Strange Port Communication

Discussion in 'privacy problems' started by Gamer, Oct 10, 2009.

Thread Status:
Not open for further replies.
  1. Gamer

    Gamer Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    38
    For the past 2 weeks or so my computer has been trying communicate on 1 specific port a few dozen times per day.

    Each time it happens, it goes to a random bunch of IPs.

    The port is UDP 32996.

    I set up my firewall (Look n Stop) to block it, but im still worried about it.

    Find below part my firewall log of the occurrences:

    Any idea what it is? Is that port safe? How do i find out which application is trying to access the internet? I have TCPView, but it only displays in real time.
     
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    You can use the Network tool, Whois, to look up the ip addresses you have posted.

    -- Tom
     
  3. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    I'm not a Look n Stop expert but you MAY have a parasite that is trying to send out to that port on various ip sites, Blocking the port is fine or even the various ip's but that is like putting your finger in the dam to stop a flood.

    1) Post this question over on the Look n Stop forum ASAP

    2) You make no mention of your AV product or an ASW tool! Get a scan done on your PC ASAP you can use a free product like Antivir or a trial version of Nod32 or even go to a web based scan at McAfee or Norton.
    That will deal with the possibility of a virus

    3) Lacking any other name get the free version of SuperAntispyware and run it ASAP.

    If Look N Stop logs can't help id the application doing the UDP get OnLine Amour free or Outpost Pro free as they will find bad applications on your set up.
     
  4. Gamer

    Gamer Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    38
    I ran scans with Malware Bytes Anti-Malware, NOD 32, SuperAntiSpyware and Spybot S & D and they didnt detect anything.

    Oddly enough though, when i try running an online scan at a place like Trend Micro. I get a java error saying installation failed.
     
  5. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Good, no parasite.

    What did Look n Stop say as yet?

    You may wish to run a Shields Up scan to see if any ports are still open.

    Failing these, I'd consider posting a Hyjack this at one of those support sites, Wilder's no longer does those.

    Another brut force method is to use a restore point from before the issue.

    What was the website(s) from your DNS look ups from those ip's?

    Please post an image of those here in the thread.
     
  6. Gamer

    Gamer Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    38
    I restored my OS from a 4 month old ghost (i have Acronis True Image Home). I'm currently running it in safe mode and running a scan at Trend Micro Housecall. Once the scan completes, even if it doesnt find anything; i'll probably just reinstall windows.

    I also have a SonicWall TZ 150 NAT router (its a SOHO router, stronger than the LinkSYS crap). It's configured to allow a small amount of ports to reach my network, i also configured it to block that port for an added layer of security.

    It doesn't look like websites, it looks like home computers.
     
  7. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Here is the translation for your posted ip's.


    Many counties many locations.


    What was the direction of these packets? If they are all incoming then your PC is on a list somewhere and it is not a Trojan on your PC at all. Some are PC's located in businesses not home set ups.




    IP Addresses Report


    Created by using IPNetInfo

    Order1 IP Address96.20.109.248 StatusSucceed CountryCanada Network NameVL-21BL Owner NameLe Groupe Videotron Ltee From IP96.20.0.0 To IP96.23.255.255 AllocatedYes Contact NameLe Groupe Videotron Ltee Address150 Beaubien Ouest
    Montreal
    Phone+1-514-281-8498 Whois SourceARIN Host Name Resolved Namemodemcable248.109-20-96.mc.videotron.ca
    Order2 IP Address96.48.205.238 StatusSucceed CountryCanada Network NameSHAW-COMM Owner NameShaw Communications Inc. From IP96.48.0.0 To IP96.55.255.255 AllocatedYes Contact NameShaw Communications Inc. AddressSuite 800
    630 - 3rd Ave. SW
    Calgary
    Phone+1-403-750-7420 Whois SourceARIN Host Name Resolved NameS0106000ea68986fb.vs.shawcable.net
    Order3 IP Address216.130.68.142 StatusSucceed CountryCanada Network NameMTS-216-130-64-MB-CA Owner NameMTS Allstream Inc. From IP216.130.64.0 To IP216.130.95.255 AllocatedYes Contact NameMTS Allstream Inc. Address333 Main Street
    Winnipeg
    Phone+1-204-988-0219 Whois SourceARIN Host Name Resolved Namebrndmb0243w-ad01-68-142.dynamic.mts.net
    Order4 IP Address207.134.211.221 StatusSucceed CountryCanada Network NameTELUS-207-134-0-0 Owner NameTELUS Communications Inc. From IP207.134.0.0 To IP207.134.255.255 AllocatedYes Contact NameTELUS Communications Inc. Address7 - 3777 Kingsway
    Burnaby
    Phone+1-877-310-8324 Whois SourceARIN Host Name Resolved Namec207.134.211-221.clta.globetrotter.net
    Order5 IP Address142.162.151.208 StatusSucceed CountryCanada Network NameSTENTOR4 Owner NameStentor National Integrated Communications Network From IP142.162.0.0 To IP142.162.255.255 AllocatedYes Contact NameStentor National Integrated Communications Network Address110 O'Connor St.
    Floor 3
    Ottawa
    Phone+1-613-781-9095 Whois SourceARIN Host Name Resolved Namemctnnbsa51w-142162151208.pppoe-dynamic.High-Speed.nb.bellaliant.net
    Order6 IP Address189.164.148.160 StatusSucceed CountryMexico Network NameMX-GDUN-LACNIC Owner NameGestión de direccionamiento UniNet From IP189.164.148.0 To IP189.164.148.255 AllocatedYes Contact NameGESTION DE CAMBIOS AddressPeriferico Sur
    3190

    01900 - México DF - DF
    Phone+52 55 56244400 [] Whois SourceLACNIC Host Name Resolved Namedsl-189-164-148-160.prod-infinitum.com.mx
    Order7 IP Address75.36.252.214 StatusSucceed CountryUSA - Texas Network NameSBCIS-082106131904 Owner NameAT&T Internet Services From IP75.36.248.0 To IP75.36.255.255 AllocatedYes Contact NameAT&T Internet Services Address2701 W. 15th St.
    PMB 236
    Plano
    Phone+1-800-648-1626 Whois SourceARIN Host Name Resolved Nameadsl-75-36-252-214.dsl.pltn13.sbcglobal.net
    Order8 IP Address189.92.206.4 StatusSucceed CountryBrazil Network Name040.432.544/0001-47 Owner NameClaro S/A From IP189.92.0.0 To IP189.95.255.255 AllocatedYes Contact NameCLaro - Voz/Dados Address Phone Whois SourceLACNIC Host Name Resolved Name189-92-206-4.3g.claro.net.br
    Order9 IP Address75.158.104.248 StatusSucceed CountryCanada Network NameTELUS Owner NameTELUS Communications Inc. From IP75.152.0.0 To IP75.159.255.255 AllocatedYes Contact NameTELUS Communications Inc. Address7 - 3777 Kingsway
    Burnaby
    Phone+1-877-310-8324 Whois SourceARIN Host Name Resolved Named75-158-104-248.abhsia.telus.net
    Order10 IP Address159.178.12.50 StatusSucceed CountryUSA - Florida Network NameUMCJACK Owner NameUniversity of Florida/University Medical Center From IP159.178.0.0 To IP159.178.255.255 AllocatedYes Contact NameUniversity of Florida/University Medical Center AddressComputing and Networking Services
    room 112
    ssrb
    stadium road
    po box 112050
    Gainesville
    Phone+1-352-392-2061 Whois SourceARIN Host Name Resolved Name
    Order11 IP Address99.32.23.168 StatusSucceed CountryUSA - Texas Network NameSBCIS-SBIS Owner NameAT&T Internet Services From IP99.0.0.0 To IP99.95.255.255 AllocatedYes Contact NameAT&T Internet Services Address2701 N. Central Expwy # 2205.15
    Richardson
    Phone+1-800-648-1626 Whois SourceARIN Host Name Resolved Name99-32-23-168.uvs.evtnil.sbcglobal.net
    Order12 IP Address96.25.155.154 StatusSucceed CountryUSA - Washington Network NameCLEARWIRE-DNS-NET Owner NameClearwire US LLC From IP96.24.0.0 To IP96.26.255.255 AllocatedYes Contact NameClearwire US LLC Address4400 Carillon Point
    Kirkland
    Phone+1-866-316-7575 Whois SourceARIN Host Name Resolved Name96-25-155-154.yak.clearwire-dns.net
     
  8. Gamer

    Gamer Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    38
    They were all outgoing.

    I forgot to mention, i did an online Virus/Trojan scan with ESET Online Scanner. It didnt detect anything.

    I just installed a fresh copy of Vista and the Trend Micro Housecall online scan is finally working.

    EDIT: Online Scan finished, it found a few trojan in some really old rar's i downloaded a few years ago (but havent executed in several years), i deleted them all.

    I ran shields up test and all tests reported stealthed ports.
     
    Last edited: Oct 12, 2009
Loading...
Thread Status:
Not open for further replies.