This morning I noticed that there seemed to be, what looked like, more activity on my cable modem. The activity light doesn't usually blink unless I am doing something so I looked at the network activity and saw a constant stream of incoming traffic at an average of 2Kbps. Looking at the firewall logs I saw a lot of incoming connection attempts over UDP from IPs in Europe, Asia Pacific, and Latin America. Is this normal activity and should be ignored? Or is this something I should look into further?
The reason for my heightened alertness is I woke up one morning and Microsoft Security Essentials had blocked 5 files with names like xzzywddyse.exe and classified then as trojan's. Since I was sleeping when occurred I grew increasingly concerned so I installed BitDefender because Win7 firewall is horrible for monitoring incoming and outgoing traffice.
Below is a sample of my log file which I have also attached.
2010/09/01 09:20:02.301 [bDFW] [FILTER] Blocked packet for / from closed port because of stealth settings. Direction: Inbound, Local Address: 76.89.148.219, Remote Address: 83.197.208.193, Protocol: 6, Local Packet: 0, PID: 00000000FFFFFFFF, Process: , Cmd. Line: .
2010/09/01 09:20:02.504 [bDFW] [FILTER] Blocked packet for / from closed port because of stealth settings. Direction: Inbound, Local Address: 76.89.148.219, Remote Address: 83.114.206.62, Protocol: 6, Local Packet: 0, PID: 00000000FFFFFFFF, Process: , Cmd. Line: .
2010/09/01 09:20:03.284 [bDFW] [FILTER] Blocked packet for / from closed port because of stealth settings. Direction: Inbound, Local Address: 76.89.148.219, Remote Address: 65.35.131.13, Protocol: 6, Local Packet: 0, PID: 00000000FFFFFFFF, Process: , Cmd. Line: .
2010/09/01 09:20:03.471 [bDFW] [FILTER] Blocked packet for / from closed port because of stealth settings. Direction: Inbound, Local Address: 76.89.148.219, Remote Address: 87.95.66.200, Protocol: 17, Local Packet: 0, PID: 00000000FFFFFFFF, Process: , Cmd. Line: .
2010/09/01 09:20:03.986 [bDFW] [FILTER] Blocked packet for / from closed port because of stealth settings. Direction: Inbound, Local Address: 76.89.148.219, Remote Address: 78.227.86.212, Protocol: 6, Local Packet: 0, PID: 00000000FFFFFFFF, Process: , Cmd. Line: .
2010/09/01 09:20:04.423 [bDFW] [FILTER] Blocked packet for / from closed port because of stealth settings. Direction: Inbound, Local Address: 76.89.148.219, Remote Address: 199.126.150.72, Protocol: 6, Local Packet: 0, PID: 00000000FFFFFFFF, Process: , Cmd. Line: .
2010/09/01 09:20:04.563 [bDFW] [FILTER] Blocked packet for / from closed port because of stealth settings. Direction: Inbound, Local Address: 76.89.148.219, Remote Address: 86.77.174.119, Protocol: 6, Local Packet: 0, PID: 00000000FFFFFFFF, Process: , Cmd. Line: .
2010/09/01 09:20:04.735 [bDFW] [FILTER] Blocked packet for / from closed port because of stealth settings. Direction: Inbound, Local Address: 76.89.148.219, Remote Address: 88.140.92.173, Protocol: 6, Local Packet: 0, PID: 00000000FFFFFFFF, Process: , Cmd. Line: .
2010/09/01 09:20:05.000 [bDFW] [FILTER] Blocked packet for / from closed port because of stealth settings. Direction: Inbound, Local Address: 76.89.148.219, Remote Address: 81.50.247.184, Protocol: 6, Local Packet: 0, PID: FFFFF880FFFFFFFF, Process: , Cmd. Line: .
2010/09/01 09:20:06.966 [bDFW] [FILTER] Blocked packet for / from closed port because of stealth settings. Direction: Inbound, Local Address: 76.89.148.219, Remote Address: 38.99.220.14, Protocol: 6, Local Packet: 0, PID: 00000000FFFFFFFF, Process: , Cmd. Line: .
2010/09/01 09:20:07.340 [bDFW] [FILTER] Blocked packet for / from closed port because of stealth settings. Direction: Inbound, Local Address: 76.89.148.219, Remote Address: 199.126.150.72, Protocol: 6, Local Packet: 0, PID: 00000000FFFFFFFF, Process: , Cmd. Line: .
2010/09/01 09:20:07.746 [bDFW] [FILTER] Blocked packet for / from closed port because of stealth settings. Direction: Inbound, Local Address: 76.89.148.219, Remote Address: 81.51.179.97, Protocol: 6, Local Packet: 0, PID: 00000000FFFFFFFF, Process: , Cmd. Line: .
2010/09/01 09:20:07.995 [bDFW] [FILTER] Blocked packet for / from closed port because of stealth settings. Direction: Inbound, Local Address: 76.89.148.219, Remote Address: 81.50.247.184, Protocol: 6, Local Packet: 0, PID: 00000000FFFFFFFF, Process: , Cmd. Line: .
2010/09/01 09:20:08.011 [bDFW] [FILTER] Blocked packet for / from closed port because of stealth settings. Direction: Inbound, Local Address: 76.89.148.219, Remote Address: 90.44.233.83, Protocol: 6, Local Packet: 0, PID: 00000000FFFFFFFF, Process: , Cmd. Line: .
2010/09/01 09:20:08.183 [bDFW] [FILTER] Blocked packet for / from closed port because of stealth settings. Direction: Inbound, Local Address: 76.89.148.219, Remote Address: 77.201.157.124, Protocol: 17, Local Packet: 0, PID: FFFFFA80FFFFFFFF, Process: , Cmd. Line: .
2010/09/01 09:20:08.479 [bDFW] [FILTER] Blocked packet for / from closed port because of stealth settings. Direction: Inbound, Local Address: 76.89.148.219, Remote Address: 83.114.206.62, Protocol: 6, Local Packet: 0, PID: 00000000FFFFFFFF, Process: , Cmd. Line: .
2010/09/01 09:20:09.228 [bDFW] [FILTER] Blocked packet for / from closed port because of stealth settings. Direction: Inbound, Local Address: 76.89.148.219, Remote Address: 77.201.157.124, Protocol: 6, Local Packet: 0, PID: 00000000FFFFFFFF, Process: , Cmd. Line: .
2010/09/01 09:20:09.696 [bDFW] [FILTER] Blocked packet for / from closed port because of stealth settings. Direction: Inbound, Local Address: 76.89.148.219, Remote Address: 82.240.106.182, Protocol: 6, Local Packet: 0, PID: FFFFFA80FFFFFFFF, Process: , Cmd. Line: .
2010/09/01 09:20:09.821 [bDFW] [FILTER] Blocked packet for / from closed port because of stealth settings. Direction: Inbound, Local Address: 76.89.148.219, Remote Address: 90.47.62.177, Protocol: 17, Local Packet: 0, PID: 00000000FFFFFFFF, Process: , Cmd. Line: .
/applications/core/interface/file/attachment.php?id=6677" data-fileid="6677" rel="">bdfirewall.txt
