+ Reply to Thread
Results 1 to 5 of 5
  1. #1
    Ultimate Member woodbutcher's Avatar
    Join Date
    Oct 2001
    Location
    Chicago
    Posts
    2,175

    Somebody is scanning your computer

    I installed the free version of Sygate's firewall and i'm still in the process of learning the app (alot different then ZA Pro I'd been using) and noticed this fom the app;

    Somebody is scanning your computer.
    Your computer's TCP ports:
    6129, 80, 2745, 3127 and 1025 have been scanned from 24.14.82.83.

    Something to be concerneed about?

    Also, what the heck is this NDIS User Mode Driver that accesses the net even when it's blocked?

    Thanks WB

  2. #2
    Member night_wolf's Avatar
    Join Date
    Jun 2004
    Location
    Yorktown, VA
    Posts
    146
    port 6129 usually used by dameware
    http://www.linklogger.com/TCP6129.htm

    port 80
    http://www.nwfusion.com/research/200...spyport80.html

    port 2745 back door port commonly used for Bagle/Tanx virus
    http://www.linklogger.com/TCP2745.htm

    port 3127 back door port commonly used by myDoom/Novar virus
    http://www.linklogger.com/TCP3127.htm

    port 1025 used for Remote Procedure Call (RPC), can be exploited
    http://www.linklogger.com/TCP1025.htm

    24.14.82.83, someone was tryin to get in is what it looks like to me

    stuff for NDIS...
    http://www.ndis.com/faq/QA10290101.htm
    http://msdn.microsoft.com/library/de...deiodriver.asp

    run a search for 'dameware' as well as getting ad-aware/spybot and see if you find anything

    hope this helps
    Last edited by night_wolf; July 21st, 2004 at 12:37 PM.

  3. #3
    Ultimate Member FatalException's Avatar
    Join Date
    Jun 2004
    Location
    Indianapolis, Indiana
    Posts
    1,398
    Sorry I don't know about the NDIS user mode thing, but I think from the look of the ports that someone was likely running a vulnerability scanner like SuperScanner (available from less than reputable sources like various sites on the BOX.SK network). Nothing to be worried about - most of these attacks are random. Once people see that they can't attack you, they move on to easier targets.

  4. #4
    Anime Otaku RobRich's Avatar
    Join Date
    Oct 2001
    Location
    Tampa, FL USA
    Posts
    121,510
    Blog Entries
    69
    The NDIS driver is responsible for making calls to dynamic link libraries in the TCP/IP networking stack. NDIS is likely trying to communicate to your ISP's DNS server. There is no need to block NDIS, in fact it is probably not a good idea to block NDIS in certain situations.

    If you have WinXP and NDIS is moving a constant flow of data, then you can disable the Wireless Zero Configuration service to stop the data flow. This data is not being transferred to the Internet, but only between a device/app and the NDIS driver. However, Sygate usually thinks the data is being routed to the Internet.

    I just checked 24.14.82.83 against the IP address you are using to access TIMO. It appears Comcast is actively scanning for common server ports. This is a common practice and nothing to be concerned about.

    Hope this helps,
    Robert Richmond

  5. #5
    Not Really a Member
    Join Date
    Oct 2001
    Posts
    27,899
    This is a reason I don't like ZoneAlarm.. it doesn't tell you information about what's going on outside the box (it may in a log file, but its probably not advertised the log file is there)

    While on the other hand until you get Sygate set how you like, it can be a bit of drinking from the firehose
    Helicopters don't fly; they vibrate so much and make so much noise that the earth rejects them.

Quick Reply Quick Reply

If you are already a member, please login above.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. W32.HLLW.Geobot.gen Virus... How to Remove? PLEASE HELP!
    By mastavic in forum Security and Privacy Issues
    Replies: 3
    Last Post: April 12th, 2004, 01:32 AM
  2. What to do with subseven port scan kids?
    By huldu in forum Security and Privacy Issues
    Replies: 2
    Last Post: February 9th, 2004, 11:06 AM
  3. Portscan Law?
    By blubomber in forum General Tech Discussion
    Replies: 5
    Last Post: January 20th, 2004, 06:01 PM
  4. Spyware really that bad?
    By Telexen in forum General Tech Discussion
    Replies: 7
    Last Post: July 14th, 2003, 08:18 PM
  5. Hacker or what?
    By Bob The Great in forum Networking and Internet
    Replies: 12
    Last Post: June 13th, 2002, 08:53 PM

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Copyright 2014 All Enthusiast, Inc