Possible hacking atempt?

Discussion in 'Windows Desktop Systems' started by Fenris, Oct 8, 2004.

  1. Fenris

    Fenris OSNN Senior Addict

    Messages:
    267
    I am getting strange activity on my network even when im just idle from random ips. I checked the incoming Log and it shows a large ammount of ips trying to conect to me on port number 4672 and 4662. It just keeps happening over and over again. I havent noticed any changed data or spywear/trojans on my computer so i dont think anyone has hacked in but i just dont see why i would get so much traffic coming in on those ports when my computer is idle.
     
  2. Fenris

    Fenris OSNN Senior Addict

    Messages:
    267
    I restarted my DSL and there is no more activity on those ports. Im not really sure whats up so any information would be helpfull.
     
  3. Fenris

    Fenris OSNN Senior Addict

    Messages:
    267
  4. lancer

    lancer There is no answer! Political User Folding Team

    Messages:
    3,093
    Location:
    FL, USA
    try and close both of those ports, this sounds like an automated computer attack to me.
     
  5. Glaanieboy

    Glaanieboy Moderator

    Messages:
    2,626
    Location:
    The Netherlands
    Do you have a dynamic or static IP?
     
  6. ming

    ming OSNN Advanced

    Messages:
    4,252
    Location:
    UK
    Yeah, 4672 and 4662 are the default ports for emule/edonkey. I don't think it's an attack on your system. Not sure about emule, but it's probably edonkey users scan the network for available clients...
     
  7. lancer

    lancer There is no answer! Political User Folding Team

    Messages:
    3,093
    Location:
    FL, USA
    :eek: :eek: no its an attack we're all gonna die arrgghhhhh :eek: :eek:
     
  8. Fenris

    Fenris OSNN Senior Addict

    Messages:
    267
    hehe alright...ill just close the ports hopefully that will stop it
     
  9. Lee

    Lee OSNN Proxy

    Nope that's not till 2006, so don't worry for now.

    As for the connection attempts just stealth the ports, log the ip's do a trace and make a complaint to their isp.
     
  10. Mainframeguy

    Mainframeguy Debiant by way of Ubuntu Folding Team

    Messages:
    3,763
    Location:
    London, UK
    You think they will want to know?!! :rolleyes:
     
  11. Xie

    Xie - geek - Subscribed User Folding Team

    Messages:
    5,275
    Location:
    NY, USA
    I agree. Also if your not using the ports they shouldn't be open in the 1st place. ;) This kind of activity happens alot really. Could be people just doing random scans trying to find someone with an open port (in this case people on p2p) that they can "explore". :) This and all those nice admins that use default user/passwords probably make up 99% of the 0-day ftp/xdcc/ect you "see" around. Moral of the story ... close your ports unless you have a reason for them to be open. :p </sleepyrant>
     
  12. Tuffgong4

    Tuffgong4 The Donger Need Food!!!! Political User

    Messages:
    2,465
    Location:
    Chicago
    you can also have the programs on your computer trigger ports when they need access...I have no idea how to do it with my router(wish I did!) but it's worth a shot if you need to have some ports open
     
  13. Tweakfiend

    Tweakfiend OSNN Senior Addict

    Messages:
    340
    Location:
    UK
    Time to use Zone Alarm or similar and change from IE6 to a different browser
     
  14. American Zombie

    American Zombie Moderator Staff Member Political User

    Messages:
    2,934
    Location:
    Seattle
    What does IE have to do with those particular ports being open? :rolleyes:
     
  15. Fenris

    Fenris OSNN Senior Addict

    Messages:
    267
    Im trying to set up port forwarding for ports that I need but im not sure how well its doing....I think i have it set up right, but for programs like MIRC that use the ports First 1024 last 5000 does that mean i would have to have all the ports inbetween there to use DCC? Will i have to open a port for every game i play or is it just if i want to host a game?

    Was hoping to read the manuall but i cant seem to download the PDF anyway i have a Linksys BEFSR41 V3
     
  16. Xie

    Xie - geek - Subscribed User Folding Team

    Messages:
    5,275
    Location:
    NY, USA
    I wouldn't open that many ports for mIRC. You only need 1 port per dcc transfer. I think 3-5 ports would be more then enough. So in mIRC you would set it to use for example 1024 - 1029 (tcp only) or whatever you choose. Then on your router you would set that same set of ports forwarded to the internal IP of the computer your running mIRC from. As for games you will have to read manual or forums for them and find out what ports they use and if you need any forwarded and set them just like you did for mIRC.
     
  17. Fenris

    Fenris OSNN Senior Addict

    Messages:
    267
    alright thanks Xie...i thought that was a large number of ports for only one download