I think some body is running a port scan on my computer, darn kiddie hackers!

[Bignate603]

I got home and my zonealarm alert log was at it's max, meaning it had blocked over 500 attempts to access my computer. I cleared the log. Guess what, 5 minutes later it had blocked over 500 again. Somebody is busting there nuts trying to get in, another 170 more attempts since I started typing...

 

[Bignate603]

Ok, they're a ton of different IPs trying to access one single port on my system, does that mean anything?

<EDIT>
Just broke 350 since I posted...

 

[LemonHead]

Check this site for some good info...

www.grc.com

it has some good reading.

 

[UofI]

Shut down your computer. It might be the FBI

 

[Bignate603]

nah, the FBI would have tried other ports by now, whoever is doing it should have learned that port is blocked. Not that bright but sure as hell persistant...

Over 1000 blocked requests since I posted....

 

[ivol]

Post their IP.

 

[AnthraX101]

I bet you were somehow linked from some other site. Which port is it? You could be listed as a proxy or some such noncense.

Armani

 

[Bignate603]

there's a bunch of them...
213.237.69.3
216.232.95.41
12.216.1.3
213.187.180.178
143.105.22.173

I've been looking over the log, I can't find any repeats though. the log of all the alerts has gone from about 100k from the time I turned on my computer till I went to school this morning. It's now over 1199k. If you want it I can send it, it lists IPs, the ports they're using etc.. etc...

I've now blocked well over 2000 attempts.

 

[Bignate603]

it's TCP port 1214

 

[rgwalt]

It sounds like you are being hammered by a bunch of script kiddies. Have you pissed anyone off lately? Maybe in CS or something like that?

Ryan

 

[Bignate603]

possibly UT... lol

 

[AnthraX101]

Lol. You guys are so paranoid. That is the Kazaa port. Chances are those guys are trying to download something off of you Close your P2P program maybe?

Armani

 

[Bignate603]

it's off, I haven't had it on yet today.

 

[atrowe]

Port 1214 is Kazaa. Did you have a Kazaa client running while you were gone? It's most likely people trying to establish downloads from your Kazaa shared folder. I would reconfigure Zonealarm to allow requests for port 1214.

 

[AnthraX101]

Doesn't matter. Maybe you're on their SuperNode list. Maybe you have a large file that they realy want to continue on your server. Botom line: Don't immediatly blame those crackers for every little hickup your system has. You have no idea how many people have wanted me to fix their computer cause they were hacked. Ha! Them deleting their own windows folder does not constitute a hack.

If someone is attacking you, using port 1214 is the most inefficent way of doing it I have ever heard.

Armani

 

[Bignate603]

I don't have kazaa installed, I know grokster uses the kazaa network, but I have no trouble using that.

 

[AnthraX101]

Liste, 1214 is the same port that grokster uses. It would be better said that the FastTrack network uses that port.

The reason you can still get things from other people is that you can ask them to send to your open packet stream. Likewise, the others can DL off of you because instead of conecting to you, the request a "push" from you, and your computer will automaticaly send it to them, instead of the other way around.

Realy, you are safe. You're not going to die.

Armani

 

[Descartes]

Damn you all crack me up!!

It's funny to see many reference "script kiddies" when you don't even know what's really going on. First off, a port scan is not an intrusion attempt! You weren't even port scanned! A scan is just that, a scan, not an attempt to connect to a single port. The fact that it's from a diverse # of ips should have told you they were looking for a service.



<< nah, the FBI would have tried other ports by now, whoever is doing it should have learned that port is blocked. Not that bright but sure as hell persistant... >>



No offense, but ahhhhh.... the irony

[edit]Technical clarification: One may scan a subnet looking for a particular port on each host, so an attempt to connect to a single port could indeed be a scan, but the fact that you received the same connection attempt from many other ips suggests that it's not.[/edit]