|
Is this something we should be aware of?
Over the last few weeks, I have become aware of a considerable increase of firewall hits for port 17300, maybe 10 per hour or so.
Tracking a few back reveals no specific common site, but one was registered to "UA" "universal" which to me sounds like one of the video or film companies. My suspicions are aroused, because of this common port, it bares resemblence to previous "Worm" attacks where a trojan is waiting for a trigger on a specific port this triojan having been loaded during site browsing or downloading dodgy files. Could it be the certain parties are trying new tricks, to get evidence? anyone else notice similarities in their log files? Zone alarm just report it as blocked and of medium risk !! :o Snark. |
:W: lo there
Becareful Snark...... |
Since alot of trojans seem to use this port there are scanners that people use to find infected machines. I don't know exactly what they do when they find them but if you're not infected then I guess those hits won't do much.
You should check out one of those Peer Guardian type sites. They seem to make a life's work out of these kinds of things. |
If you have a static IP it is actually very common for "known trojan ports" to get alot of hits especially when on any p2p network.
At one time I got so many hits I simply turned off the prompts and locked everything down as tight as I could. depending on how paranoid you are ;) you can create rules that block all know trojan ports which takes some time. But there are a few groups out there like Napho said that make a lifes work out of these things. Often times you can download/view actual rule sets for your firewall to simplify the process. Disable simply things like ping commands etc with your firewall that you may not need and easily give you away. Buy hardware protection if you don't already..... a router is a good simple and inexpensive firewall that is very effective against random scans etc. Remembering the whole time that nothing is secure if someone really wants in they will probably get in. :eke: :eke: :shk::BL: |
hi snark,
the only thing i've heard of lately is the msn Jitux.A worm and it's not causing much damage, mainly because it isn't affecting many machines. - js. |
:) HI Snark! Another thing you could do is check on your own system's security - go to www.grc.com for a free checkup - it doesn't take long, and will give you greater peace of mind
|
GRC Port Authority Report created on UTC: 2004-01-06 at 05:45:58
Results from scan of ports: 0-1055 0 Ports Open 1 Ports Closed 1055 Ports Stealth --------------------- 1056 Ports Tested NO PORTS were found to be OPEN. The port found to be CLOSED was: 113 Other than what is listed above, all ports are STEALTH. TruStealth: FAILED - NOT all tested ports were STEALTH, - NO unsolicited packets were received, - A PING REPLY (ICMP Echo) WAS RECEIVED. This is good no?:beer: This is bad yes? -> Port Authority Database Port 1337 Name: menandmice-dns Purpose: menandmice DNS Description: Related Ports: Background and Additional Information: Trojan Sightings: Shadyshell :sus: |
http://www.stumbleupon.com/url/www.m...ted_links.html
http://www.menandmice.com/DNS-training/ if its to do with that place (wich it looks like) it dont appear to be anything to worry too much about that i can see.. they seem to do alot of stuff with DNS maybe you had a certain program running when you did that test? |
Quote:
No ports open is good:ND: true stealth is the best...... port 113 is often the hardest to stealth surprisingly it is rarely needed. If you are behind a router you can simply forward that port to a IP that doesn't exist like 192.168.1.212 or something. and then the port will stealth and you will 99% most likely not have any adverse effects while browsing the web. Some firewalls have a difficult time handling port 113 read more here http://grc.com/port_113.htm Unless you use PING I would atleast suggest blocking the outgoing reply from your machine. Here's mine GRC Port Authority Report created on UTC: 2004-01-06 at 12:35:52 Results from scan of ports: 0-1055 0 Ports Open 0 Ports Closed 1056 Ports Stealth --------------------- 1056 Ports Tested ALL PORTS tested were found to be: STEALTH. TruStealth: PASSED - ALL tested ports were STEALTH, - NO unsolicited packets were received, - NO Ping reply (ICMP Echo) was received. Scans like GRC are good to a point but almost all scans only scan the most common ports. Mainly because it would just consume too much bandwidth and take to long to hit all 60,000+ ports. Sygate offers a Trojan port scan and a few others to check a few more port ranges http://scan.sygatetech.com/ |
My recent "interesting" hits:
Rejected: 209.132.98.144 - Web Sense (10-25-2003 @ 13:50:02) Rejected: 216.35.71.120 - Overpeer ( see comments) (10-25-2003 @ 14:54:40) Rejected: 216.35.71.105 - Overpeer ( see comments) (10-25-2003 @ 14:54:40) Rejected: 66.35.229.177 - GainCME (Spyware) (11-06-2003 @ 09:45:31) Rejected: 66.35.229.177 - GainCME (Spyware) (11-06-2003 @ 09:48:20) Rejected: 216.35.71.105 - Overpeer ( see comments) (11-13-2003 @ 21:21:13) Rejected: 216.35.71.120 - Overpeer ( see comments) (11-13-2003 @ 21:21:13) Rejected: 216.35.71.105 - Overpeer ( see comments) (11-13-2003 @ 21:21:35) Rejected: 216.35.71.120 - Overpeer ( see comments) (11-13-2003 @ 21:21:35) Rejected: 216.35.71.105 - Overpeer ( see comments) (11-13-2003 @ 21:21:43) Rejected: 216.35.71.120 - Overpeer ( see comments) (11-13-2003 @ 21:21:43) Rejected: 64.49.221.202 - Rackspace.com (BigChampagne Host) split (11-19-2003 @ 09:52:25) Rejected: 64.49.221.198 - Rackspace.com (BigChampagne Host) split (11-19-2003 @ 09:52:26) Rejected: 64.49.221.198 - Rackspace.com (BigChampagne Host) split (11-19-2003 @ 09:52:26) Rejected: 64.49.221.198 - Rackspace.com (BigChampagne Host) split (11-19-2003 @ 09:52:26) Rejected: 64.49.221.198 - Rackspace.com (BigChampagne Host) split (11-19-2003 @ 09:52:26) Rejected: 64.49.221.213 - Rackspace.com (BigChampagne Host) split (11-19-2003 @ 09:52:26) Rejected: 64.49.221.213 - Rackspace.com (BigChampagne Host) split (11-19-2003 @ 09:52:26) Rejected: 64.49.221.213 - Rackspace.com (BigChampagne Host) split (11-19-2003 @ 09:52:26) Rejected: 209.132.98.144 - Web Sense (11-20-2003 @ 22:02:56) Rejected: 216.35.71.105 - Overpeer ( see comments) (12-01-2003 @ 12:12:08) Rejected: 216.35.71.120 - Overpeer ( see comments) (12-01-2003 @ 12:12:08) Rejected: 216.35.71.105 - Overpeer ( see comments) (12-01-2003 @ 12:12:13) Rejected: 216.35.71.120 - Overpeer ( see comments) (12-01-2003 @ 12:12:13) Rejected: 64.49.219.163 - Rackspace.com (BigChampagne Host) split (12-02-2003 @ 00:05:06) Rejected: 64.49.219.163 - Rackspace.com (BigChampagne Host) split (12-02-2003 @ 00:06:34) Rejected: 64.32.234.22 - IRMA (Mail) (12-05-2003 @ 15:39:39) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 12:36:44) Rejected: 207.155.252.18 - NetPD (12-11-2003 @ 14:02:12) Rejected: 207.155.252.72 - NetPD (12-11-2003 @ 14:02:13) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 14:28:58) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 14:38:18) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 14:38:28) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 14:44:01) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 14:50:20) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 14:55:41) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 15:03:49) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 15:08:43) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 15:28:07) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 15:38:33) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 15:43:27) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 15:49:57) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 15:53:37) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 15:59:31) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 16:05:19) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 16:06:44) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 16:14:22) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 16:16:46) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 16:25:57) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 16:33:11) Rejected: 64.32.234.22 - IRMA (Mail) (12-11-2003 @ 18:26:57) Rejected: 216.35.71.120 - Overpeer ( see comments) (12-15-2003 @ 21:04:20) Rejected: 216.35.71.105 - Overpeer ( see comments) (12-15-2003 @ 21:04:20) Rejected: 149.101.1.32 - US Department of Justices (12-17-2003 @ 13:41:48) Rejected: 149.101.1.32 - US Department of Justices (12-17-2003 @ 13:42:33) Rejected: 149.101.1.32 - US Department of Justices (12-17-2003 @ 13:42:40) Rejected: 205.150.75.137 - CAAST.org (12-23-2003 @ 19:36:07) Rejected: 205.150.75.137 - CAAST.org (12-23-2003 @ 19:39:30) Rejected: 216.194.228.23 - IDSA (12-24-2003 @ 10:42:22) Rejected: 64.49.242.119 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:16:31) Rejected: 64.49.242.119 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:16:56) Rejected: 64.49.242.119 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:17:10) Rejected: 64.49.242.119 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:17:20) Rejected: 64.49.242.119 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:17:28) Rejected: 64.49.242.119 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:17:42) Rejected: 64.49.242.119 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:17:47) Rejected: 64.49.242.119 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:18:04) Rejected: 64.49.242.119 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:18:11) Rejected: 64.49.242.119 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:19:14) Rejected: 64.49.229.188 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:34:55) Rejected: 66.35.229.241 - GainCME (Spyware) (12-26-2003 @ 07:02:12) Rejected: 66.35.229.241 - GainCME (Spyware) (12-26-2003 @ 07:03:00) Rejected: 66.35.229.241 - GainCME (Spyware) (12-26-2003 @ 07:03:00) Rejected: 66.79.168.160 - MediaDefender (12-26-2003 @ 07:03:22) Rejected: 66.79.168.160 - MediaDefender (12-26-2003 @ 07:03:23) Rejected: 66.79.168.160 - MediaDefender (12-26-2003 @ 07:03:23) Rejected: 66.79.168.160 - MediaDefender (12-26-2003 @ 07:03:24) Rejected: 66.79.168.160 - MediaDefender (12-26-2003 @ 07:03:25) Rejected: 66.79.168.160 - MediaDefender (12-26-2003 @ 07:03:25) Rejected: 192.150.18.32 - Adobe Systems Inc. (12-31-2003 @ 08:32:34) Rejected: 192.150.20.32 - Adobe Systems Inc. (12-31-2003 @ 21:07:01) Rejected: 192.150.18.32 - Adobe Systems Inc. (12-31-2003 @ 21:08:04) Rejected: 192.150.18.32 - Adobe Systems Inc. (12-31-2003 @ 21:09:05) Rejected: 192.150.20.32 - Adobe Systems Inc. (12-31-2003 @ 21:10:07) Rejected: 192.150.19.32 - Adobe Systems Inc. (12-31-2003 @ 21:11:08) Rejected: 192.150.20.32 - Adobe Systems Inc. (12-31-2003 @ 21:12:10) Rejected: 192.150.18.32 - Adobe Systems Inc. (12-31-2003 @ 21:13:11) Rejected: 192.150.18.32 - Adobe Systems Inc. (12-31-2003 @ 21:14:13) Rejected: 192.150.18.32 - Adobe Systems Inc. (12-31-2003 @ 21:15:15) Rejected: 192.150.18.32 - Adobe Systems Inc. (12-31-2003 @ 21:16:16) Rejected: 192.150.18.32 - Adobe Systems Inc. (12-31-2003 @ 21:17:17) Rejected: 192.150.18.32 - Adobe Systems Inc. (12-31-2003 @ 21:18:32) Rejected: 192.150.19.32 - Adobe Systems Inc. (12-31-2003 @ 21:19:33) Rejected: 192.150.18.32 - Adobe Systems Inc. (12-31-2003 @ 21:20:35) Rejected: 192.150.19.32 - Adobe Systems Inc. (12-31-2003 @ 21:21:36) Rejected: 192.150.14.120 - Adobe Systems Inc. (01-02-2004 @ 08:54:42) Rejected: 192.150.18.32 - Adobe Systems Inc. (01-02-2004 @ 08:54:44) Rejected: 192.150.18.33 - Adobe Systems Inc. (01-02-2004 @ 08:55:45) Rejected: 192.150.18.33 - Adobe Systems Inc. (01-02-2004 @ 11:27:42) Rejected: 192.150.18.32 - Adobe Systems Inc. (01-02-2004 @ 11:28:44) Rejected: 192.150.19.32 - Adobe Systems Inc. (01-02-2004 @ 11:29:45) Rejected: 192.150.18.33 - Adobe Systems Inc. (01-02-2004 @ 11:30:47) Rejected: 192.150.19.32 - Adobe Systems Inc. (01-02-2004 @ 13:15:52) Rejected: 192.150.19.32 - Adobe Systems Inc. (01-02-2004 @ 13:16:54) Rejected: 192.150.19.32 - Adobe Systems Inc. (01-02-2004 @ 13:17:55) Rejected: 192.150.18.33 - Adobe Systems Inc. (01-02-2004 @ 13:18:56) Rejected: 192.150.19.32 - Adobe Systems Inc. (01-02-2004 @ 13:19:58) Rejected: 192.150.20.33 - Adobe Systems Inc. (01-02-2004 @ 13:20:59) Rejected: 192.150.18.32 - Adobe Systems Inc. (01-02-2004 @ 13:22:01) Rejected: 192.150.18.33 - Adobe Systems Inc. (01-02-2004 @ 13:23:02) Rejected: 192.150.19.32 - Adobe Systems Inc. (01-02-2004 @ 13:25:10) Rejected: 192.150.20.32 - Adobe Systems Inc. (01-02-2004 @ 13:26:12) Rejected: 192.150.20.32 - Adobe Systems Inc. (01-02-2004 @ 13:27:13) Rejected: 192.150.19.32 - Adobe Systems Inc. (01-02-2004 @ 13:28:15) Rejected: 192.150.19.32 - Adobe Systems Inc. (01-02-2004 @ 13:29:16) Rejected: 192.150.18.33 - Adobe Systems Inc. (01-02-2004 @ 13:30:18) Rejected: 192.150.20.33 - Adobe Systems Inc. (01-02-2004 @ 13:31:19) Rejected: 192.150.18.33 - Adobe Systems Inc. (01-02-2004 @ 13:32:21) Rejected: 63.236.94.39 - Take Two Interactive (01-06-2004 @ 13:14:38) |
| All times are GMT -6. The time now is 05:29 PM. |
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)