How insecure am I

- P
- pakku
  
  Contact options for registered users
posted
19 years ago

Sun, Apr 24, 2005 8:59 PM

Hi, I am configured as follows. I have a router on which I have portforwarded port 80 (on which I run Apache) and 6881 for Bit Torrent. I just today turned on logging on my windows firewall. Firewall itself was activated all along. I also have GriSoft AVG antivirus as well as Spy Guard. After about 3 hours I noticed the following entries

74 connections to port80 which included http, www, www-http, 711 trojan, AckCmd, BlueFire etc 36 connections to port110 which were pop3, ADM Worm 33 connections to port 139 which were netbios-ssn, nbsession, Chode, Fire Hacker, Msinit etc 28 connections to port 53 which were domain, ADM Worm, li0n, MscanWOrm, MuSka52 A bunch of connections to ports 6881, 2541, 2614,, 2615 with no entries A couple of connections to port 137 which were netbios-ns, nbname, Chode, Nimda 2 connections to Port 2589 which were Trojan Dagger

I would greatly appreciate it if someone could shed light on what is going on? I thought that the only ports I had exposed were the ones I portforwarded in my router.

Regards

- M
- MooNPuP
  
  Contact options for registered users
Vote on answer
posted
19 years ago

Mon, Apr 25, 2005 12:56 AM

show us some actual log files from the router and maybe you'll get more responses...

- P
- pakku
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Tue, Apr 26, 2005 6:22 PM

Thanks MooNPuP. In the process of making a cut and paste of my log files i realised that I was unnecessarily worried. The software I was using to format the log file information was indicating the likely attacks on each port. It wasn't saying that so many attacks had happened! The name of this software is FireLogXP.

When I looked at the log file as raw and looked at the source IP for each entry it was possible for me to understand that they all were from known sources.

Regards