[SubSeven 2.x] Port 27374 - Connection request

Discussion in 'Trojan Defence Suite' started by JCC, Dec 30, 2003.

Thread Status:
Not open for further replies.
  1. JCC

    JCC Guest

    This showed up on my TDS3 Window:

    My firewall also shows that I'm getting a lot of these attempted contacts. And I'm using dial-up. What should a I do?

    I the past, my firewall showed that I was getting a lot of these attacks (almost constant), and I did a system recovery because I thought I might have had a Trojan. The attacks lessened for months, then the rate increase again, so I did another system recovery and the attacks became very few again. Now the rate has increased again by a lot, but not as much as the other two times.


    TDS3 shows no trojans. Any suggestion about what is happening, and why the attacks decrease after I do a system recovery?
     
  2. JCC

    JCC Guest

    I just had some more attacks. And my firewall isn't picking up any of them.

    Here is the list so far:


    o_O
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Good ol' AOL:

    OrgName: America Online
    OrgID: AOL
    Address: 22000 AOL Way
    City: Dulles
    StateProv: VA
    PostalCode: 20166
    Country: US

    NetRange: 172.128.0.0 - 172.191.255.255
    CIDR: 172.128.0.0/10
    NetName: AOL-172BLK
    NetHandle: NET-172-128-0-0-1
    Parent: NET-172-0-0-0-0
    NetType: Direct Allocation
    NameServer: DAHA-01.NS.AOL.COM
    NameServer: DAHA-02.NS.AOL.COM
    NameServer: DAHA-07.NS.AOL.COM
    Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
    RegDate: 2000-03-24
    Updated: 2003-08-08

    TechHandle: AOL-NOC-ARIN
    TechName: America Online, Inc.
    TechPhone: +1-703-265-4670
    TechEmail: domains@aol.net

    OrgAbuseHandle: AOL382-ARIN
    OrgAbuseName: Abuse
    OrgAbusePhone: +1-703-265-4670
    OrgAbuseEmail: abuse@aol.net

    OrgNOCHandle: AOL236-ARIN
    OrgNOCName: NOC
    OrgNOCPhone: +1-703-265-4670
    OrgNOCEmail: noc@aol.net

    OrgTechHandle: AOL-NOC-ARIN
    OrgTechName: America Online, Inc.
    OrgTechPhone: +1-703-265-4670
    OrgTechEmail: domains@aol.net

    # ARIN WHOIS database, last updated 2003-12-29 19:15
    # Enter ? for additional hints on searching ARIN's WHOIS database.
     
  4. JCC

    JCC Guest

    So it is aol itself, and not a customer doing that?

    There have been more requests:


     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    No it is not AOL. With all of AOL's base it is hardly surprising that they have a lot of infected users. I also have been seeing a bunch of these lately, but my firewall (ZA Pro) does stop them, as any good firewall should. Some come from AOL users, I've seen some from Comcast, and just about every other ISP.

    If your firewall isn't catching them, thats the first problem to fix.
     
  6. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi JCC

    It is quite normal to see these types of connection attempts from people scanning for vulnerable systems. It does not mean you are infected in any way. It is best to just let your firewall block them.

    It is not AOL itself scanning you, but systems connected to their network. As for the rate of the scans, it is not unusual to see this fluxuate.

    Regards,

    CrazyM
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    JCC, Sorry about my frivolous reply earlier I was in a bit of a rush:(
    These scans are far too common and as the others have said can be safely ignored.

    If you could tie down the exact source (sometimes very difficult) then you could report the offender to their ISP along with a copy of your firewall log.

    Steve Gibson of GRC would refer to these scans as "Internet backround radiation" :)

    Have a good New Year - Pilli
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Did you besides tightening your firewall also set the TDS sockets (upper right corner) on automated configuration? The portscans who break through the firewall find TDS listening on several ports, so that is another wall for them.

    If you had been infected a full system scan with a fully updated TDS would have shown the alarm.
     
Thread Status:
Not open for further replies.