys logger has 5 indicators, Green (normal traffic) Blue (scan traffic) yellow (ftp attempted) red (connection attempted) and black (connection made). The logger was showing green with a line through it indicating it was blocked. My concern is: (1) why were all the ip addresses hitting me? (2) and should I really worry that they could get into my computer? I would greatly appreciate any help that anyone could give me. Thank you in advance :)
     
  2. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Arctic - Personally, since all the attempts at whatever it was were blocked by your router, no, I wouldn't be concerned about it.

    Even if some of the requests got by the router, I would imagine ZA would take over at that point, blocking-wise. You never indicated whether ZA actually showed any alerts during this period.

    Port 11511 comes up simply as an unassigned port when I check it with TDS's "Port Reference" tool, so it's kind of hard to know what's up with that particular port. Perhaps others here can tell you more. HTH Pete
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Arctic, The most probable cause is that your IP address is dynamic i.e. not fixed. When you switch off and have a dynamic address then you may get assigned a new one that was used by someone that did do file sharing on that IP address the file sharing programs keep trying to connect until they get fed up :)

    Don't worry about your PC it is very well protected :)

    HTH Pilli.
     
  4. Arctic

    Arctic Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    46
    Thank you for your speedy reply Spy and Pilli. After 48 hours the hits on that port finally stopped. Perhaps it was an IP address that the previous person was using for downloads. And ZoneAlarm never popped up with any warnings. Actually I noticed after I got my Linksys BEFSX41 router that my zonealarm never warns me of anything unless I start to download a file and then it ask me if I want to allow it. So I guess all that is normal. Once again thanks alot. :)
     
  5. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    That is normal

    the router will automatically block all unwanted/unrequested incoming requests so ZA won't even see them so it can't alert you
     
Thread Status:
Not open for further replies.