+ Reply to Thread
Results 1 to 5 of 5
July 21st, 2004, 12:04 PM #1
Somebody is scanning your computer
I installed the free version of Sygate's firewall and i'm still in the process of learning the app (alot different then ZA Pro I'd been using) and noticed this fom the app;
Somebody is scanning your computer.
Your computer's TCP ports:
6129, 80, 2745, 3127 and 1025 have been scanned from 220.127.116.11.
Something to be concerneed about?
Also, what the heck is this NDIS User Mode Driver that accesses the net even when it's blocked?
July 21st, 2004, 12:32 PM #2
port 6129 usually used by dameware
port 2745 back door port commonly used for Bagle/Tanx virus
port 3127 back door port commonly used by myDoom/Novar virus
port 1025 used for Remote Procedure Call (RPC), can be exploited
18.104.22.168, someone was tryin to get in is what it looks like to me
stuff for NDIS...
run a search for 'dameware' as well as getting ad-aware/spybot and see if you find anything
hope this helps
Last edited by night_wolf; July 21st, 2004 at 12:37 PM.
July 21st, 2004, 12:42 PM #3
Sorry I don't know about the NDIS user mode thing, but I think from the look of the ports that someone was likely running a vulnerability scanner like SuperScanner (available from less than reputable sources like various sites on the BOX.SK network). Nothing to be worried about - most of these attacks are random. Once people see that they can't attack you, they move on to easier targets.
July 21st, 2004, 12:54 PM #4
- Join Date
- Oct 2001
- Tampa, FL USA
- Blog Entries
The NDIS driver is responsible for making calls to dynamic link libraries in the TCP/IP networking stack. NDIS is likely trying to communicate to your ISP's DNS server. There is no need to block NDIS, in fact it is probably not a good idea to block NDIS in certain situations.
If you have WinXP and NDIS is moving a constant flow of data, then you can disable the Wireless Zero Configuration service to stop the data flow. This data is not being transferred to the Internet, but only between a device/app and the NDIS driver. However, Sygate usually thinks the data is being routed to the Internet.
I just checked 22.214.171.124 against the IP address you are using to access TIMO. It appears Comcast is actively scanning for common server ports. This is a common practice and nothing to be concerned about.
Hope this helps,
July 21st, 2004, 01:08 PM #5
- Join Date
- Oct 2001
This is a reason I don't like ZoneAlarm.. it doesn't tell you information about what's going on outside the box (it may in a log file, but its probably not advertised the log file is there)
While on the other hand until you get Sygate set how you like, it can be a bit of drinking from the firehoseHelicopters don't fly; they vibrate so much and make so much noise that the earth rejects them.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
By mastavic in forum Security and Privacy IssuesReplies: 3Last Post: April 12th, 2004, 01:32 AM
By huldu in forum Security and Privacy IssuesReplies: 2Last Post: February 9th, 2004, 11:06 AM
By blubomber in forum General Tech DiscussionReplies: 5Last Post: January 20th, 2004, 06:01 PM
By Telexen in forum General Tech DiscussionReplies: 7Last Post: July 14th, 2003, 08:18 PM
By Bob The Great in forum Networking and InternetReplies: 12Last Post: June 13th, 2002, 08:53 PM