|
Peer to Peer The 3rd millenium technology! |
|
Thread Tools | Search this Thread | Display Modes |
05-01-04, 04:39 AM | #1 |
OpenNap Server Operator
Join Date: Jan 2002
Location: U.K
Posts: 401
|
Is this something we should be aware of?
Over the last few weeks, I have become aware of a considerable increase of firewall hits for port 17300, maybe 10 per hour or so.
Tracking a few back reveals no specific common site, but one was registered to "UA" "universal" which to me sounds like one of the video or film companies. My suspicions are aroused, because of this common port, it bares resemblence to previous "Worm" attacks where a trojan is waiting for a trigger on a specific port this triojan having been loaded during site browsing or downloading dodgy files. Could it be the certain parties are trying new tricks, to get evidence? anyone else notice similarities in their log files? Zone alarm just report it as blocked and of medium risk !! Snark. |
05-01-04, 05:31 AM | #2 |
yea, it's me.
Join Date: Jan 2002
Location: usa
Posts: 2,093
|
lo there
Becareful Snark...... |
05-01-04, 05:40 AM | #3 |
Dawn's private genie
Join Date: May 2001
Location: the Canadian wasteland
Posts: 4,461
|
Since alot of trojans seem to use this port there are scanners that people use to find infected machines. I don't know exactly what they do when they find them but if you're not infected then I guess those hits won't do much.
You should check out one of those Peer Guardian type sites. They seem to make a life's work out of these kinds of things. |
05-01-04, 01:31 PM | #4 |
Just Looking Around
Join Date: Jan 2002
Location: Right here!!!
Posts: 341
|
If you have a static IP it is actually very common for "known trojan ports" to get alot of hits especially when on any p2p network.
At one time I got so many hits I simply turned off the prompts and locked everything down as tight as I could. depending on how paranoid you are you can create rules that block all know trojan ports which takes some time. But there are a few groups out there like Napho said that make a lifes work out of these things. Often times you can download/view actual rule sets for your firewall to simplify the process. Disable simply things like ping commands etc with your firewall that you may not need and easily give you away. Buy hardware protection if you don't already..... a router is a good simple and inexpensive firewall that is very effective against random scans etc. Remembering the whole time that nothing is secure if someone really wants in they will probably get in.
__________________
"What country can preserve its liberties if their rulers are not warned from time to time that their people preserve the spirit of resistance. Let them take arms." - Thomas Jefferson |
05-01-04, 01:48 PM | #5 |
Join Date: May 2001
Location: New England
Posts: 10,024
|
hi snark,
the only thing i've heard of lately is the msn Jitux.A worm and it's not causing much damage, mainly because it isn't affecting many machines. - js. |
05-01-04, 04:29 PM | #6 |
Registered User
Join Date: Jan 2002
Location: Sydney, Australia
Posts: 307
|
HI Snark! Another thing you could do is check on your own system's security - go to www.grc.com for a free checkup - it doesn't take long, and will give you greater peace of mind
__________________
petri "You are old, father William," the young man said, "And you hair has become very white; And yet you incessantly stand on you head - Do you think, at your age, it is right?" Lewis Carroll. |
05-01-04, 11:52 PM | #7 |
Push "winky" ! Push!!!
Join Date: Mar 2000
Location: north
Posts: 3,529
|
GRC Port Authority Report created on UTC: 2004-01-06 at 05:45:58
Results from scan of ports: 0-1055 0 Ports Open 1 Ports Closed 1055 Ports Stealth --------------------- 1056 Ports Tested NO PORTS were found to be OPEN. The port found to be CLOSED was: 113 Other than what is listed above, all ports are STEALTH. TruStealth: FAILED - NOT all tested ports were STEALTH, - NO unsolicited packets were received, - A PING REPLY (ICMP Echo) WAS RECEIVED. This is good no? This is bad yes? -> Port Authority Database Port 1337 Name: menandmice-dns Purpose: menandmice DNS Description: Related Ports: Background and Additional Information: Trojan Sightings: Shadyshell |
06-01-04, 01:24 AM | #8 |
Thanks for being with arse
Join Date: Jan 2002
Location: The other side of the world
Posts: 10,343
|
http://www.stumbleupon.com/url/www.m...ted_links.html
http://www.menandmice.com/DNS-training/ if its to do with that place (wich it looks like) it dont appear to be anything to worry too much about that i can see.. they seem to do alot of stuff with DNS maybe you had a certain program running when you did that test? Last edited by multi : 06-01-04 at 01:49 AM. |
06-01-04, 06:35 AM | #9 | |
Just Looking Around
Join Date: Jan 2002
Location: Right here!!!
Posts: 341
|
Quote:
No ports open is good true stealth is the best...... port 113 is often the hardest to stealth surprisingly it is rarely needed. If you are behind a router you can simply forward that port to a IP that doesn't exist like 192.168.1.212 or something. and then the port will stealth and you will 99% most likely not have any adverse effects while browsing the web. Some firewalls have a difficult time handling port 113 read more here http://grc.com/port_113.htm Unless you use PING I would atleast suggest blocking the outgoing reply from your machine. Here's mine GRC Port Authority Report created on UTC: 2004-01-06 at 12:35:52 Results from scan of ports: 0-1055 0 Ports Open 0 Ports Closed 1056 Ports Stealth --------------------- 1056 Ports Tested ALL PORTS tested were found to be: STEALTH. TruStealth: PASSED - ALL tested ports were STEALTH, - NO unsolicited packets were received, - NO Ping reply (ICMP Echo) was received. Scans like GRC are good to a point but almost all scans only scan the most common ports. Mainly because it would just consume too much bandwidth and take to long to hit all 60,000+ ports. Sygate offers a Trojan port scan and a few others to check a few more port ranges http://scan.sygatetech.com/
__________________
"What country can preserve its liberties if their rulers are not warned from time to time that their people preserve the spirit of resistance. Let them take arms." - Thomas Jefferson |
|
06-01-04, 07:16 PM | #10 |
Just Draggin' Along
Join Date: Apr 2000
Posts: 1,210
|
My recent "interesting" hits:
Rejected: 209.132.98.144 - Web Sense (10-25-2003 @ 13:50:02) Rejected: 216.35.71.120 - Overpeer ( see comments) (10-25-2003 @ 14:54:40) Rejected: 216.35.71.105 - Overpeer ( see comments) (10-25-2003 @ 14:54:40) Rejected: 66.35.229.177 - GainCME (Spyware) (11-06-2003 @ 09:45:31) Rejected: 66.35.229.177 - GainCME (Spyware) (11-06-2003 @ 09:48:20) Rejected: 216.35.71.105 - Overpeer ( see comments) (11-13-2003 @ 21:21:13) Rejected: 216.35.71.120 - Overpeer ( see comments) (11-13-2003 @ 21:21:13) Rejected: 216.35.71.105 - Overpeer ( see comments) (11-13-2003 @ 21:21:35) Rejected: 216.35.71.120 - Overpeer ( see comments) (11-13-2003 @ 21:21:35) Rejected: 216.35.71.105 - Overpeer ( see comments) (11-13-2003 @ 21:21:43) Rejected: 216.35.71.120 - Overpeer ( see comments) (11-13-2003 @ 21:21:43) Rejected: 64.49.221.202 - Rackspace.com (BigChampagne Host) split (11-19-2003 @ 09:52:25) Rejected: 64.49.221.198 - Rackspace.com (BigChampagne Host) split (11-19-2003 @ 09:52:26) Rejected: 64.49.221.198 - Rackspace.com (BigChampagne Host) split (11-19-2003 @ 09:52:26) Rejected: 64.49.221.198 - Rackspace.com (BigChampagne Host) split (11-19-2003 @ 09:52:26) Rejected: 64.49.221.198 - Rackspace.com (BigChampagne Host) split (11-19-2003 @ 09:52:26) Rejected: 64.49.221.213 - Rackspace.com (BigChampagne Host) split (11-19-2003 @ 09:52:26) Rejected: 64.49.221.213 - Rackspace.com (BigChampagne Host) split (11-19-2003 @ 09:52:26) Rejected: 64.49.221.213 - Rackspace.com (BigChampagne Host) split (11-19-2003 @ 09:52:26) Rejected: 209.132.98.144 - Web Sense (11-20-2003 @ 22:02:56) Rejected: 216.35.71.105 - Overpeer ( see comments) (12-01-2003 @ 12:12:08) Rejected: 216.35.71.120 - Overpeer ( see comments) (12-01-2003 @ 12:12:08) Rejected: 216.35.71.105 - Overpeer ( see comments) (12-01-2003 @ 12:12:13) Rejected: 216.35.71.120 - Overpeer ( see comments) (12-01-2003 @ 12:12:13) Rejected: 64.49.219.163 - Rackspace.com (BigChampagne Host) split (12-02-2003 @ 00:05:06) Rejected: 64.49.219.163 - Rackspace.com (BigChampagne Host) split (12-02-2003 @ 00:06:34) Rejected: 64.32.234.22 - IRMA (Mail) (12-05-2003 @ 15:39:39) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 12:36:44) Rejected: 207.155.252.18 - NetPD (12-11-2003 @ 14:02:12) Rejected: 207.155.252.72 - NetPD (12-11-2003 @ 14:02:13) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 14:28:58) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 14:38:18) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 14:38:28) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 14:44:01) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 14:50:20) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 14:55:41) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 15:03:49) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 15:08:43) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 15:28:07) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 15:38:33) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 15:43:27) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 15:49:57) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 15:53:37) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 15:59:31) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 16:05:19) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 16:06:44) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 16:14:22) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 16:16:46) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 16:25:57) Rejected: 66.79.165.61 - MediaDefender (12-11-2003 @ 16:33:11) Rejected: 64.32.234.22 - IRMA (Mail) (12-11-2003 @ 18:26:57) Rejected: 216.35.71.120 - Overpeer ( see comments) (12-15-2003 @ 21:04:20) Rejected: 216.35.71.105 - Overpeer ( see comments) (12-15-2003 @ 21:04:20) Rejected: 149.101.1.32 - US Department of Justices (12-17-2003 @ 13:41:48) Rejected: 149.101.1.32 - US Department of Justices (12-17-2003 @ 13:42:33) Rejected: 149.101.1.32 - US Department of Justices (12-17-2003 @ 13:42:40) Rejected: 205.150.75.137 - CAAST.org (12-23-2003 @ 19:36:07) Rejected: 205.150.75.137 - CAAST.org (12-23-2003 @ 19:39:30) Rejected: 216.194.228.23 - IDSA (12-24-2003 @ 10:42:22) Rejected: 64.49.242.119 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:16:31) Rejected: 64.49.242.119 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:16:56) Rejected: 64.49.242.119 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:17:10) Rejected: 64.49.242.119 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:17:20) Rejected: 64.49.242.119 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:17:28) Rejected: 64.49.242.119 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:17:42) Rejected: 64.49.242.119 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:17:47) Rejected: 64.49.242.119 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:18:04) Rejected: 64.49.242.119 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:18:11) Rejected: 64.49.242.119 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:19:14) Rejected: 64.49.229.188 - Rackspace.com (BigChampagne Host) split (12-25-2003 @ 13:34:55) Rejected: 66.35.229.241 - GainCME (Spyware) (12-26-2003 @ 07:02:12) Rejected: 66.35.229.241 - GainCME (Spyware) (12-26-2003 @ 07:03:00) Rejected: 66.35.229.241 - GainCME (Spyware) (12-26-2003 @ 07:03:00) Rejected: 66.79.168.160 - MediaDefender (12-26-2003 @ 07:03:22) Rejected: 66.79.168.160 - MediaDefender (12-26-2003 @ 07:03:23) Rejected: 66.79.168.160 - MediaDefender (12-26-2003 @ 07:03:23) Rejected: 66.79.168.160 - MediaDefender (12-26-2003 @ 07:03:24) Rejected: 66.79.168.160 - MediaDefender (12-26-2003 @ 07:03:25) Rejected: 66.79.168.160 - MediaDefender (12-26-2003 @ 07:03:25) Rejected: 192.150.18.32 - Adobe Systems Inc. (12-31-2003 @ 08:32:34) Rejected: 192.150.20.32 - Adobe Systems Inc. (12-31-2003 @ 21:07:01) Rejected: 192.150.18.32 - Adobe Systems Inc. (12-31-2003 @ 21:08:04) Rejected: 192.150.18.32 - Adobe Systems Inc. (12-31-2003 @ 21:09:05) Rejected: 192.150.20.32 - Adobe Systems Inc. (12-31-2003 @ 21:10:07) Rejected: 192.150.19.32 - Adobe Systems Inc. (12-31-2003 @ 21:11:08) Rejected: 192.150.20.32 - Adobe Systems Inc. (12-31-2003 @ 21:12:10) Rejected: 192.150.18.32 - Adobe Systems Inc. (12-31-2003 @ 21:13:11) Rejected: 192.150.18.32 - Adobe Systems Inc. (12-31-2003 @ 21:14:13) Rejected: 192.150.18.32 - Adobe Systems Inc. (12-31-2003 @ 21:15:15) Rejected: 192.150.18.32 - Adobe Systems Inc. (12-31-2003 @ 21:16:16) Rejected: 192.150.18.32 - Adobe Systems Inc. (12-31-2003 @ 21:17:17) Rejected: 192.150.18.32 - Adobe Systems Inc. (12-31-2003 @ 21:18:32) Rejected: 192.150.19.32 - Adobe Systems Inc. (12-31-2003 @ 21:19:33) Rejected: 192.150.18.32 - Adobe Systems Inc. (12-31-2003 @ 21:20:35) Rejected: 192.150.19.32 - Adobe Systems Inc. (12-31-2003 @ 21:21:36) Rejected: 192.150.14.120 - Adobe Systems Inc. (01-02-2004 @ 08:54:42) Rejected: 192.150.18.32 - Adobe Systems Inc. (01-02-2004 @ 08:54:44) Rejected: 192.150.18.33 - Adobe Systems Inc. (01-02-2004 @ 08:55:45) Rejected: 192.150.18.33 - Adobe Systems Inc. (01-02-2004 @ 11:27:42) Rejected: 192.150.18.32 - Adobe Systems Inc. (01-02-2004 @ 11:28:44) Rejected: 192.150.19.32 - Adobe Systems Inc. (01-02-2004 @ 11:29:45) Rejected: 192.150.18.33 - Adobe Systems Inc. (01-02-2004 @ 11:30:47) Rejected: 192.150.19.32 - Adobe Systems Inc. (01-02-2004 @ 13:15:52) Rejected: 192.150.19.32 - Adobe Systems Inc. (01-02-2004 @ 13:16:54) Rejected: 192.150.19.32 - Adobe Systems Inc. (01-02-2004 @ 13:17:55) Rejected: 192.150.18.33 - Adobe Systems Inc. (01-02-2004 @ 13:18:56) Rejected: 192.150.19.32 - Adobe Systems Inc. (01-02-2004 @ 13:19:58) Rejected: 192.150.20.33 - Adobe Systems Inc. (01-02-2004 @ 13:20:59) Rejected: 192.150.18.32 - Adobe Systems Inc. (01-02-2004 @ 13:22:01) Rejected: 192.150.18.33 - Adobe Systems Inc. (01-02-2004 @ 13:23:02) Rejected: 192.150.19.32 - Adobe Systems Inc. (01-02-2004 @ 13:25:10) Rejected: 192.150.20.32 - Adobe Systems Inc. (01-02-2004 @ 13:26:12) Rejected: 192.150.20.32 - Adobe Systems Inc. (01-02-2004 @ 13:27:13) Rejected: 192.150.19.32 - Adobe Systems Inc. (01-02-2004 @ 13:28:15) Rejected: 192.150.19.32 - Adobe Systems Inc. (01-02-2004 @ 13:29:16) Rejected: 192.150.18.33 - Adobe Systems Inc. (01-02-2004 @ 13:30:18) Rejected: 192.150.20.33 - Adobe Systems Inc. (01-02-2004 @ 13:31:19) Rejected: 192.150.18.33 - Adobe Systems Inc. (01-02-2004 @ 13:32:21) Rejected: 63.236.94.39 - Take Two Interactive (01-06-2004 @ 13:14:38)
__________________
Copyright means the copy of the CD/DVD burned with no errors. I will never spend a another dime on content that I can’t use the way I please. If I can’t copy it to my hard drive and play it using the devices I want, when and where I want, I won’t be buying it. Period. They can all take their DRM, broadcast flags, rootkits, and Compact Discs that aren’t really compact discs and shove them up their bottom-lines. |
Thread Tools | Search this Thread |
Display Modes | |
|
|