Should I be concerned from these attack attempts?

Discussion in 'other firewalls' started by JoeyD, Mar 16, 2004.

Thread Status:
Not open for further replies.
  1. JoeyD

    JoeyD Registered Member

    Jan 17, 2004
    For the past week or so Outpost Pro 2.1 has logged at least one port scan attack each day. Sometimes
    as many as three.

    Here is a sample:

    4:19:03 PM Attack Detection Report Port Scanning has been detected from (scanned
    ports:TCP (HTTP, 6129, 3127, 1025, 2745))

    Under blocked connection I logged four attempts from this IP address at about the same time, all
    were blocked.

    These seem to be ports used by a lot of trojans and worms, however yesterday one attack showed this:

    3/15/2004 9:35:24 AM Attack Detection Report Port Scanning has been detected from
    (scanned ports:TCP (HTTP, 5000, 6129, 3127, 1025, 2745))

    The attack always comes from a different IP address but I never noticed this happening in the past
    so it bothers me that it is happening so frequently lately.

    I've run TDS3 full system scan, spybot S&D, Adaware and use Nod32 as my AV updated daily. Nod did
    find js/iestart trojan on my system in its daily scan a couple of days ago but this was happening
    prior to and after removal of that trojan.

    Is this just script kiddies or could something be hidden on my system that someone is looking for?

    Should I be concerned or content knowing my firewall is doing its job?
  2. Phant0m

    Phant0m Registered Member

    Jun 7, 2003
    Hey JoeyD


    I knew this looked familiar when I saw those ports you listed off, my security system drop those packets yesterday beginning 21:27, and when I looked through the today’s logs I also seen this again AND from the same IP…

    No need to be concerned since you did say your Software Firewall “blocked” these, so its doing its job!

    Attached Files:

Thread Status:
Not open for further replies.