Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Sygate

Reply
Thread Tools

Sygate

 
 
Roger Dewhurst
Guest
Posts: n/a
 
      10-01-2005
Sygate Personal Firewall is giving me occasional warnings of port attacks.
can I find out where these are coming from?

r


 
Reply With Quote
 
 
 
 
Enkidu
Guest
Posts: n/a
 
      10-01-2005
Roger Dewhurst wrote:
>
> Sygate Personal Firewall is giving me occasional
> warnings of port attacks. can I find out where
> these are coming from?
>

Should be in the logs. What do they show?

Cheers,

Cliff

--

Barzoomian the Martian - http://barzoomian.blogspot.com
 
Reply With Quote
 
 
 
 
Roger Dewhurst
Guest
Posts: n/a
 
      10-01-2005

"Enkidu" <(E-Mail Removed)> wrote in message
news:433dfbed$(E-Mail Removed)...
> Roger Dewhurst wrote:
> >
> > Sygate Personal Firewall is giving me occasional
> > warnings of port attacks. can I find out where
> > these are coming from?
> >

> Should be in the logs. What do they show?



This:-

Somebody is scanning your computer.
Your computer's TCP ports:
135, 445, 80, and 139 have been scanned from 203.173.223.25..

and

Somebody is scanning your computer.
Your computer's TCP ports:
135, 445, 80, and 139 have been scanned from 203.96.212.23..

and

Somebody is scanning your computer.
Your computer's TCP ports:
135, 445, 80, and 139 have been scanned from 203.96.146.55..

Who is this bastard, or these as the case may be?

R


 
Reply With Quote
 
Dave Taylor
Guest
Posts: n/a
 
      10-02-2005
"Roger Dewhurst" <(E-Mail Removed)> wrote in news:dhmmv6$joc$1
@lust.ihug.co.nz:

> Who is this bastard, or these as the case may be?


They may not be a malicious user(s). That is normal internet background
noise.

See http://www.dshield.org for more info

http://www.dshield.org/primer.php
This introduction is intended to provide a basic understanding of how the
Internet works and how this applies to firewalls. Thick books have been
written about this, and you are encouraged to read one of them if you
would like to know more. This page will just provide a brief definition
of many of the terms used on this site.

http://www.dshield.org/reports.php
Reports and Database Summaries

Top 10 Most Wanted Top 10 offenders according to the DShield database.
Top 10 Ports Top 10 most probed ports.
Port Report Provides a thirty day history of a user selected port.
IP Info Provides information about an IP address.
Subnet Report Get a summary of recent activity from a Subnet
Block List List of IP address ranges that you might want to block.


--
Ciao, Dave
 
Reply With Quote
 
Enkidu
Guest
Posts: n/a
 
      10-02-2005
Roger Dewhurst wrote:
> "Enkidu" <(E-Mail Removed)> wrote in message
> news:433dfbed$(E-Mail Removed)...
>
>>Roger Dewhurst wrote:
>> >

>>
>>>Sygate Personal Firewall is giving me occasional

>>
>> > warnings of port attacks. can I find out where
>> > these are coming from?

>>
>>Should be in the logs. What do they show?

>
>
>
> This:-
>
> Somebody is scanning your computer.
> Your computer's TCP ports:
> 135, 445, 80, and 139 have been scanned from 203.173.223.25..
>

25.223.173.203.in-addr.arpa. 43200 IN PTR
p279-tga-cameron-nas2.ihug.co.nz

> and
>
> Somebody is scanning your computer.
> Your computer's TCP ports:
> 135, 445, 80, and 139 have been scanned from 203.96.212.23..
>

23.212.96.203.in-addr.arpa. 25541 IN PTR
203-96-212-23.ihug.net
>
> and
>
> Somebody is scanning your computer.
> Your computer's TCP ports:
> 135, 445, 80, and 139 have been scanned from 203.96.146.55..
>

55.146.96.203.in-addr.arpa. 172800 IN PTR
203-96-146-55.apx1.paradise.net.nz

> Who is this bastard, or these as the case may be?
>

The ports are related SMB (file sharing, 135, 139, 445) http
(80). I wouldn't worry too much, since Sygate is doing its
job. Probably users with a virus.

Cheers,

Cliff

--

Barzoomian the Martian - http://barzoomian.blogspot.com
 
Reply With Quote
 
Enkidu
Guest
Posts: n/a
 
      10-02-2005
Dave Taylor wrote:
> "Roger Dewhurst" <(E-Mail Removed)> wrote in news:dhmmv6$joc$1
> @lust.ihug.co.nz:
>
>>Who is this bastard, or these as the case may be?

>
> They may not be a malicious user(s). That is normal internet
> background noise.
>

maybe not malicious, but prossibly infected.

Cheers,

Cliff

--

Barzoomian the Martian - http://barzoomian.blogspot.com
 
Reply With Quote
 
Shane
Guest
Posts: n/a
 
      10-02-2005
On Sun, 02 Oct 2005 17:44:25 +1300, Enkidu wrote:

> Dave Taylor wrote:
>> "Roger Dewhurst" <(E-Mail Removed)> wrote in news:dhmmv6$joc$1
>> @lust.ihug.co.nz:
>>
>>>Who is this bastard, or these as the case may be?

>>
>> They may not be a malicious user(s). That is normal internet
> > background noise.
>>

> maybe not malicious, but prossibly infected.
>
> Cheers,
>
> Cliff


Or poorly setup home networks advertising themselves on the intarweb
(well.. except for the port 80 scan)
--
Hardware, n.: The parts of a computer system that can be kicked

The best way to get the right answer on usenet is to post the wrong one.

 
Reply With Quote
 
Peter Huebner
Guest
Posts: n/a
 
      10-07-2005
In article <433f65aa$(E-Mail Removed)>, http://www.velocityreviews.com/forums/(E-Mail Removed)
says...
>
> maybe not malicious, but prossibly infected.
>
> Cheers,
>
> Cliff


Someone scanning 135 and 139 I would suspect of be chasing vulnerable
Windows machines and trying to get in via dcom or netbios attacks.

Most likely malicious, I'd say.

-P.

--
=========================================
firstname dot lastname at gmail fullstop com
 
Reply With Quote
 
Enkidu
Guest
Posts: n/a
 
      10-08-2005
Peter Huebner wrote:
> In article <433f65aa$(E-Mail Removed)>, (E-Mail Removed)
> says...
>
>>maybe not malicious, but prossibly infected.
>>

> Someone scanning 135 and 139 I would suspect of be chasing
> vulnerable Windows machines and trying to get in via dcom
> or netbios attacks.
>
> Most likely malicious, I'd say.
>

Well, I meant that the machines may be 'owned' but the user
could be unaware of the fact.

Cheers,

Cliff

--

Barzoomian the Martian - http://barzoomian.blogspot.com
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Sygate Firewall rfdjr1@optonline.net Computer Support 10 12-19-2003 03:15 PM
Sygate,Outpost query Samantha Jackson Computer Support 2 10-01-2003 07:38 PM
My Sygate firewall is getting full Sonia Computer Support 13 08-22-2003 08:16 PM
Re: Sygate Personal Firewall readout Philippe L. Balmanno Computer Support 2 07-04-2003 11:13 PM
Re: Sygate Personal Firewall readout jafiwam Computer Support 0 07-04-2003 02:46 PM



Advertisments