I'm writing this post to see if anyone else out there has been experiencing similiar events.
I'm running WinXP on a HP laptop atm with a dialup connection from my local ISP Telus. I'm in Canada in the province of British Columbia using what used to be BC Tel (now american owned Telus)
My IP address will either be in the 207.102.127s or in the 209.52.192s. When I'm on the 207s I notice suspicious traffic from 207s, and when I have a 209, suspicious traffic from 209s (typically from 207.102s or 209.52s alot of the time).
I'm used to seeing what I call background noise - hits to port 1026, 1027, and the occasional 139, but this is particular interest in 135 and 445 along with 139.
Occasionaly when I first come online, NAV shows a worm alert for the Bla Backdoor Trojan trying to get into my local adapter on port 1042 coming from the same IP address that my ISP has just assigned me. Much of the 135, 139, and 445 interest comes from very close to home and occasionaly even from a 207.102.127 or a 209.52.192 address.
I've tried port scanning them back and what not but that just seems to intensify their curiosity.
Lately, I've had a few pokes from acmeinfo.com and today when scanning back 207.102.11.224 who was checking my port 445, PG blocked ICMPs from 204.239.129.94 - Discovery Learning Services.
Discovery is merely a few miles away from the Telus head office in Burnaby.
Does anyone have any idea what's going on? If my isp had any questions or concerns they could email me as they have my address but that hasn't happenned yet.
I'm currently running PG2, Zonealarm free (I let PG2 block it's calling home attempts on port 443), Norton Antivirus, Spyware Blaster, Spybot Search & Destroy, Adaware free, and Anti-Trojan Shield 2. All scans come up clean so far. I use Mozilla Firefox mainly but have occasionally used IE.
Just wondering what all the snooping is about?
Since I've had this IP address so far today (207.102.127.30) for about 3 hours or so I've noticed:
207.102.11.224 - 5 445 hits and 4 135 hits
207.102.11.193 - 1 135
207.102.33.33 - 1 445
207.102.38.7 - 1 139
207.102.33.66 - 1 445
207.68.242.131 - 1 139
207.255.36.185 - 1 135
Full Version: Local Snooping
Update from my firewall logs:
207.195.199.3 - 1 445 that's spock.acmeinfo.com
207.112.65.238 1 - 135
207.102.33.108 1 - 139
207.179.101.131 1 - 139
207.254.248.226 1 - 445
...makes me feel as if I've become some kind of threat to national security or something...
207.195.199.3 - 1 445 that's spock.acmeinfo.com
207.112.65.238 1 - 135
207.102.33.108 1 - 139
207.179.101.131 1 - 139
207.254.248.226 1 - 445
...makes me feel as if I've become some kind of threat to national security or something...
A few more to catch up before I reboot:
207.102.38.108 - 3 139s ...looks like this one could be ongoing
207.194.165.12 - 1 445
207.102.37.209 1- 139
...we'll see what happens after I reboot - If I get a 209 address next time, it'll be alot of activity from 209s and I won't see any action from the 207s at all. One of the 209s that's been knocking on a regular basis for some time now:
Name: amsterdam.servint.com
Address: 209.50.251.145
207.102.38.108 - 3 139s ...looks like this one could be ongoing
207.194.165.12 - 1 445
207.102.37.209 1- 139
...we'll see what happens after I reboot - If I get a 209 address next time, it'll be alot of activity from 209s and I won't see any action from the 207s at all. One of the 209s that's been knocking on a regular basis for some time now:
Name: amsterdam.servint.com
Address: 209.50.251.145
QUOTE (Grunt @ Oct 21 2006, 05:13 PM) 
A few more to catch up before I reboot:
207.102.38.108 - 3 139s ...looks like this one could be ongoing
207.194.165.12 - 1 445
207.102.37.209 1- 139
...we'll see what happens after I reboot - If I get a 209 address next time, it'll be alot of activity from 209s and I won't see any action from the 207s at all. One of the 209s that's been knocking on a regular basis for some time now:
Name: amsterdam.servint.com
Address: 209.50.251.145
207.102.38.108 - 3 139s ...looks like this one could be ongoing
207.194.165.12 - 1 445
207.102.37.209 1- 139
...we'll see what happens after I reboot - If I get a 209 address next time, it'll be alot of activity from 209s and I won't see any action from the 207s at all. One of the 209s that's been knocking on a regular basis for some time now:
Name: amsterdam.servint.com
Address: 209.50.251.145
---trouble trying to post for the last 60 hours!---
Well I ended up with a 207 address again... at least this dial up connection is very stable and almost never disconnects by itself. I'll update with Pacific Standard Times from when I came online. I wish Zone Alarm had logs that I could copy and paste but they don't so I gotta do i the hard way.
Now I'm on 207.102.127.139.
17:22 207.102.64.87 - 445 - group23.vcn.bc.ca
17:25 again - 445
18:54 207.255.122.234 - 135 - 207-255-122-234-dhcp.unt.pa.atlanticbb.net
20:48 207.102.38.131 - 139 - host131.vcc.victoria.bc.ca
and again 8 seconds later
21:58 207.111.98.4 - 445 - ccmail.directpro.com
22:16 207.79.8.49 - 445 - www.meorc.com
22:32 207.88.124.70 - 135 - 207.88.124.70.ptr.us.xo.net
It's been fairly quiet tonight. I'll update when I wake up in the morning.
Here are ones from last night or actually from midnight today until I woke up and rebooted, when I was 207.102.127.42:
00:17 207.42.22.137 - 135
00:18 207.102.64.131 - 139 - dialup3.vcn.bc.ca
00:22 207.102.11.224 - 135
00:34 207.102.37.137 - 139
00:59 207.102.64.131 - 139
1:11 again - 135,445,445,139
1:35 207.102.37.137 - 139
1:47 207.195.199.3 - 139 - spock.acmeinfo.com
1:48 207.102.37.137 - 139
2:25 207.76.160.30 - 445
2:35 207.102.37.117 - 139
2:37 again - 139
2:43 207.102.11.224 - 135
2:51 again - 139
3:38 207.102.64.72 - 135 - group8.vcn.bc.ca
3:41 again - 445
3:54 207.102.11.224 - 445
3:55 207.102.64.72 - 135
4:12 again - 135,139
4:28 207.102.11.224 - 135
4:41 207.248.51.131 - 139
5:21 207.102.11.224 - 445
5:59 again - 135
6:21 again - 135
6:22 207.54.97.12 - 139 - static-207-54-97-12.ptr.terago.ca
6:28 207.102.11.224 - 445
6:35 207.112.67.1 - 139 - dsl-207-112-67-1.tor.primus.ca
6:43 207.172.212.231 - 445 - 207-172-212-231.c3-0.wak-ubr2.sbo-wak.ma.static.cable.rcn.com
7:04 207.199.193.5 - 445 - batv-01-005.dsl.netins.net
7:15 207.102.11.224 - 445
7:54 again - 445
8:06 207.5.193.164 - 135 - 193.164.suscom-maine.net
8:57 207.102.11.224 - 445
8:59 207.102.38.105 - 139 - host105.vcc.victoria.bc.ca
9:12 again - 139
9:18 207.102.11.224 - 135,445
9:25 207.102.38.105 - 139
9:26 207.255.123.114 - 139 - 207-255-123-114-dhcp.unt.pa.atlanticbb.net
9:33 207.102.11.224 - 445
are you using p2p progs etc? i don't know specifically what's up in your situation but it could be your isp snooping or if you're on p2p legit fellow customers/ p2p users searching files or them messing with you looking for open ports
i would recommend backing up your system, doing full updated scans (check moore's guides for online scans) dumping zonealarm and trying another firewall to see what's different- i'm no security expert but i know firewalls can make a man mad lol
someone here may know dial up activity as it pertains to an isp which may help
i would recommend backing up your system, doing full updated scans (check moore's guides for online scans) dumping zonealarm and trying another firewall to see what's different- i'm no security expert but i know firewalls can make a man mad lol
someone here may know dial up activity as it pertains to an isp which may help
QUOTE (dingdongding @ Oct 24 2006, 10:11 AM)
are you using p2p progs etc? i don't know specifically what's up in your situation but it could be your isp snooping or if you're on p2p legit fellow customers/ p2p users searching files or them messing with you looking for open ports
i would recommend backing up your system, doing full updated scans (check moore's guides for online scans) dumping zonealarm and trying another firewall to see what's different- i'm no security expert but i know firewalls can make a man mad lol
someone here may know dial up activity as it pertains to an isp which may help
i would recommend backing up your system, doing full updated scans (check moore's guides for online scans) dumping zonealarm and trying another firewall to see what's different- i'm no security expert but i know firewalls can make a man mad lol
someone here may know dial up activity as it pertains to an isp which may help
Yes, I have used uTorrent before. I guess I'm on a doodoo list now. I guess I shouldn't worry because it looks like they haven't gotten through. My ISP can send me mail anytime they like. Instead it's port 135, port 139, and port 445 (sometimes ICMP type 8/0) - they check all 3 on a regular basis now.
Either way, I have no important files on this machine that I'd lose any sleep over them getting lost. It just seems so dirty and underhanded that they don't knock on the front door but keep trying to break in the back door. I guess the gloves have indeed come off now. I just wonder how much longer I can continue to trust Norton Antivirus to keep ALL worms out.
Well I must say that activity has certainly quieted down lately, especially since I started this whole thread. At the moment I'm recieving very little of that activitly if at all. I have been keeping a file though since my last post of 207 and 209 addresses participating in this activity. I'll post them here for you all now:
java script:emoticon(':acting:', 'smid_8')
207.5.152.253
207.5.153.109
207.5.193.164
207.54.97.12
207.68.231.94
207.68.242.120
207.68.248.68
207.68.252.37
207.88.124.70
207.96.50.30
207.102.11.229
207.102.33.9
207.102.33.176
207.102.33.182
207.102.33.206
207.102.33.207
207.102.37.10
207.102.37.13
207.102.37.30
207.102.37.39
207.102.37.40
207.102.37.136
207.102.37.214
207.102.37.223
207.102.38.73
207.102.38.163
207.102.64.68
207.102.64.74
207.102.64.88
207.102.64.98
207.102.64.109
207.102.64.204
207.103.12.138
207.105.201.42
207.111.98.4
207.111.98.5
207.114.172.45
207.138.138.163
207.144.85.23
207.144.118.116
207.152.69.236
207.152.70.36
207.155.59.152
207.156.144.100
207.156.196.144
207.171.196.165
207.179.72.14
207.190.206.43
207.194.21.7
207.207.73.223
207.218.44.44
207.234.209.149
207.236.47.232
207.254.234.234
207.255.123.49
207.255.123.52
207.255.242.71
209.0.136.70
209.11.236.50
209.12.111.124
209.16.149.5
209.21.89.115
209.26.19.68
209.31.92.12
209.33.5.49
209.33.91.37
209.39.253.9
209.40.78.29
209.42.35.170
209.44.150.101
209.45.202.3
209.50.180.153
209.50.251.145
209.52.116.62
209.52.121.114
209.52.121.158
209.52.173.203
209.52.173.205
209.52.173.219
209.52.173.221
209.52.173.238
209.52.173.244
209.52.193.140
209.52.196.2
209.52.196.12
209.52.196.30
209.52.196.53
209.52.196.56
209.52.198.17
209.52.198.67
209.53.225.51
209.82.0.29
209.91.132.158
209.94.106.18
209.107.147.79
209.107.197.135
209.130.215.100
209.131.243.249
209.133.36.20
209.136.181.229
209.142.182.21
209.161.6.136
209.161.170.109
209.163.161.185
209.176.194.23
209.181.91.242
209.195.82.208
209.204.110.116
209.213.229.24
209.214.45.21
209.214.105.39
209.214.107.9
209.215.160.149
209.217.103.214
209.222.19.2
Cheers :-)
java script:emoticon(':acting:', 'smid_8')
207.5.152.253
207.5.153.109
207.5.193.164
207.54.97.12
207.68.231.94
207.68.242.120
207.68.248.68
207.68.252.37
207.88.124.70
207.96.50.30
207.102.11.229
207.102.33.9
207.102.33.176
207.102.33.182
207.102.33.206
207.102.33.207
207.102.37.10
207.102.37.13
207.102.37.30
207.102.37.39
207.102.37.40
207.102.37.136
207.102.37.214
207.102.37.223
207.102.38.73
207.102.38.163
207.102.64.68
207.102.64.74
207.102.64.88
207.102.64.98
207.102.64.109
207.102.64.204
207.103.12.138
207.105.201.42
207.111.98.4
207.111.98.5
207.114.172.45
207.138.138.163
207.144.85.23
207.144.118.116
207.152.69.236
207.152.70.36
207.155.59.152
207.156.144.100
207.156.196.144
207.171.196.165
207.179.72.14
207.190.206.43
207.194.21.7
207.207.73.223
207.218.44.44
207.234.209.149
207.236.47.232
207.254.234.234
207.255.123.49
207.255.123.52
207.255.242.71
209.0.136.70
209.11.236.50
209.12.111.124
209.16.149.5
209.21.89.115
209.26.19.68
209.31.92.12
209.33.5.49
209.33.91.37
209.39.253.9
209.40.78.29
209.42.35.170
209.44.150.101
209.45.202.3
209.50.180.153
209.50.251.145
209.52.116.62
209.52.121.114
209.52.121.158
209.52.173.203
209.52.173.205
209.52.173.219
209.52.173.221
209.52.173.238
209.52.173.244
209.52.193.140
209.52.196.2
209.52.196.12
209.52.196.30
209.52.196.53
209.52.196.56
209.52.198.17
209.52.198.67
209.53.225.51
209.82.0.29
209.91.132.158
209.94.106.18
209.107.147.79
209.107.197.135
209.130.215.100
209.131.243.249
209.133.36.20
209.136.181.229
209.142.182.21
209.161.6.136
209.161.170.109
209.163.161.185
209.176.194.23
209.181.91.242
209.195.82.208
209.204.110.116
209.213.229.24
209.214.45.21
209.214.105.39
209.214.107.9
209.215.160.149
209.217.103.214
209.222.19.2
Cheers :-)
Well I must say there was a short flurry of activity after my last post. I'm glad to see someone reads these forums java script:emoticon(':lol:', 'smid_13')
After the flurry it quieted down again but then a new range (local to me) started up:
209.52.235.26
209.52.235.94
209.52.235.96
Tracing route to 209.52.235.94 over a maximum of 30 hops
1 140 ms 143 ms 151 ms clwkbc01-tnet02.tnet.telus.net [209.52.192.252]
2 158 ms 143 ms 151 ms 209.52.192.249
3 141 ms 142 ms 150 ms VANCBC01DR04.bb.telus.com [154.11.10.85]
4 1846 ms 159 ms 143 ms vancbc01dr01.bb.telus.com [154.11.109.1]
5 153 ms 150 ms 159 ms Uniserve.vancbc01dr01.bb.telus.com [208.181.250.
229]
6 131 ms 151 ms 151 ms core2.edge8.vwc.uniserve.ca [216.113.192.197]
7 140 ms 151 ms 151 ms bc-reg-gw1.bctel.net [207.194.239.190]
8 138 ms 150 ms 143 ms 208.181.250.37
9 172 ms 135 ms 163 ms 209.52.235.2
10 * * * Request timed out.
11 ^C
After the flurry it quieted down again but then a new range (local to me) started up:
209.52.235.26
209.52.235.94
209.52.235.96
Tracing route to 209.52.235.94 over a maximum of 30 hops
1 140 ms 143 ms 151 ms clwkbc01-tnet02.tnet.telus.net [209.52.192.252]
2 158 ms 143 ms 151 ms 209.52.192.249
3 141 ms 142 ms 150 ms VANCBC01DR04.bb.telus.com [154.11.10.85]
4 1846 ms 159 ms 143 ms vancbc01dr01.bb.telus.com [154.11.109.1]
5 153 ms 150 ms 159 ms Uniserve.vancbc01dr01.bb.telus.com [208.181.250.
229]
6 131 ms 151 ms 151 ms core2.edge8.vwc.uniserve.ca [216.113.192.197]
7 140 ms 151 ms 151 ms bc-reg-gw1.bctel.net [207.194.239.190]
8 138 ms 150 ms 143 ms 208.181.250.37
9 172 ms 135 ms 163 ms 209.52.235.2
10 * * * Request timed out.
11 ^C
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.