[SubSeven 2.x] Port 27374 - Connection request

This showed up on my TDS3 Window:

My firewall also shows that I'm getting a lot of these attempted contacts. And I'm using dial-up. What should a I do?

I the past, my firewall showed that I was getting a lot of these attacks (almost constant), and I did a system recovery because I thought I might have had a Trojan. The attacks lessened for months, then the rate increase again, so I did another system recovery and the attacks became very few again. Now the rate has increased again by a lot, but not as much as the other two times.


TDS3 shows no trojans. Any suggestion about what is happening, and why the attacks decrease after I do a system recovery?

 

I just had some more attacks. And my firewall isn't picking up any of them.

Here is the list so far:

 

Good ol' AOL:

OrgName: America Online
OrgID: AOL
Address: 22000 AOL Way
City: Dulles
StateProv: VA
PostalCode: 20166
Country: US

NetRange: 172.128.0.0 - 172.191.255.255
CIDR: 172.128.0.0/10
NetName: AOL-172BLK
NetHandle: NET-172-128-0-0-1
Parent: NET-172-0-0-0-0
NetType: Direct Allocation
NameServer: DAHA-01.NS.AOL.COM
NameServer: DAHA-02.NS.AOL.COM
NameServer: DAHA-07.NS.AOL.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2000-03-24
Updated: 2003-08-08

TechHandle: AOL-NOC-ARIN
TechName: America Online, Inc.
TechPhone: +1-703-265-4670
TechEmail: domains@aol.net

OrgAbuseHandle: AOL382-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-703-265-4670
OrgAbuseEmail: abuse@aol.net

OrgNOCHandle: AOL236-ARIN
OrgNOCName: NOC
OrgNOCPhone: +1-703-265-4670
OrgNOCEmail: noc@aol.net

OrgTechHandle: AOL-NOC-ARIN
OrgTechName: America Online, Inc.
OrgTechPhone: +1-703-265-4670
OrgTechEmail: domains@aol.net

# ARIN WHOIS database, last updated 2003-12-29 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

 

So it is aol itself, and not a customer doing that?

There have been more requests:

 

Hi JCC

It is quite normal to see these types of connection attempts from people scanning for vulnerable systems. It does not mean you are infected in any way. It is best to just let your firewall block them.

It is not AOL itself scanning you, but systems connected to their network. As for the rate of the scans, it is not unusual to see this fluxuate.

Regards,

CrazyM

 

JCC, Sorry about my frivolous reply earlier I was in a bit of a rush
These scans are far too common and as the others have said can be safely ignored.

If you could tie down the exact source (sometimes very difficult) then you could report the offender to their ISP along with a copy of your firewall log.

Steve Gibson of GRC would refer to these scans as "Internet backround radiation"

Have a good New Year - Pilli

 

Did you besides tightening your firewall also set the TDS sockets (upper right corner) on automated configuration? The portscans who break through the firewall find TDS listening on several ports, so that is another wall for them.

If you had been infected a full system scan with a fully updated TDS would have shown the alarm.