what's happening in this sceenshot?

Discussion in 'other firewalls' started by iceni60, Dec 1, 2005.

Thread Status:
Not open for further replies.
  1. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    hi, in this screenshot all the 80.42's are on the same ISP as me so they must be worms, right?

    so the 201.7.41.3 must be a script kiddie or someone being controled by one, but not lightly, is that correct?
     

    Attached Files:

  2. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    it doesn't matter i worked it out.
     
  3. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    That would be a reasonable assumption, worm/virus activity from compromised systems. It is not unusual to see higher amounts of these types of scans from within your ISP's subnet.

    Care to share your findings?

    Regards,

    CrazyM
     
  4. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    i just thought it depends which port it is. if it's the netBios ports then it's a hacker, if it's a common file sharing port then the address might have belonged to a file sharer before you. so it depends which port it is. if you see it going through your ports then it's a hacker again. but, it could be a zombie lol not lightly though!

    so i have no idea about that scan o_O it was just a single netbios port, maybe a slow scan, but that would be stupid on a dhcp connection. i don't know. if i had to guess i'd say a silly script kiddie. what do you think?
     
  5. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    OK it's definately someone trying to hack, they sent one UDP datagram to see what the reply was, if they got a reply they may have tried something else. maybe not a silly script kiddie then.
     
    Last edited: Dec 2, 2005
Loading...
Thread Status:
Not open for further replies.