any help , comment is welcome since i'm really wondering what these packets are and do.
grretz pruttel
Full Version: what about these packets that come in
hi i installed protowall a few days ago and i noticed that even when i 'm not using a p2p or browser there are loads of packets coming in (even after a reset) blocked and unblocked i'm wondering what do these packets do and why are they still sending packets even when idle. almost all packets come from port 1446 should i close it?
any help , comment is welcome since i'm really wondering what these packets are and do.
grretz pruttel
any help , comment is welcome since i'm really wondering what these packets are and do.
grretz pruttel
hi pruttel can you post a short copy of your log at all or pm me with it , so i can see exactly what sort of traffic it is..
do you have a log of the iP address the traffic is coming from? that would help a lot..
also do you have any software running that also uses the internet like a seti@home client etc , and do you have a firewall or only protowall and when was the last time [if ever] you ran a spyware cleaner..
the only thing i could find that uses the default port of 1446 was this:
TCP ora-lm Optical Research Associates License Manager
UDP ora-lm Optical Research Associates License Manager
hopefully its nothing to worry about , ill be keen to see those logs if you have them..
do you have a log of the iP address the traffic is coming from? that would help a lot..
also do you have any software running that also uses the internet like a seti@home client etc , and do you have a firewall or only protowall and when was the last time [if ever] you ran a spyware cleaner..
the only thing i could find that uses the default port of 1446 was this:
TCP ora-lm Optical Research Associates License Manager
UDP ora-lm Optical Research Associates License Manager
hopefully its nothing to worry about , ill be keen to see those logs if you have them..
ok,
here is a short transcript:
004/03/09 03:06:16 [->] REJECTED - Source is Latin America/Caribbean (LACNIC) (200.67.186.83) [protocol: TCP / destport: 1446]
2004/03/09 03:06:19 [->] REJECTED - Source is Latin America/Caribbean (LACNIC) (200.67.186.83) [protocol: TCP / destport: 1446]
2004/03/09 03:06:20 [->] non-hostile source (81.128.68.34), access granted [protocol: TCP / destport: 1446]
2004/03/09 03:06:21 [->] non-hostile source (65.50.90.24), access granted [protocol: TCP / destport: 1446]
2004/03/09 03:06:25 [->] REJECTED - Source is Latin America/Caribbean (LACNIC) (200.67.186.83) [protocol: TCP / destport: 1446]
2004/03/09 03:06:32 [->] non-hostile source (207.216.214.47), access granted [protocol: TCP / destport: 1446]
2004/03/09 03:06:32 [->] non-hostile source (217.132.107.101), access granted [protocol: TCP / destport: 1446]
2004/03/09 03:06:33 [->] non-hostile source (24.150.69.75), access granted [protocol: TCP / destport: 80]
2004/03/09 03:06:36 [->] REJECTED - Source is Latin America/Caribbean (LACNIC) (200.77.141.124) [protocol: TCP / destport: 1446]
2004/03/09 03:06:40 [->] REJECTED - Source is Latin America/Caribbean (LACNIC) (200.77.141.124) [protocol: TCP / destport: 1446]
2004/03/09 03:06:43 [->] non-hostile source (80.13.131.151), access granted [protocol: TCP / destport: 1446]
2004/03/09 03:06:45 [->] REJECTED - Source is IANA Reserved (83.26.25.152) [protocol: TCP / destport: 1446]
2004/03/09 03:06:47 [->] REJECTED - Source is Latin America/Caribbean (LACNIC) (200.77.141.124) [protocol: TCP / destport: 1446]
2004/03/09 03:06:48 [->] REJECTED - Source is IANA Reserved (83.26.25.152) [protocol: TCP / destport: 1446]
2004/03/09 03:06:50 [->] REJECTED - Source is IANA Reserved (83.32.211.203) [protocol: TCP / destport: 1446]
i check spyware/trojanetc. very often i have no firewall i guess but my machine is clean just find it strange that even not doing anything on the net there are so many packets delivered and rejected .
greetz pruttel
here is a short transcript:
004/03/09 03:06:16 [->] REJECTED - Source is Latin America/Caribbean (LACNIC) (200.67.186.83) [protocol: TCP / destport: 1446]
2004/03/09 03:06:19 [->] REJECTED - Source is Latin America/Caribbean (LACNIC) (200.67.186.83) [protocol: TCP / destport: 1446]
2004/03/09 03:06:20 [->] non-hostile source (81.128.68.34), access granted [protocol: TCP / destport: 1446]
2004/03/09 03:06:21 [->] non-hostile source (65.50.90.24), access granted [protocol: TCP / destport: 1446]
2004/03/09 03:06:25 [->] REJECTED - Source is Latin America/Caribbean (LACNIC) (200.67.186.83) [protocol: TCP / destport: 1446]
2004/03/09 03:06:32 [->] non-hostile source (207.216.214.47), access granted [protocol: TCP / destport: 1446]
2004/03/09 03:06:32 [->] non-hostile source (217.132.107.101), access granted [protocol: TCP / destport: 1446]
2004/03/09 03:06:33 [->] non-hostile source (24.150.69.75), access granted [protocol: TCP / destport: 80]
2004/03/09 03:06:36 [->] REJECTED - Source is Latin America/Caribbean (LACNIC) (200.77.141.124) [protocol: TCP / destport: 1446]
2004/03/09 03:06:40 [->] REJECTED - Source is Latin America/Caribbean (LACNIC) (200.77.141.124) [protocol: TCP / destport: 1446]
2004/03/09 03:06:43 [->] non-hostile source (80.13.131.151), access granted [protocol: TCP / destport: 1446]
2004/03/09 03:06:45 [->] REJECTED - Source is IANA Reserved (83.26.25.152) [protocol: TCP / destport: 1446]
2004/03/09 03:06:47 [->] REJECTED - Source is Latin America/Caribbean (LACNIC) (200.77.141.124) [protocol: TCP / destport: 1446]
2004/03/09 03:06:48 [->] REJECTED - Source is IANA Reserved (83.26.25.152) [protocol: TCP / destport: 1446]
2004/03/09 03:06:50 [->] REJECTED - Source is IANA Reserved (83.32.211.203) [protocol: TCP / destport: 1446]
i check spyware/trojanetc. very often i have no firewall i guess but my machine is clean just find it strange that even not doing anything on the net there are so many packets delivered and rejected .
greetz pruttel
oh slayer, there are no other clients(seti) running on my machine. you could get the whole transcript if you want!!
i hope it's nothing to worry too!
greetz pruttel
i hope it's nothing to worry too!
greetz pruttel
pruttel you should never ever go online with out a firewall , its even worse if you have a constant internet connection ..all these are inbound connections , which means people are trying to connect to your computer and some of them are being allowed , if youre not downloading then i would be very concerned about this .. have you been downloading anything recently, that could explain some connections..
constant internet connections are prime targets for people to hijack , and with no firewall , you ll never see them , at least with protowall its blocking some of it, and there many internet viruses that can infect you just from being on the internet without proper protection..
i think u really need to invest in a good personal firewall as soon as you can , protowall is great for blocking ips , but its not going to fully protect you from hackers and trojans/viruses , at least not until it has port blocking .
so how have you verified that your computer is clean ?
do you have an anti-virus and is it updated ?
i would like to see a bit more of your logs , is it all the same inbound traffic, and i think you should get a virus scan just to make sure youre not infected..
http://housecall.trendmicro.com/
constant internet connections are prime targets for people to hijack , and with no firewall , you ll never see them , at least with protowall its blocking some of it, and there many internet viruses that can infect you just from being on the internet without proper protection..
i think u really need to invest in a good personal firewall as soon as you can , protowall is great for blocking ips , but its not going to fully protect you from hackers and trojans/viruses , at least not until it has port blocking .
so how have you verified that your computer is clean ?
do you have an anti-virus and is it updated ?
i would like to see a bit more of your logs , is it all the same inbound traffic, and i think you should get a virus scan just to make sure youre not infected..
http://housecall.trendmicro.com/
ok, thanks, in the meantime i have installed the free outpost firewall and i know where the source came from. it was from the msnmessenger which i only used to keep full contact with my company even when unopene there was travel . i have norton anti-virus installed and up to date and have several spyware trojan remover proggies they didn't find anything maybe it is a leak in the messenger? all traffic is quiet now, but i don't know if outlook firewall will be the best solution.
do you still want to see more of them logs?
greetz pruttel
do you still want to see more of them logs?
greetz pruttel
its good to hear you have got a firewall , with outpost logs you will now be able to see which programs are trying to access the net and where all the connections are coming from..
so you think the traffic was from msn messenger ?
it runs constantly in the background , even if you close it down it will restart itself , so that will now need to be set up to go through outpost and you wont be getting anymore of these unknown connections....
you can use the rules wizard to create rules for your programs, try not to let anything into the trusted zone as that il allow all connections to whatever is trusted..
this will come in handy :
http://www.outpostfirewall.com/guide/index.htm
if the connections have stopped then i guess i dont need the logs at the moment , just keep an eye out for anything unusual occuring on your computer, although if youre anti-virus is updated you should be ok.
so you think the traffic was from msn messenger ?
it runs constantly in the background , even if you close it down it will restart itself , so that will now need to be set up to go through outpost and you wont be getting anymore of these unknown connections....
you can use the rules wizard to create rules for your programs, try not to let anything into the trusted zone as that il allow all connections to whatever is trusted..
this will come in handy :
http://www.outpostfirewall.com/guide/index.htm
if the connections have stopped then i guess i dont need the logs at the moment , just keep an eye out for anything unusual occuring on your computer, although if youre anti-virus is updated you should be ok.
k!
thanx for the help man, i'm trying out zonealarm now since that appears to be the ppl's choice but both worked fine to say the least! i deinstalled messenger but it still tries to connect? ah well i'm safe now i hope:)
greetz pruttel
thanx for the help man, i'm trying out zonealarm now since that appears to be the ppl's choice but both worked fine to say the least! i deinstalled messenger but it still tries to connect? ah well i'm safe now i hope:)
greetz pruttel
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.