Results 1 to 17 of 17
  1. #1
    Join Date
    Jun 2007
    Location
    Boone County, West Virginia, USA
    Posts
    908

    Default Someone's trying to gain access to my Computer.

    Someone is trying to access my computer. It was happening a while ago a few times and this is what my firewall said;

    *Your Firewall* prevented a remote computer from connecting to port 1080 on your computer. This connection attempt was probably a port scan attempting to locate unprotected or misconfigured proxy servers. To learn more about port scans, see the Details tab.

    After clicking the details tab it said;

    "This alert was probably caused by a port scan aimed at locating unprotected or misconfigured proxy servers.
    Proxy servers are popular targets for hackers because they can be used as anonymous relay points, protecting the hacker's identity. They can also be used to circumvent hardware-based firewalls.
    About Port Scans
    Port scanning means using an automated tool to systematically try to connect to every port on a computer. While port scans have some legitimate uses, hackers use them to look for unprotected computers with unguarded ports, typically scanning random blocks of Internet addresses.
    Successful port scans can retrieve a variety of information about a computer, such as its operating system and the programs it is running. Because you are using *Your Firewall*, your computer remains invisible to port scans. Hackers performing scans do not even know your computer exists, because no information is returned by the scan."

    After clicking on the Hacker ID tab this pops up;

    Details about 220.242.7.9, the IP address of the computer that caused the alert you received from *Your Firewall*, are provided in the *Who is* report below. The information in the *Who is* report comes from the Regional Internet Registry (RIR) for the region where 220.242.7.9 is located: ARIN, RIPE, LACNIC or APNIC. The name of the RIR appears in the *Who is* report.
    The *Who is* report includes the name, address and contact information for the Internet Service Provider (ISP) that administers the block of IP addresses that contains 220.242.7.9. The report probably does not list the administrator of the specific computer at IP address 220.242.7.9.
    You should not assume that individuals listed in this report are responsible for the alert you received on your computer.



    Of course I got a map of the location of the IP address block but that's about as far as I can get;



    "This map is our best attempt to provide information about the physical location of IP address 220.242.7.9. It may not correspond to the location of any administrative contacts for this IP address."

    I also reported it. The only weird thing about it is that when I was logged on earlier they tried then about four or five times before I logged out. I was logged out for a while and had no other warnings. When I logged back in I almost immediately got the warning and have had three more while typing this. My computer is safe and they have not breached the firewall. What I would like to know is why is it only happening while I'm logged in here and no where else. Barry, I was just wanting you know and ask can you do something about it or do you have any suggestions for anything else I can do on my end?

  2. #2
    Join Date
    May 2005
    Location
    Raleigh, North Carolina
    Posts
    3,598

    Default

    it would appear to be this gentleman or someone using his computer
    this is the result of a "whois" query

    person: Ken Zeng
    nic-hdl: KZ50-AP
    e-mail: ken.zeng@etrunk.cn
    address: 7/F, Wang Yuan Building, No. 62 Mei Bin Bei Road,
    address: Mei Hua Yuan, Guangzhou, China.
    phone: +86-20-87273328-107
    fax-no: +86-20-87273298
    country: CN
    changed: ken.yang@etrunk.cn 20060726
    mnt-by: MAINT-CN-ETRUNK
    source: APNIC


    maybe you should call him collect

    Dave

  3. #3
    Join Date
    Nov 2007
    Location
    Northern VA USA
    Posts
    137

    Default

    Is it possible that you have a virus, trojan, or spyware?

    Just some thoughts...when you login, the program (virus/trojan/spyware) might be "phoning home" to the guy in China and then his server is replying with port scans to see if you have any Windows (assuming you are using Windows) vulnerabilities.

    I would be sure all Windows security updates are installed, virus scanning is enabled and up-to-date (do a full scan too), and you have a good spyware program installed and up-to-date. Do a full spyware scan too.

    If you don't have spyware protection, download AVG's anti-spyware software...it's quite good. It is free for the first 30 days....long enough to do a good scan.

    Hope that helps. Good news is your firewall appears to be doing it's job. Which firewall are you using?

    Matt

  4. #4
    Join Date
    Jun 2007
    Location
    Boone County, West Virginia, USA
    Posts
    908

    Default

    I checked out my virus vault and I guess he put "Trojan horse Downloader.Zlob.VM" i figure you're right and it was calling out. I took of the problem this morning and checked my other programs out and everything seems fine now. Thanks.

    I did email the guy but didn't think to call collect. I don't he would have understod me anyway seeing how he is in Guangzhou, China. I could hear him now, "No speaky engless." lol

  5. #5
    Join Date
    May 2005
    Location
    Whitefield, Maine USA
    Posts
    6,624

    Default

    Relax. You're being port-scanned, it happens all the time. As long as they don't find a port that they can exploit, you're OK. There's no sense reporting it either because nothing illegal has been done. A port scan is tantamount to calling someone's phone, knocking on their door or pushing their door bell- nothing wrong illegal about that. The fact that it might be done for the purpose of finding out if anyone is home so they can rob the place is hard to prove. Sadly, the authorities have better things to do than chase down and fail to prosecute people doing port scans.

    Hey! It might even have been some computer security student doing research for a thesis

    it would appear to be this gentleman or someone using his computer
    this is the result of a "whois" query
    You can't automatically assume this. The very fact that they're searching for an open proxy server port to exploit suggests they've probably already found one and that the address they appear to be coming from is not their true address. Nobody with nefarious intentions wants their real IP address out there for everyone to see. I wouldn't
    Dulcius ex asperis

  6. #6
    Join Date
    May 2005
    Location
    Whitefield, Maine USA
    Posts
    6,624

    Default

    I might add that the biggest vulnerability you face comes from running Microsoft software and that viruses and trojan programs don't come from people scanning your computer or firewall for open ports, they come from people sending you infected email messages or from you visiting suspect web sites that use your browser to put files on your computer. In that regard, your choice of software is critical. If you use Microsoft Outlook Express and/or Internet Explorer for example, it's just a matter of time before your computer gets infected.

    Virus writers and people scanning ports are in fundamentally different lines of work. People doing port scans are not looking to infect your computer with a virus. They have other uses of your computer in mind.

    Just some thoughts...when you login, the program (virus/trojan/spyware) might be "phoning home" to the guy in China and then his server is replying with port scans to see if you have any Windows (assuming you are using Windows) vulnerabilities.
    If they've got a program running on your computer, they've already penetrated your firewall and they know everything they want to know. You're compromised. It's time to party

    It's a rare firewall that blocks connections made from the inside.
    Dulcius ex asperis

  7. #7
    Join Date
    Aug 2004
    Location
    Lincolnton Ga. USA.
    Posts
    1,725

    Default

    Quote Originally Posted by George Fergusson View Post

    It's a rare firewall that blocks connections made from the inside.

    I didn't think it was that rare anymore George, I have Kaspersky security suit protecting all my computers, it blocks everything going out unless I have it on a trusted list....


    and by the way, look at ole computer savvy George, you would think he was Bill Gates with all that top Knowledge ,
    Ted

  8. #8
    Join Date
    Oct 2007
    Location
    hamburg, new york, usa
    Posts
    440

    Default

    Quote Originally Posted by WVbeekeeper View Post
    Someone is trying to access my computer.
    WV switch to Mac and have no worries!
    No bugs, no worms, no viruses, no blue screens, ...

  9. #9
    Join Date
    Oct 2002
    Location
    The Scenic Flint Hills , KS
    Posts
    5,159

    Default

    ...but I like blue screens!
    Bullseye Bill in The Scenic Flint Hills , KS
    www.myspace.com/dukewilliam

  10. #10
    Join Date
    May 2007
    Location
    Johnston, South Carolina, USA
    Posts
    554

    Default

    Quote Originally Posted by BULLSEYE BILL View Post
    ...but I like blue screens!
    Mac even better now with Boot Camp, or better yet Parallels! Never miss your retarded Windows OS and also use the superior Mac OS X Leapord!

    -Nathanael
    Beaches' Bee-Haven Apiary http://beachesbeehaven.com
    Aiken Beekeepers Association http://aikenbeekeepers.org

  11. #11
    Join Date
    Dec 1999
    Location
    DuPage County, Illinois USA
    Posts
    9,648

    Default

    Quote Originally Posted by Beaches' Bee-Haven Apiary View Post
    and also use the superior Mac OS X Leapord!
    You're talking Greek to everyone you know . . . but us Mac heads know about the cat family! Shhhh, we like it just the way it is. Don't rock the boat.

  12. #12
    Join Date
    Mar 2007
    Location
    cumberland, me
    Posts
    85

    Default

    i would simply suggest getting a router. i'm not a big fan of firewalls. from a support stand point, too much management on a single user level (for small businesses anyway). I've always just used a router and good antivirus and never had a problem in years.

    good luck,
    bill w.

  13. #13
    Join Date
    Nov 2004
    Location
    Kirkland, WA, USA
    Posts
    1,020

    Default

    My guess is that it's just someone looking for a wingate to abuse. If they were trying to control the computer they'd do more nefarious things. I like to keep a TCP sink running on a few of my favorite ports just to see what sort of trash pops in.

    There are a lot of unsecured wingates still running.
    http://www.voiceofthehive.com - Tales of Beekeeping and Honeybees

  14. #14
    Join Date
    Apr 2005
    Location
    College Station, Texas
    Posts
    6,973

    Default

    Barry writes:
    You're talking Greek to everyone you know . . . but us Mac heads know about the cat family! Shhhh

    tecumseh replies:
    ya' mean 'Geek' to everyone you know...

    and shhh... only us cats need know.

  15. #15
    Join Date
    May 2007
    Location
    Pocahontas County, West Virginia, USA
    Posts
    216

    Default

    It may not be anything but go here anyway and see just what vulnerabilities may exist with your current firewall [it's free]:
    https://www.grc.com/x/ne.dll?bh0bkyd2

    Another valuable tool is "Spybot SD", a trojan, malware scanner [still free]1.5.2:
    http://www.safer-networking.org/en/download/index.html
    It is a download and install.

    I wouldn't be overly concerned but it does indicate weakness in Window's. You should seriously consider trying another OS. You could easily download and burn a live cd and run it from ram to try it out, there are plenty of nice free ones out there: Zenwalk, PCLinuxOS, SAM, Fluxbox, Xandros and another hundred more. You could even put one of them on your hard drive and dual boot for a while until you got comfortable with the alternate one.
    "Giving money and power to government is like giving whiskey and car keys to teenage boys." - P.J. O'Rourke

  16. #16
    Join Date
    Jan 2006
    Location
    Loganville, GA
    Posts
    2,172

    Default

    The fact that your firewall didn't respond to the scan means it's doing what it's supposed to do. As George said it's highly doubtable that the reported address is where the scan actually come from. And your giving them confirmation of your existence by sending them a message (with your IP attached to it) may just give them incentive to try a few more of the 65000 ports available. It's all about the challenge ya know.

    Funny these posts always end up the same. You mac-n-squash guys telling em to buy a mac and the unixheads telling em to download their free copy.

    GIVE IT UP BOYZ!! You know it ain't gonna happen!!
    "Success is not final, failure is not fatal: it is the courage to continue that counts." Winston Churchill

  17. #17
    Join Date
    Apr 2006
    Location
    Pepperell, MA.
    Posts
    3,779

    Default

    Quote Originally Posted by Bizzybee View Post

    Funny these posts always end up the same. You mac-n-squash guys telling em to buy a mac and the unixheads telling em to download their free copy.

    GIVE IT UP BOYZ!! You know it ain't gonna happen!!
    But, it already is!
    "My wife always wanted girls. Just not thousands and thousands of them......"

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Ads