firewall
I installed zone alarm firewall, and it blocked a big number of attempts of acces to my computer. That is ok, because that is its purpose, right? But there were some attempts that I didn't understood and I didn' t like.
86-123-209-244.rdsnet.ro(86.123.209.244)TCP Port 3208
86.123.44.171.rdsnet.ro TCP 1922 ??????
Rds-rcs is the company that gave me acces to internet. So why would they try to acces my computer? Are those attempts normal? If not, then what do you all think of this situation??...
Oh and please don' t merge my topic again
Comments
-
You should post the source port and the destination port. From your log i can`t figure what are those connection.
I could be a connection with your DNS server, but this only a assumption.0 -
Hi Arina.
Those connection attempts are not necesarly made by your ISP. They are connection attempts from outside, what I mean is that other computers attempted to connect to your computer. If ZA blocked the attempts you shouldn't worry. However, those IP addresses don't look like belonging to a server, and I'm sure that you don't run a server either. If you would like, you could report those attempts at the abuse office of your ISP (they should have an e-mail address), or ask them what to do, they may be legit attempts from DNS etc. I don't have the same ISP, and I can't give you more advices or info.
Port 1922 is called "Tapestry" and there aren't any viruses, worms etc. which transmit through this port as far as I know.
As for port 3208 I really don't know what is his purpose, all I can tell you is his name: PFU PR Callback
Andrei0 -
You'd better ask rds why are you receiving incoming traffic from them , but I think that were connections of different. The first is your own ISP that is doing what he wants and the second could be a dc++connection or something similar.
0 -
You should post the source port and the destination port. From your log i can`t figure what are those connection.
I could be a connection with your DNS server, but this only a assumption.
Ok. The exact message that zone alarm gives me is: The firewall has blocked Internet access to your computer (TCP Port 1433) from 86-123-36-204.rdsnet.ro (86.123.36.204) (TCP Port 4892) [TCP Flags: S]. This is a new attempt that was blocked a minute ago.
New one again: From 223.140.123.86.rdspt.ro (86.123.140.223) (TCP Port 4604)0 -
A TCP packet which has the flag S (S for SYN) enabled just mean that it is a connection attempt.The firewall block it so you are protected.
SYN
A control bit in the incoming segment, occupying one sequence number, used at the initiation of a connection, to indicate where the sequence numbering will start.
Like Florin said it could be a dc++connection.
You will find a lot of inbound connection in firewall log, but if they are blocked you should not worry.0 -
Port 1433 is the Microsoft SQL server... That computer should't have any reason to connect on it except if you run a SQL server on your machine... There is worm, called "SQL snake" which transmits through this port, so this connection attempts could due to the fact that the remote machine which attempts to connect to your PC is infected. This could be a reason. Check to see if you port 1433 is open (START -> Run -> cmd.exe <enter>) and type in the following command:
telnet localhost 1433
Post oif the connection attempt worked or not. Don't forgett to allow the connection if ZA asks you to.
Andrei0 -
Andrei
It failed.
What is a dc++ connection?0 -
If the attempt failed, you shouldn't worry. You don't have any program listening for incoming connections on port 1433.
DC++ are famous direct connect programs, which let's you share data so that others can download it and so that you can download others' shared data.
Andrei0 -
Do you use ODC++ or you have enter on a HUB?
DC++ client is a program for file sharing.0 -
Do you use ODC++ or you have enter on a HUB?
DC++ client is a program for file sharing.
Well,...? I don' t think so, i never wanted to share anything with anyone . And again what do you mean by ODC++ and Hub. I had my computer given to someone for a few days, to install my sistem again, clean it of viruses... Could that man do something so that my files would be shared somehow?0 -
Hi, Arina!
You're files are shared only as long as your DC client is running. If you don't have such a software installed, you don't have to worry.
A hub is like a server, where many user's join, so that they can exchange data between them. For example, if we both join the hub named "X", you could download my shared data and I could download your shared data.
Andrei0 -
Andrei
How can I verify if i have this software installed? I mean were could I find it, in add/remove programs, in start window, or where, could it be hiden?0 -
You could browse Program Files folder to see if anything like that is installed. Generally, this programs do not require a Setup, so they may not appear in Add/Remove programs. You could also make a search by going to START -> Search to see if you find anything.
Andrei0 -
[Andrei
I don't think there is anything but question: if somehow datas would be transmited from my computer with out me knowing, zone alarm should worn me right, I mean something like my computer is trying to acces the internet, like in the case of my other programs avira...0 -
Hi, Arina!
Yep, a firewall monitors all kinf of internet/network traffic. You don't have to worry as long as you have a firewall installed.
Andrei0