Deja Q
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Aug-24-03 12:02 AM
Original message |
Invalid TCP source port attack |
|
My firewall just caught this attack. I've never encounted this before.
I've had lots of back door trojan attacks but nothing quite like this!
What does that attack indicate? Potential spoofing or hijacking of my address?
|
NYC
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Aug-24-03 12:07 AM
Response to Original message |
|
Edited on Sun Aug-24-03 12:08 AM by NYC
what TCP means, but I've had 251 alerts in 26 1/2 hours. I can't tell the source because I use the free version of Zone Alarm.
Edit: I haven't been logged in for most of those hours.
|
Deja Q
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Aug-24-03 12:13 AM
Response to Reply #1 |
2. I've noticed a fairly high level of attempted break-ins too |
|
Lots of back-door trojan attacks averted...
I can trace the locations of these luzers who try to attack but all I do know is that they're popping all over the country. I was attacked once from India, but that was a while ago. Now that they're getting all our jobs, they're too happy to try to infiltrate and break us all... :grr:
Wow, 2 posts involving "back door" and "trojan" and no double entendres. For me, that's a record! :evilgrin:
|
Bossy Monkey
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Aug-24-03 12:34 AM
Response to Reply #2 |
9. Finland, Russia, France, Belgium, Germany-- my high level alerts |
|
are rockin' all over the world. One came from me, though, and that disturbed me more than the others. Probably just ET phoning home; I'm pretty sure I'm clean. Who still makes viruses for Win98?
|
TheZoo
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Aug-24-03 12:15 AM
Response to Original message |
|
Port 135 is the MSBlast worm, port 80 is the Wilchia worm, and there's the ICMP protocol used for pinging - that's another one that I can't remember.
When I was downloading from Kazaa Lite, I got a few attacks from an IP address 62.219.135.164. Norton's blocked it and I haven't seen that IP address in a while.
|
Deja Q
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Aug-24-03 12:16 AM
Response to Reply #3 |
|
I didn't see a port specified, but knowing that is definitely good to know - thanks!
|
TheZoo
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Aug-24-03 12:26 AM
Response to Reply #4 |
8. I just checked the firewall's log |
|
It showed the following:
Details: Intrusion: Invalid TCP Flags Intruder: 62.219.135.164 Risk Level: Medium Source IP address: 62.219.135.164 Destination IP address: e-turd(192.168.254.88) TCP Source Port: 1369 TCP Destination Port: 4059 TCP Flags invalid: 0x00000015.
When I traced the IP address, it showed that the country of origin is Israel.
|
nextbillgates
(118 posts)
Send PM |
Profile |
Ignore
|
Sun Aug-24-03 12:18 AM
Response to Original message |
5. Here's the explanation from Symantec's site |
DS1
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Aug-24-03 12:22 AM
Response to Reply #5 |
7. well holy shit, it's nextbillgates again |
|
I didn't expect to see you back here again.
|
nextbillgates
(118 posts)
Send PM |
Profile |
Ignore
|
Sun Aug-24-03 12:37 AM
Response to Reply #7 |
DS1
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Aug-24-03 12:21 AM
Response to Original message |
6. what this means is your firewall worked |
|
and kicked the motherfucker out. rest easy.
I run a double firewall, and the slight percentage that makes it past my router has to deal with an even better firewall.
besides, you don't let microsoft save your passwords, do you?
|
DU
AdBot (1000+ posts) |
Wed May 01st 2024, 09:20 AM
Response to Original message |