| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 22838 | 2002-07-31 11:48:00 | ISP reckons this is normal | mikebartnz (21) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 67060 | 2002-07-31 11:48:00 | My ISP reckons this is normal internet traffic but I have never seen my firewall logs fill up so quickly . Below is a sample and I am hoping someone can throw a bit more light on it . I have had about 500 or so hits in the last few weeks and since I showed them my concern it has ceased . . It has all come from the same server . I gather they are from a DNS port but why are they hitting such a variety of my ports . Date and time:2002/07/1720:27: GMT: +12:00 Times attempted:1 Direction:FWIN Transport:UDP >From port:53 Service:BBN IAD To port:1030 Local IP: Date and time:2002/07/1720:30: GMT: +12:00 Times attempted:1 Direction:FWIN Transport:UDP >From port:53 Service:BBN IAD To port:1032 Local IP: Date and tme:2002/07/1720:30: GMT: +12:00 Times attempted:1 Direction:FWIN Transport:UDP >From port:53 Service: To port:1034 Local IP: Date and time:2002/07/1720:30: GMT: +12:00 Times attempted:1 Direction:FWIN Transport:UDP >From port:53 Service: To port:1037 Local IP: Date and time:2002/07/1720:31: GMT: +12:00 Times attempted:1 Direction:FWIN Transport:UDP >From port:53 Service: To port:1039 Local IP: Date and time:2002/07/1720:38: GMT: +12:00 Times attempted:1 Direction:FWIN Transport:UDP >From port:53 Service:nim To port:1058 Local IP: Date and time:2002/07/1720:49: GMT: +12:00 Times attempted:1 Direction:FWIN Transport:UDP >From port:53 Service:Veracity To port:1062 Local IP: Date and time:2002/07/1722:28: GMT: +12:00 Times attempted:1 Direction:FWIN Transport:UDP >From port:53 Service:BBN IAD To port:1031 Local IP: Date and time:2002/07/1722:30: GMT: +12:00 Times attempted:1 Direction:FWIN Transport:UDP >From port:53 Service:RADAR Service Protocol To port:1036 Local IP: Date and time:2002/07/1722:30: GMT: +12:00 Times attempted:1 Direction:FWIN Transport:UDP >From port:53 Service: To port:1038 Local IP: Date and time:2002/07/1722:30: GMT: +12:00 Times attempted:1 Direction:FWIN Transport:UDP >From port:53 Service: To port:1046 Local IP: Date and time:2002/07/1722:38: GMT: +12:00 Times attempted:1 Direction:FWIN Transport:UDP >From port:53 Service:CPL Scrambler Internal To port:1087 Local IP: Date and time:2002/07/1722:42: GMT: +12:00 Times attempted:1 Direction:FWIN Transport:UDP >From port:53 Service:FF Annunciation To port:1089 Local IP: Date and time:2002/07/1722:43: GMT: +12:00 Times attempted:1 Direction:FWIN Transport:UDP >From port:53 Service:ROOTD To port:1094 Local IP: Date and time:2002/07/1722:44: GMT: +12:00 Times attempted:1 Direction:FWIN Transport:UDP >From port:53 Service:Common Name Resolution Protocol To port:1096 Local IP: Date and time:2002/07/1722:50: GMT: +12:00 Times attempted:1 Direction:FWIN Transport:UDP >From port:53 Service:RMI Registry To port:1099 Local IP: Date and time:2002/07/1722:50: GMT: +12:00 Times attempted:1 Direction:FWIN Transport:UDP >From port:53 Service:ADOBE SERVER 1 To port:1102 Local IP: Date and time:2002/07/1722:56: GMT: +12:00 Times attempted:1 Direction:FWIN Transport:UDP >From port:53 Service:XRL To port:1104 Local IP: Date and time:2002/07/1723:13: GMT: +12:00 Times attempted:1 Direction:FWIN Transport:UDP >From port:53 Service: To port:1143 Local IP: Date and time:2002/07/1723:32: GMT: +12:00 Times attempted:1 Direction:FWIN Transport:UDP >From port:53 Service: To port:1173 Local IP: Date and time:2002/07/1800:26: GMT: +12:00 Times attempted:1 Direction:FWIN Transport:UDP >From port:53 Service:nessus To port:1241 Local IP: |
mikebartnz (21) | ||
| 67061 | 2002-07-31 21:28:00 | Mike, If it weren't for the gaps of several minutes between hits, I'd suggest your ports were being scanned, but usually theres only seconds between hits. Do you have an IP address logged from the hits? Mike. |
Mike (15) | ||
| 67062 | 2002-08-01 07:26:00 | Are you running ICQ or any other messaging programs? | -=JM=- (16) | ||
| 67063 | 2002-08-01 08:46:00 | Port 53 is dns, so my guess would be someone is trying to use your system to resolve addresses. | bmason (508) | ||
| 1 | |||||