Sygate

Discussion in 'NZ Computing' started by Roger Dewhurst, Oct 1, 2005.

  1. Sygate Personal Firewall is giving me occasional warnings of port attacks.
    can I find out where these are coming from?

    r
    Roger Dewhurst, Oct 1, 2005
    #1
    1. Advertising

  2. Roger Dewhurst

    Enkidu Guest

    Roger Dewhurst wrote:
    >
    > Sygate Personal Firewall is giving me occasional
    > warnings of port attacks. can I find out where
    > these are coming from?
    >

    Should be in the logs. What do they show?

    Cheers,

    Cliff

    --

    Barzoomian the Martian - http://barzoomian.blogspot.com
    Enkidu, Oct 1, 2005
    #2
    1. Advertising

  3. "Enkidu" <> wrote in message
    news:433dfbed$...
    > Roger Dewhurst wrote:
    > >
    > > Sygate Personal Firewall is giving me occasional
    > > warnings of port attacks. can I find out where
    > > these are coming from?
    > >

    > Should be in the logs. What do they show?



    This:-

    Somebody is scanning your computer.
    Your computer's TCP ports:
    135, 445, 80, and 139 have been scanned from 203.173.223.25..

    and

    Somebody is scanning your computer.
    Your computer's TCP ports:
    135, 445, 80, and 139 have been scanned from 203.96.212.23..

    and

    Somebody is scanning your computer.
    Your computer's TCP ports:
    135, 445, 80, and 139 have been scanned from 203.96.146.55..

    Who is this bastard, or these as the case may be?

    R
    Roger Dewhurst, Oct 1, 2005
    #3
  4. Roger Dewhurst

    Dave Taylor Guest

    "Roger Dewhurst" <> wrote in news:dhmmv6$joc$1
    @lust.ihug.co.nz:

    > Who is this bastard, or these as the case may be?


    They may not be a malicious user(s). That is normal internet background
    noise.

    See http://www.dshield.org for more info

    http://www.dshield.org/primer.php
    This introduction is intended to provide a basic understanding of how the
    Internet works and how this applies to firewalls. Thick books have been
    written about this, and you are encouraged to read one of them if you
    would like to know more. This page will just provide a brief definition
    of many of the terms used on this site.

    http://www.dshield.org/reports.php
    Reports and Database Summaries

    Top 10 Most Wanted Top 10 offenders according to the DShield database.
    Top 10 Ports Top 10 most probed ports.
    Port Report Provides a thirty day history of a user selected port.
    IP Info Provides information about an IP address.
    Subnet Report Get a summary of recent activity from a Subnet
    Block List List of IP address ranges that you might want to block.


    --
    Ciao, Dave
    Dave Taylor, Oct 2, 2005
    #4
  5. Roger Dewhurst

    Enkidu Guest

    Roger Dewhurst wrote:
    > "Enkidu" <> wrote in message
    > news:433dfbed$...
    >
    >>Roger Dewhurst wrote:
    >> >

    >>
    >>>Sygate Personal Firewall is giving me occasional

    >>
    >> > warnings of port attacks. can I find out where
    >> > these are coming from?

    >>
    >>Should be in the logs. What do they show?

    >
    >
    >
    > This:-
    >
    > Somebody is scanning your computer.
    > Your computer's TCP ports:
    > 135, 445, 80, and 139 have been scanned from 203.173.223.25..
    >

    25.223.173.203.in-addr.arpa. 43200 IN PTR
    p279-tga-cameron-nas2.ihug.co.nz

    > and
    >
    > Somebody is scanning your computer.
    > Your computer's TCP ports:
    > 135, 445, 80, and 139 have been scanned from 203.96.212.23..
    >

    23.212.96.203.in-addr.arpa. 25541 IN PTR
    203-96-212-23.ihug.net
    >
    > and
    >
    > Somebody is scanning your computer.
    > Your computer's TCP ports:
    > 135, 445, 80, and 139 have been scanned from 203.96.146.55..
    >

    55.146.96.203.in-addr.arpa. 172800 IN PTR
    203-96-146-55.apx1.paradise.net.nz

    > Who is this bastard, or these as the case may be?
    >

    The ports are related SMB (file sharing, 135, 139, 445) http
    (80). I wouldn't worry too much, since Sygate is doing its
    job. Probably users with a virus.

    Cheers,

    Cliff

    --

    Barzoomian the Martian - http://barzoomian.blogspot.com
    Enkidu, Oct 2, 2005
    #5
  6. Roger Dewhurst

    Enkidu Guest

    Dave Taylor wrote:
    > "Roger Dewhurst" <> wrote in news:dhmmv6$joc$1
    > @lust.ihug.co.nz:
    >
    >>Who is this bastard, or these as the case may be?

    >
    > They may not be a malicious user(s). That is normal internet
    > background noise.
    >

    maybe not malicious, but prossibly infected.

    Cheers,

    Cliff

    --

    Barzoomian the Martian - http://barzoomian.blogspot.com
    Enkidu, Oct 2, 2005
    #6
  7. Roger Dewhurst

    Shane Guest

    On Sun, 02 Oct 2005 17:44:25 +1300, Enkidu wrote:

    > Dave Taylor wrote:
    >> "Roger Dewhurst" <> wrote in news:dhmmv6$joc$1
    >> @lust.ihug.co.nz:
    >>
    >>>Who is this bastard, or these as the case may be?

    >>
    >> They may not be a malicious user(s). That is normal internet
    > > background noise.
    >>

    > maybe not malicious, but prossibly infected.
    >
    > Cheers,
    >
    > Cliff


    Or poorly setup home networks advertising themselves on the intarweb
    (well.. except for the port 80 scan)
    --
    Hardware, n.: The parts of a computer system that can be kicked

    The best way to get the right answer on usenet is to post the wrong one.
    Shane, Oct 2, 2005
    #7
  8. In article <433f65aa$>,
    says...
    >
    > maybe not malicious, but prossibly infected.
    >
    > Cheers,
    >
    > Cliff


    Someone scanning 135 and 139 I would suspect of be chasing vulnerable
    Windows machines and trying to get in via dcom or netbios attacks.

    Most likely malicious, I'd say.

    -P.

    --
    =========================================
    firstname dot lastname at gmail fullstop com
    Peter Huebner, Oct 7, 2005
    #8
  9. Roger Dewhurst

    Enkidu Guest

    Peter Huebner wrote:
    > In article <433f65aa$>,
    > says...
    >
    >>maybe not malicious, but prossibly infected.
    >>

    > Someone scanning 135 and 139 I would suspect of be chasing
    > vulnerable Windows machines and trying to get in via dcom
    > or netbios attacks.
    >
    > Most likely malicious, I'd say.
    >

    Well, I meant that the machines may be 'owned' but the user
    could be unaware of the fact.

    Cheers,

    Cliff

    --

    Barzoomian the Martian - http://barzoomian.blogspot.com
    Enkidu, Oct 8, 2005
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. jafiwam

    Re: Sygate Personal Firewall readout

    jafiwam, Jul 4, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    482
    jafiwam
    Jul 4, 2003
  2. Philippe L. Balmanno

    Re: Sygate Personal Firewall readout

    Philippe L. Balmanno, Jul 4, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    557
    Philippe L. Balmanno
    Jul 5, 2003
  3. Sonia

    My Sygate firewall is getting full

    Sonia, Aug 22, 2003, in forum: Computer Support
    Replies:
    13
    Views:
    690
  4. Samantha Jackson

    Sygate,Outpost query

    Samantha Jackson, Oct 1, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    419
    ┬░Mike┬░
    Oct 1, 2003
  5. Sygate Firewall

    , Dec 18, 2003, in forum: Computer Support
    Replies:
    10
    Views:
    773
    [ Doc Jeff ]
    Dec 19, 2003
Loading...

Share This Page