|
|
Post #1
Jul 11 2004, 17:06
|
I'm not afraid to die, elochai, BURY ME TONIGHT
Group: Registered
Posts: 3,783
Joined: 15-August 02
From: Portage, IN USA
Member No.: 16,809
|
I have two ip address trying to get to port 1345 on my router here is a copy of my incoming log table on my router. CODE 205.188.9.61 1345
205.188.5.233 1342
205.188.9.61 1345
205.188.5.233 1342
205.188.9.61 1345
205.188.5.233 1342
205.188.9.61 1345
205.188.5.233 1342
205.188.9.61 1345 what are these ip address doing, and how do i stop them from doing whatever they are doing? EDIT// also is there a website/app. to where i can type in an ip address and it tells me about the address, like where the address is coming from and stuff like that.
|
Log In or Register · Advertise on Neowin
|
|
|
Post #2
Jul 11 2004, 17:10
|
Neowinian ULTRAKILL
Group: Global Moderator
Posts: 11,349
Joined: 9-April 03
From: UK
Member No.: 25,729
|
Quote - (ceminess @ Jul 11 2004, 18:06) EDIT// also is there a website/app. to where i can type in an ip address and it tells me about the address, like where the address is coming from and stuff like that. http://www.dnsstuff.com
|
|
|
Post #3
Jul 11 2004, 17:14
|
Neowinian
Group: Registered
Posts: 39
Joined: 10-July 04
Member No.: 61,990
|
Check out DNSstuff/edit too slow 
|
|
|
Post #4
Jul 11 2004, 17:20
|
admin@nic.gov]# su Root
Group: Registered
Posts: 1,854
Joined: 6-February 04
From: USA Political_Alignment: None Mood: Bored
Member No.: 46,936
|
If I remember right (I may be wrong though) those are the newer SubSeven ports. Those IPs are from AOLers. So either they are trying to connect to a trojan on your computer or they are just port scanning.
However those ports were listed as:
1342 - ESBroker
1345 - VPJP
|
|
|
Post #5
Jul 11 2004, 17:20
|
I'm not afraid to die, elochai, BURY ME TONIGHT
Group: Registered
Posts: 3,783
Joined: 15-August 02
From: Portage, IN USA
Member No.: 16,809
|
well they are aol address and they are coming from Virginia. i just refreshed my incoming log table and now i got all this, whats going on  CODE Source IP Destination Port Number
62.201.71.73 1025
69.93.173.18 1999
69.93.173.18 1998
82.50.109.111 6881
203.217.228.97 9898
203.217.228.97 5554
66.200.224.109 1026
220.121.91.147 9898
220.121.91.147 1023
220.121.91.147 5554
81.38.120.129 1025
24.12.66.142 1025
24.12.66.142 3127
24.12.66.142 6129
24.12.66.142 3127
24.12.66.142 1025
24.12.66.142 6129
24.12.66.142 3127
24.12.66.142 1025
205.188.9.61 1345
205.188.5.233 1342
205.188.9.61 1345
205.188.5.233 1342
205.188.9.61 1345
205.188.5.233 1342
205.188.9.61 1345
217.127.200.198 6881
216.239.57.104 49320
0.8.156.156 80
|
|
|
Post #6
Jul 11 2004, 17:22
|
admin@nic.gov]# su Root
Group: Registered
Posts: 1,854
Joined: 6-February 04
From: USA Political_Alignment: None Mood: Bored
Member No.: 46,936
|
Looks like a portscan to me if that's happening.
|
|
|
Post #7
Jul 11 2004, 17:23
|
Neowinian
Group: Registered
Posts: 50
Joined: 5-June 03
Member No.: 30,052
|
get tcpview from sysinternals.com and check what app is listening on those ports...
|
|
|
Post #8
Jul 11 2004, 17:31
|
I'm not afraid to die, elochai, BURY ME TONIGHT
Group: Registered
Posts: 3,783
Joined: 15-August 02
From: Portage, IN USA
Member No.: 16,809
|
none i have no apps listening on any of the ports that my incoming log table reports.
should i worry, or should i just ignore these incoming ip's
|
|
|
Post #9
Jul 11 2004, 17:36
|
Neowinian
Group: Registered
Posts: 50
Joined: 5-June 03
Member No.: 30,052
|
keep firewall up, in shape & ignore those kids...
|
|
|
Post #10
Jul 11 2004, 18:27
|
I'm not afraid to die, elochai, BURY ME TONIGHT
Group: Registered
Posts: 3,783
Joined: 15-August 02
From: Portage, IN USA
Member No.: 16,809
|
okay thanks, i just reinstalled ZA pro.
|
|
|
Post #11
Jul 11 2004, 19:43
|
admin@nic.gov]# su Root
Group: Registered
Posts: 1,854
Joined: 6-February 04
From: USA Political_Alignment: None Mood: Bored
Member No.: 46,936
|
Like I said I'm pretty sure they are just IP scanning. Probably doing it on your whole ISP's IP range and not targetting specifically you.
|
|
|
Post #12
Jul 11 2004, 19:51
|
GET TO THE CHOPPA
Group: Registered
Posts: 342
Joined: 18-September 02
From: Ankara, Turkey
Member No.: 17,139
|
Quote - (dotRoot @ Jul 11 2004, 20:20) If I remember right (I may be wrong though) those are the newer SubSeven ports. Those IPs are from AOLers. So either they are trying to connect to a trojan on your computer or they are just port scanning.
However those ports were listed as:
1342 - ESBroker
1345 - VPJP Is there some kind of database where you can type in a port number and it'll tell you what those ports are used for? 
|
|
|
Post #13
Jul 12 2004, 16:24
|
that's pronounced AZWIPE!
Group: Registered
Posts: 895
Joined: 17-February 04
From: Virginia Beach, VA
Member No.: 48,049
|
There are some good lists out on the internet, just ggogle it. Although, if you do put them into a DB, let me know cause I could whip up a web frontend for it.
|
|
|
Post #14
Jul 12 2004, 17:30
|
That's what she said
Group: Registered
Posts: 13,345
Joined: 12-August 02
From: Hereford, England Location: Raleigh, NC, US
Member No.: 16,545
|
Quote - (mot @ Jul 11 2004, 15:51) Is there some kind of database where you can type in a port number and it'll tell you what those ports are used for?
|
|
|
Post #15
Jul 12 2004, 18:16
|
Neowinian Super Cool
Group: Supervisor
Posts: 18,488
Joined: 25-February 04
From: Wirral, UK
Member No.: 48,788
|
Quote - (mot @ Jul 11 2004, 19:51) Is there some kind of database where you can type in a port number and it'll tell you what those ports are used for?
|
