Port scan

Leigh
Leigh
in Intrusion detection

Hi,

I got an alert for a port scan and im a little bit concerned.

Quoted: " the firewall has blocked a port scan from remote host 204.79.197.200 on ports 64848, 64849, 64844, 64851, 64855"

Example of attacked port:

443 -> 64848 (tcp) (https)

However when looking up the ip address it says that it belongs to Microsoft and bing. But other places were calling it a proxy server that hackers could use.

I'm concerned about this as I ran a netstat cmd on the computer and found that the ip address is connected to a port on my computer.

Port 60884 -> 204.79.197.200:443 = established

A similar ip address being:

Port 49364 -> 204.79.197.222:444 = established

Overall I'm concerned and confused as I only have limited knowledge about all of this. I'm worried that I have have been hacked.

Tagged:

All Time Leaders

Categories

Defenders of the month