danksy Posted February 13, 2005 Report Share Posted February 13, 2005 Guys, Should I be worried? Looks like my firewall has been working overtime the last few days! 2005.02.13 15:25:05 192.168.1.2 login success 2005.02.13 14:55:15 ATM get IP:84.9.68.97 2005.02.13 14:55:09 ATM start PPP 2005.02.13 14:55:09 Dial On Demand(ATM) 2005.02.13 14:54:55 sending ACK to 192.168.1.2 2005.02.13 12:12:16 ATM stop PPP 2005.02.13 11:50:25 ATM get IP:84.9.70.163 2005.02.13 11:50:21 ATM start PPP 2005.02.13 11:50:21 Dial On Demand(ATM) 2005.02.13 11:49:24 sending ACK to 192.168.1.2 2005.02.13 11:49:16 sending ACK to 192.168.1.2 2005.02.13 11:49:11 sending ACK to 192.168.1.2 2005.02.13 11:40:51 ATM stop PPP 2005.02.13 11:30:59 ATM get IP:84.9.79.40 2005.02.13 11:30:58 sending ACK to 192.168.1.2 2005.02.13 11:30:57 ATM start PPP 2005.02.13 11:30:57 Dial On Demand(ATM) 2005.02.13 11:07:53 ATM stop PPP 2005.02.13 10:54:34 sending ACK to 192.168.1.2 2005.02.13 10:54:31 ATM get IP:84.9.80.82 2005.02.13 10:54:29 ATM start PPP 2005.02.13 10:54:29 Dial On Demand(ATM) 2005.02.13 10:38:48 ATM stop PPP 2005.02.13 10:11:48 sending ACK to 192.168.1.3 2005.02.13 09:57:07 sending ACK to 192.168.1.2 2005.02.13 09:06:33 ATM get IP:84.9.80.238 2005.02.13 09:06:31 ATM start PPP 2005.02.13 09:06:31 Dial On Demand(ATM) 2005.02.13 09:06:01 sending ACK to 192.168.1.2 2005.02.13 09:05:54 sending ACK to 192.168.1.2 2005.02.13 09:05:49 sending ACK to 192.168.1.2 2005.02.13 00:19:56 ATM stop PPP 2005.02.13 00:14:51 ATM get IP:84.9.83.141 2005.02.13 00:14:46 ATM start PPP 2005.02.13 00:14:46 Dial On Demand(ATM) 2005.02.12 22:16:26 ATM stop PPP 2005.02.12 21:29:16 ATM get IP:84.9.81.147 2005.02.12 21:29:11 ATM start PPP 2005.02.12 21:29:11 Dial On Demand(ATM) 2005.02.12 21:28:42 sending ACK to 192.168.1.2 2005.02.12 21:28:33 sending ACK to 192.168.1.2 2005.02.12 21:28:29 sending ACK to 192.168.1.2 2005.02.12 21:22:11 ATM stop PPP 2005.02.12 21:16:16 **Ping of Death/Tear Drop** 213.37.87.212, 59238->> 192.168.1.3, 10973 (from ATM Inbound) 2005.02.12 21:12:56 **Smurf** 201.7.57.0, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.12 21:12:50 **Smurf** 201.7.57.0, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.12 21:12:44 **Smurf** 201.7.57.0, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.12 21:12:38 **Smurf** 201.7.57.0, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.12 21:12:31 **Smurf** 201.7.57.0, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.12 21:05:59 **UDP Flood to Host** 65.11.63.117, 50418->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.12 21:05:59 **UDP Flood to Host** 81.156.218.40, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.12 20:40:03 NTP Date/Time updated. 2005.02.12 20:47:40 ATM get IP:84.9.91.149 2005.02.12 20:47:36 ATM start PPP 2005.02.12 20:47:36 Dial On Demand(ATM) 2005.02.12 20:47:34 sending ACK to 192.168.1.3 2005.02.10 22:48:08 ATM stop PPP 2005.02.10 21:34:47 sending ACK to 192.168.1.2 2005.02.10 21:24:13 sending ACK to 192.168.1.2 2005.02.10 21:24:05 sending ACK to 192.168.1.2 2005.02.10 21:24:02 sending ACK to 192.168.1.2 2005.02.10 19:17:54 **ICMP Redirect** 80.142.242.144->> 84.9.70.53, Type:5, Code:1 (from ATM Inbound) 2005.02.10 19:17:48 **ICMP Redirect** 80.142.242.144->> 84.9.70.53, Type:5, Code:1 (from ATM Inbound) 2005.02.10 19:17:42 **ICMP Redirect** 80.142.242.144->> 84.9.70.53, Type:5, Code:1 (from ATM Inbound) 2005.02.10 19:17:35 **ICMP Redirect** 80.142.242.144->> 84.9.70.53, Type:5, Code:1 (from ATM Inbound) 2005.02.10 19:17:30 **ICMP Redirect** 80.142.242.144->> 84.9.70.53, Type:5, Code:1 (from ATM Inbound) 2005.02.10 18:58:49 sending ACK to 192.168.1.2 2005.02.10 18:58:40 sending ACK to 192.168.1.2 2005.02.10 18:58:35 sending ACK to 192.168.1.2 2005.02.10 18:04:59 **UDP Flood to Host** 192.168.1.3, 6346->> 24.8.6.142, 6346 (from ATM Outbound) 2005.02.10 18:04:59 **UDP Flood to Host** 192.168.1.3, 6346->> 80.213.124.54, 6346 (from ATM Outbound) 2005.02.10 18:04:59 **UDP Flood to Host** 192.168.1.3, 6346->> 80.137.72.108, 6346 (from ATM Outbound) 2005.02.10 18:04:59 **UDP Flood to Host** 192.168.1.3, 6346->> 61.50.169.82, 6346 (from ATM Outbound) 2005.02.10 18:04:59 **UDP Flood to Host** 192.168.1.3, 6346->> 82.75.68.163, 6346 (from ATM Outbound) 2005.02.10 18:04:59 **UDP Flood to Host** 192.168.1.3, 6346->> 84.27.47.203, 6346 (from ATM Outbound) 2005.02.10 18:04:59 **UDP Flood to Host** 192.168.1.3, 6346->> 68.147.173.70, 6346 (from ATM Outbound) 2005.02.10 18:04:59 **UDP Flood to Host** 192.168.1.3, 6346->> 162.40.219.157, 6346 (from ATM Outbound) 2005.02.10 18:04:59 **UDP Flood to Host** 192.168.1.3, 6346->> 83.173.242.124, 6346 (from ATM Outbound) 2005.02.10 18:04:59 **UDP Flood to Host** 192.168.1.3, 6346->> 81.244.176.80, 6346 (from ATM Outbound) 2005.02.10 18:04:59 **UDP Flood to Host** 192.168.1.3, 6346->> 84.82.236.247, 6346 (from ATM Outbound) 2005.02.10 18:04:59 **UDP Flood to Host** 192.168.1.3, 6346->> 203.130.226.203, 6346 (from ATM Outbound) 2005.02.10 18:04:59 **UDP Flood to Host** 192.168.1.3, 6346->> 81.205.222.212, 6346 (from ATM Outbound) 2005.02.10 18:04:59 **UDP Flood to Host** 192.168.1.3, 6346->> 68.221.238.249, 6346 (from ATM Outbound) 2005.02.10 18:04:59 **UDP Flood to Host** 192.168.1.3, 6346->> 83.32.157.24, 6346 (from ATM Outbound) 2005.02.10 18:04:59 **UDP Flood to Host** 192.168.1.3, 6346->> 205.250.119.28, 6346 (from ATM Outbound) 2005.02.10 17:58:25 sending ACK to 192.168.1.2 2005.02.10 17:58:17 sending ACK to 192.168.1.2 2005.02.10 17:58:13 sending ACK to 192.168.1.2 2005.02.10 17:16:38 **UDP Flood to Host** 192.168.1.3, 6346->> 82.65.170.56, 16523 (from ATM Outbound) 2005.02.10 16:46:15 **UDP Flood to Host** 192.168.1.3, 6346->> 81.58.115.243, 6346 (from ATM Outbound) 2005.02.10 16:46:15 **UDP Flood to Host** 192.168.1.3, 6346->> 83.118.233.132, 6346 (from ATM Outbound) 2005.02.10 16:46:15 **UDP Flood to Host** 192.168.1.3, 6346->> 82.65.176.146, 6346 (from ATM Outbound) 2005.02.10 16:01:51 **UDP Flood to Host** 84.28.61.233, 12748->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:51 **UDP Flood to Host** 81.53.179.138, 3108->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:51 **UDP Flood to Host** 24.86.163.67, 6572->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:51 **UDP Flood to Host** 201.12.131.215, 19304->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:51 **UDP Flood to Host** 82.7.228.94, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 217.132.68.15, 25657->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 83.82.74.83, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 69.195.144.167, 63938->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 81.211.218.231, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 82.227.36.30, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 67.168.96.241, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 154.20.191.148, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 84.25.38.71, 33687->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 82.0.183.177, 10974->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 69.210.248.157, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 24.220.151.197, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 80.223.73.128, 6837->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 200.93.97.192, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 201.1.37.31, 36644->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 24.43.155.51, 62774->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 81.192.199.132, 42123->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 82.34.19.137, 9856->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 172.176.228.9, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 151.41.76.35, 18973->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 210.24.124.98, 24789->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 200.163.192.22, 52672->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 68.234.90.24, 20->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 80.109.209.136, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 141.154.50.246, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 64.230.182.58, 61644->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 62.57.13.78, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 217.43.63.103, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 24.164.106.135, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 65.93.199.114, 6885->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 84.101.53.164, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 80.108.253.73, 35010->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 213.60.249.9, 1155->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 83.157.29.16, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 68.194.33.234, 1025->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 69.106.190.160, 17476->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 70.66.103.190, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 216.162.144.18, 40933->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 24.132.53.186, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 24.104.5.24, 47756->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 69.198.121.55, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 68.113.238.210, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 172.206.130.192, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 83.115.188.197, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:01:50 **UDP Flood to Host** 83.113.177.145, 6346->> 192.168.1.3, 6346 (from ATM Inbound) 2005.02.10 16:00:28 NTP Date/Time updated. 2004.10.01 00:00:56 ATM get IP:84.9.70.53 2004.10.01 00:00:51 ATM start PPP 2004.10.01 00:00:51 Dial On Demand(ATM) 2004.10.01 00:00:06 sending ACK to 192.168.1.3 2004.10.01 00:00:00 ATM start PPP 2004.10.01 00:00:00 Dial On Demand(ATM) Link to comment Share on other sites More sharing options...
sitas3 Posted February 13, 2005 Report Share Posted February 13, 2005 Doesn't look healthy to me but you need someone like Phil-To to cast his expert eye over. Are you running Gnutella or another P2p download program? something is accessing port 6346 which is the common port for these programs. Is your firewall configured to forward all requests on this port to an internal machine or something? if so and you're not running any of these download programs, then stop access to this port on the firewall. is there a machine at Ip Address 192.168.1.3 inside your network? run all the tests at https://grc.com/x/ne.dll?bh0bkyd2 to find any holes. Link to comment Share on other sites More sharing options...
KEVINP Posted February 13, 2005 Report Share Posted February 13, 2005 Looks like someone from Brazil is trying to connect to your PC for a Gnutella P2P connection. IF you have a software Firewall like Norton then you can block the port here also and that would make sense. If you are using DHCP make a note of your IP address and then disconnect for a while. When you connect again you should have a different address and the connections may very well stop. I had this a while ago with someone trying to access my PC every 10 mins. Use the following links to check out your security Symantec http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym Also grc.com https://grc.com/x/ne.dll?bh0bkyd2 You can also see who is "hacking" you by using a IP lookup that tells you who the IP address is registered to . http://psacake.com/web/eg.asp Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now