Help - Search - Members - Calendar
Full Version: Persistent Scans
TotalChoice Hosting Family Forums > TotalChoice Hosting General Support > Security Discussions
annie
Jan 25 2005, 10:53 AM
There are some users on my ISP that keep trying to access my computer.

I'm not 100% sure what they're trying to do.

At first I thought they were zombies. Then I read up on messenger spam, and now I saw something about MSQL attacks.

Anyway, here's from my log today. Time zone is GMT:



Jan 25 15:25:00 home.gateway:firewall:info: 270665.073 Blocked Prot=6, xx.xxx.xxx.xxx(attacker):3426 > xx.xxx.xxx.xxx(mine):135, S Seq=-1102522738, Ack=0 -Default Defense

Jan 25 15:25:00 home.gateway:firewall:info: 270665.073 Blocked Prot=6, xx.xxx.xxx.xxx(attacker):3426 > xx.xxx.xxx.xxx(mine):135, S Seq=-1102522738, Ack=0 -Disallowed Destination IP

Jan 25 15:25:00 home.gateway:firewall:info: 270665.085 Blocked Prot=6, xx.xxx.xxx.xxx(attacker):3427 > xx.xxx.xxx.xxx(mine):1025, S Seq=-1102439480, Ack=0 -Default Defense

Jan 25 15:25:00 home.gateway:firewall:info: 270665.085 Blocked Prot=6, xx.xxx.xxx.xxx(attacker):3427 > xx.xxx.xxx.xxx(mine):1025, S Seq=-1102439480, Ack=0 -Disallowed Destination IP

Jan 25 15:25:00 home.gateway:firewall:info: 270665.112 Blocked Prot=6, xx.xxx.xxx.xxx(attacker):3429 > xx.xxx.xxx.xxx(mine):1433, S Seq=-1102329596, Ack=0 -Default Defense

Jan 25 15:25:00 home.gateway:firewall:info: 270665.112 Blocked Prot=6, xx.xxx.xxx.xxx(attacker):3429 > xx.xxx.xxx.xxx(mine):1433, S Seq=-1102329596, Ack=0 -Disallowed Destination IP

Jan 25 15:25:03 home.gateway:firewall:info: 270667.980 Blocked Prot=6, xx.xxx.xxx.xxx(attacker):3426 > xx.xxx.xxx.xxx(mine):135, S Seq=-1102522738, Ack=0 -Default Defense

Jan 25 15:25:03 home.gateway:firewall:info: 270667.980 Blocked Prot=6, xx.xxx.xxx.xxx(attacker):3426 > xx.xxx.xxx.xxx(mine):135, S Seq=-1102522738, Ack=0 -Disallowed Destination IP

Jan 25 15:25:03 home.gateway:firewall:info: 270668.079 Blocked Prot=6, xx.xxx.xxx.xxx(attacker):3427 > xx.xxx.xxx.xxx(mine):1025, S Seq=-1102439480, Ack=0 -Default Defense

Jan 25 15:25:03 home.gateway:firewall:info: 270668.079 Blocked Prot=6, xx.xxx.xxx.xxx(attacker):3427 > xx.xxx.xxx.xxx(mine):1025, S Seq=-1102439480, Ack=0 -Disallowed Destination IP

Jan 25 15:25:03 home.gateway:firewall:info: 270668.099 Blocked Prot=6, xx.xxx.xxx.xxx(attacker):3429 > xx.xxx.xxx.xxx(mine):1433, S Seq=-1102329596, Ack=0 -Default Defense

Jan 25 15:25:03 home.gateway:firewall:info: 270668.099 Blocked Prot=6, xx.xxx.xxx.xxx(attacker):3429 > xx.xxx.xxx.xxx(mine):1433, S Seq=-1102329596, Ack=0 -Disallowed Destination IP
Madmanmcp
Jan 25 2005, 01:20 PM
These are mostly the many worms that have been written lately and have infected your "neighbors" on your ISP. Your firewall is doing its job so I would just ignore them.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.