I'm using PG2, and Transmission.

On PG2 Log i can see that the same ip whant's to connect through many different ports to transmission used port.

Can some one tell what is this? What kind of attack?

I'm seeding only to 1 ip (which i do know)... and there is no more peers.

Wed Mar 26 2008 15:25:42.225 CET -Blck- 83.15.141.218:1595 -> local:43586 tcp4 'Transmission (1728)' (TPNET:Level 3)
Wed Mar 26 2008 15:25:45.252 CET -Blck- 83.15.141.218:1595 -> local:43586 tcp4 'Transmission (1728)' (TPNET:Level 3)
Wed Mar 26 2008 15:26:46.679 CET -Blck- 83.15.141.218:1675 -> local:43586 tcp4 'Transmission (1728)' (TPNET:Level 3)
Wed Mar 26 2008 15:26:49.619 CET -Blck- 83.15.141.218:1675 -> local:43586 tcp4 'Transmission (1728)' (TPNET:Level 3)

Wed Mar 26 2008 15:46:57.153 CET -Blck- 83.15.141.218:3197 -> local:43586 tcp4 'Transmission (1728)' (TPNET:Level 3)
Wed Mar 26 2008 15:47:00.191 CET -Blck- 83.15.141.218:3197 -> local:43586 tcp4 'Transmission (1728)' (TPNET:Level 3)

Wed Mar 26 2008 15:49:12.943 CET -Blck- 83.15.141.218:3350 -> local:43586 tcp4 'Transmission (1728)' (TPNET:Level 3)

Wed Mar 26 2008 15:54:48.811 CET -Blck- 83.15.141.218:3764 -> local:43586 tcp4 'Transmission (1728)' (TPNET:Level 3)
Wed Mar 26 2008 15:55:50.197 CET -Blck- 83.15.141.218:3830 -> local:43586 tcp4 'Transmission (1728)' (TPNET:Level 3)
Wed Mar 26 2008 16:05:03.958 CET -Blck- 83.15.141.218:4551 -> local:43586 tcp4 'Transmission (1728)' (TPNET:Level 3)
Wed Mar 26 2008 16:05:06.904 CET -Blck- 83.15.141.218:4551 -> local:43586 tcp4 'Transmission (1728)' (TPNET:Level 3)
Wed Mar 26 2008 16:06:45.83 CET -Blck- 83.15.141.218:4703 -> local:43586 tcp4 'Transmission (1728)' (TPNET:Level 3)


Than number of ports go down and rise again

Wed Mar 26 2008 16:19:44.388 CET -Blck- 83.15.141.218:1702 -> local:43586 tcp4 'Transmission (1728)' (TPNET:Level 3)
Wed Mar 26 2008 16:19:47.329 CET -Blck- 83.15.141.218:1702 -> local:43586 tcp4 'Transmission (1728)' (TPNET:Level 3)
Wed Mar 26 2008 16:22:12.241 CET -Blck- 83.15.141.218:1883 -> local:43586 tcp4 'Transmission (1728)' (TPNET:Level 3)
Wed Mar 26 2008 16:22:15.222 CET -Blck- 83.15.141.218:1883 -> local:43586 tcp4 'Transmission (1728)' (TPNET:Level 3)

This is normal when somebody is trying to connect to you. When you try to
connect to somebody else and fail, your outgoing ports would look like that
too. Even your web browser uses steadily climbing ports on the outgoing
connections as you browse the web.

That IP address looks pretty innocent too. It's just a DSL customer in Poland.

Thank you very much.

As you know, i'm new in this. So again thank you very much.

If you do know links with examples of attack... how they show them selfs in PG2 log i would be very grateful.

The ports used in temporary outgoing connections like you saw above are usually between 1024 and
5000. Anything above that is usually private ports of various programs like your P2P and other safe
stuff like that. If you see something coming in to a high port you don't know about and the
connection isn't failing, then you might have a trojan horse in your own system.

Most hacking attempts will be toward your low-numbered ports. For example, 135, 137, 138, 139 and
445 are the ports used by all computers to share files, folders, printers and such over a local area
network. Sometimes, if those ports are left open to the internet, people from just about anywhere
can browse your hard disk and do all kinds of mischief. If you see something coming in to one of your
low ports, which are the numbers 1-1023, then that IP address might be worth reporting here.