July 21st, 2004, 01:04 PM
|
#1 (permalink)
| | Ultimate Member
Join Date: Oct 2001 Location: Chicago
Posts: 2,163
| Somebody is scanning your computer
I installed the free version of Sygate's firewall and i'm still in the process of learning the app (alot different then ZA Pro I'd been using) and noticed this fom the app;
Somebody is scanning your computer.
Your computer's TCP ports:
6129, 80, 2745, 3127 and 1025 have been scanned from 24.14.82.83.
Something to be concerneed about?
Also, what the heck is this NDIS User Mode Driver that accesses the net even when it's blocked?
Thanks WB
| 
|  | |
July 21st, 2004, 01:32 PM
|
#2 (permalink)
| | Member
Join Date: Jun 2004 Location: Yorktown, VA
Posts: 145
|
Last edited by night_wolf : July 21st, 2004 at 01:37 PM.
| |
| | |
July 21st, 2004, 01:42 PM
|
#3 (permalink)
| | Ultimate Member
Join Date: Jun 2004 Location: Indianapolis, Indiana
Posts: 1,386
|
Sorry I don't know about the NDIS user mode thing, but I think from the look of the ports that someone was likely running a vulnerability scanner like SuperScanner (available from less than reputable sources like various sites on the BOX.SK network). Nothing to be worried about - most of these attacks are random. Once people see that they can't attack you, they move on to easier targets.
| |
| | |
July 21st, 2004, 01:54 PM
|
#4 (permalink)
| | Anime Otaku
Join Date: Oct 2001 Location: Tampa, FL USA
Posts: 105,515
|
The NDIS driver is responsible for making calls to dynamic link libraries in the TCP/IP networking stack. NDIS is likely trying to communicate to your ISP's DNS server. There is no need to block NDIS, in fact it is probably not a good idea to block NDIS in certain situations.
If you have WinXP and NDIS is moving a constant flow of data, then you can disable the Wireless Zero Configuration service to stop the data flow. This data is not being transferred to the Internet, but only between a device/app and the NDIS driver. However, Sygate usually thinks the data is being routed to the Internet.
I just checked 24.14.82.83 against the IP address you are using to access TIMO. It appears Comcast is actively scanning for common server ports. This is a common practice and nothing to be concerned about.
Hope this helps,
Robert Richmond | |
| | |
July 21st, 2004, 02:08 PM
|
#5 (permalink)
| | Ultimate Member
Join Date: Oct 2001
Posts: 21,062
|
This is a reason I don't like ZoneAlarm.. it doesn't tell you information about what's going on outside the box (it may in a log file, but its probably not advertised the log file is there)
While on the other hand until you get Sygate set how you like, it can be a bit of drinking from the firehose  | |
| | |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | | | 
Posting Rules
| You may post new threads You may post replies You may not post attachments You may not edit your posts
HTML code is Off | | | |   Most Active Discussions  | | | | | Recent Discussions  | | | | | 
|
hardware
prices 
