Someone's trying to gain access to my Computer.

[WVbeekeeper]

Someone is trying to access my computer. It was happening a while ago a few times and this is what my firewall said;

*Your Firewall* prevented a remote computer from connecting to port 1080 on your computer. This connection attempt was probably a port scan attempting to locate unprotected or misconfigured proxy servers. To learn more about port scans, see the Details tab.

After clicking the details tab it said;

"This alert was probably caused by a port scan aimed at locating unprotected or misconfigured proxy servers.
Proxy servers are popular targets for hackers because they can be used as anonymous relay points, protecting the hacker's identity. They can also be used to circumvent hardware-based firewalls.
About Port Scans
Port scanning means using an automated tool to systematically try to connect to every port on a computer. While port scans have some legitimate uses, hackers use them to look for unprotected computers with unguarded ports, typically scanning random blocks of Internet addresses.
Successful port scans can retrieve a variety of information about a computer, such as its operating system and the programs it is running. Because you are using *Your Firewall*, your computer remains invisible to port scans. Hackers performing scans do not even know your computer exists, because no information is returned by the scan."

After clicking on the Hacker ID tab this pops up;

Details about 220.242.7.9, the IP address of the computer that caused the alert you received from *Your Firewall*, are provided in the *Who is* report below. The information in the *Who is* report comes from the Regional Internet Registry (RIR) for the region where 220.242.7.9 is located: ARIN, RIPE, LACNIC or APNIC. The name of the RIR appears in the *Who is* report.
The *Who is* report includes the name, address and contact information for the Internet Service Provider (ISP) that administers the block of IP addresses that contains 220.242.7.9. The report probably does not list the administrator of the specific computer at IP address 220.242.7.9.
You should not assume that individuals listed in this report are responsible for the alert you received on your computer.



Of course I got a map of the location of the IP address block but that's about as far as I can get;



"This map is our best attempt to provide information about the physical location of IP address 220.242.7.9. It may not correspond to the location of any administrative contacts for this IP address."

I also reported it. The only weird thing about it is that when I was logged on earlier they tried then about four or five times before I logged out. I was logged out for a while and had no other warnings. When I logged back in I almost immediately got the warning and have had three more while typing this. My computer is safe and they have not breached the firewall. What I would like to know is why is it only happening while I'm logged in here and no where else. Barry, I was just wanting you know and ask can you do something about it or do you have any suggestions for anything else I can do on my end?

[drobbins]

it would appear to be this gentleman or someone using his computer
this is the result of a "whois" query

person: Ken Zeng
nic-hdl: KZ50-AP
e-mail: ken.zeng@etrunk.cn
address: 7/F, Wang Yuan Building, No. 62 Mei Bin Bei Road,
address: Mei Hua Yuan, Guangzhou, China.
phone: +86-20-87273328-107
fax-no: +86-20-87273298
country: CN
changed: ken.yang@etrunk.cn 20060726
mnt-by: MAINT-CN-ETRUNK
source: APNIC


maybe you should call him collect

Dave

[Matt Guyrd]

Is it possible that you have a virus, trojan, or spyware?

Just some thoughts...when you login, the program (virus/trojan/spyware) might be "phoning home" to the guy in China and then his server is replying with port scans to see if you have any Windows (assuming you are using Windows) vulnerabilities.

I would be sure all Windows security updates are installed, virus scanning is enabled and up-to-date (do a full scan too), and you have a good spyware program installed and up-to-date. Do a full spyware scan too.

If you don't have spyware protection, download AVG's anti-spyware software...it's quite good. It is free for the first 30 days....long enough to do a good scan.

Hope that helps. Good news is your firewall appears to be doing it's job. Which firewall are you using?

Matt

[WVbeekeeper]

I checked out my virus vault and I guess he put "Trojan horse Downloader.Zlob.VM" i figure you're right and it was calling out. I took of the problem this morning and checked my other programs out and everything seems fine now. Thanks.

I did email the guy but didn't think to call collect. I don't he would have understod me anyway seeing how he is in Guangzhou, China. I could hear him now, "No speaky engless." lol

[George Fergusson]

Relax. You're being port-scanned, it happens all the time. As long as they don't find a port that they can exploit, you're OK. There's no sense reporting it either because nothing illegal has been done. A port scan is tantamount to calling someone's phone, knocking on their door or pushing their door bell- nothing wrong illegal about that. The fact that it might be done for the purpose of finding out if anyone is home so they can rob the place is hard to prove. Sadly, the authorities have better things to do than chase down and fail to prosecute people doing port scans.

Hey! It might even have been some computer security student doing research for a thesis

it would appear to be this gentleman or someone using his computer
this is the result of a "whois" query

You can't automatically assume this. The very fact that they're searching for an open proxy server port to exploit suggests they've probably already found one and that the address they appear to be coming from is not their true address. Nobody with nefarious intentions wants their real IP address out there for everyone to see. I wouldn't

[George Fergusson]

I might add that the biggest vulnerability you face comes from running Microsoft software and that viruses and trojan programs don't come from people scanning your computer or firewall for open ports, they come from people sending you infected email messages or from you visiting suspect web sites that use your browser to put files on your computer. In that regard, your choice of software is critical. If you use Microsoft Outlook Express and/or Internet Explorer for example, it's just a matter of time before your computer gets infected.

Virus writers and people scanning ports are in fundamentally different lines of work. People doing port scans are not looking to infect your computer with a virus. They have other uses of your computer in mind.

Just some thoughts...when you login, the program (virus/trojan/spyware) might be "phoning home" to the guy in China and then his server is replying with port scans to see if you have any Windows (assuming you are using Windows) vulnerabilities.

If they've got a program running on your computer, they've already penetrated your firewall and they know everything they want to know. You're compromised. It's time to party

It's a rare firewall that blocks connections made from the inside.

[TwT]

It's a rare firewall that blocks connections made from the inside.

I didn't think it was that rare anymore George, I have Kaspersky security suit protecting all my computers, it blocks everything going out unless I have it on a trusted list....


and by the way, look at ole computer savvy George, you would think he was Bill Gates with all that top Knowledge ,

[pcelar]

Someone is trying to access my computer.

WV switch to Mac and have no worries!
No bugs, no worms, no viruses, no blue screens, ...

[BULLSEYE BILL]

...but I like blue screens!

[Beaches' Bee-Haven Apiary]

...but I like blue screens!

Mac even better now with Boot Camp, or better yet Parallels! Never miss your retarded Windows OS and also use the superior Mac OS X Leapord!

-Nathanael

[Barry]

and also use the superior Mac OS X Leapord!

You're talking Greek to everyone you know . . . but us Mac heads know about the cat family! Shhhh, we like it just the way it is. Don't rock the boat.

[BeekeeperBill]

i would simply suggest getting a router. i'm not a big fan of firewalls. from a support stand point, too much management on a single user level (for small businesses anyway). I've always just used a router and good antivirus and never had a problem in years.

good luck,
bill w.

[xC0000005]

My guess is that it's just someone looking for a wingate to abuse. If they were trying to control the computer they'd do more nefarious things. I like to keep a TCP sink running on a few of my favorite ports just to see what sort of trash pops in.

There are a lot of unsecured wingates still running.

[tecumseh]

Barry writes:
You're talking Greek to everyone you know . . . but us Mac heads know about the cat family! Shhhh

tecumseh replies:
ya' mean 'Geek' to everyone you know...

and shhh... only us cats need know.

[mistergil]

It may not be anything but go here anyway and see just what vulnerabilities may exist with your current firewall [it's free]:
https://www.grc.com/x/ne.dll?bh0bkyd2

Another valuable tool is "Spybot SD", a trojan, malware scanner [still free]1.5.2:
http://www.safer-networking.org/en/download/index.html
It is a download and install.

I wouldn't be overly concerned but it does indicate weakness in Window's. You should seriously consider trying another OS. You could easily download and burn a live cd and run it from ram to try it out, there are plenty of nice free ones out there: Zenwalk, PCLinuxOS, SAM, Fluxbox, Xandros and another hundred more. You could even put one of them on your hard drive and dual boot for a while until you got comfortable with the alternate one.

[Bizzybee]

The fact that your firewall didn't respond to the scan means it's doing what it's supposed to do. As George said it's highly doubtable that the reported address is where the scan actually come from. And your giving them confirmation of your existence by sending them a message (with your IP attached to it) may just give them incentive to try a few more of the 65000 ports available. It's all about the challenge ya know.

Funny these posts always end up the same. You mac-n-squash guys telling em to buy a mac and the unixheads telling em to download their free copy.

GIVE IT UP BOYZ!! You know it ain't gonna happen!!

[Ravenseye]

Funny these posts always end up the same. You mac-n-squash guys telling em to buy a mac and the unixheads telling em to download their free copy.

GIVE IT UP BOYZ!! You know it ain't gonna happen!!

But, it already is!