PDA

View Full Version : Japenese hosting company trying to access my computer



25-09-2001, 11:04 AM
Hi I have installed Zone Alarm and am indeed alarmed to find all these computers trying to access my ports. I used internic to look up one of the addresses - a Japenese web hosting company. Why would they want to try to access my machine?
Some of the IP addresses were not available on internic so I do not know or understand why they would want to try & get into my very boring PC

25-09-2001, 12:14 PM
could you please post a sample of your zonealarm log.
its found in windows/internet logs

25-09-2001, 01:19 PM
When I used Zfree I was getting port scanned constantly.

The japanese company is probably an ISP.

Its probably just script kiddies looking for open ports, or installed trojans to take advantage of.

But post your log anyway.

25-09-2001, 02:16 PM
I bet it's asia online.

25-09-2001, 08:07 PM
Not sure how to post the log - so have pasted it all below (sorry if it takes up too much space):

The web hosting company that one of the IP addresses pointed to (according to Internic) was http://www.anm-1.com/

Maybe some of these are from another PC connected to mine. I can't find the IP address of that amchine because the Network setting automatically allocate the addresses.

ZoneAlarm Logging Client v2.6.88
Windows 95-4.0.1111- B-SP
type,date,time,source,destination,transport
LOCK,2001/08/08,12:10:37 +12:00 GMT,Internet Explorer,127.0.0.1,N/A
FWIN,2001/08/08,12:11:20 +12:00 GMT,0.0.0.0:68,255.255.255.255:67,UDP
PE,2001/08/08,12:11:38 +12:00 GMT,Internet Explorer,203.109.252.42:53,N/A
PE,2001/08/08,12:13:13 +12:00 GMT,Microsoft Outlook,203.109.252.42:53,N/A
FWIN,2001/08/08,12:14:52 +12:00 GMT,203.173.225.244:2636,203.173.203.107:80,TCP (flags:S)
FWIN,2001/08/08,12:14:57 +12:00 GMT,203.229.179.213:2441,203.173.203.107:80,TCP (flags:S)
FWIN,2001/08/08,12:21:30 +12:00 GMT,203.236.238.135:1591,203.173.203.107:80,TCP (flags:S)
PE,2001/08/09,12:58:09 +12:00 GMT,Microsoft Word for Windows,127.0.0.1:1433,N/A
PE,2001/08/09,13:52:59 +12:00 GMT,Copernic Application File,203.109.252.42:53,N/A
PE,2001/08/09,14:05:35 +12:00 GMT,Microsoft FrontPage application file,203.109.252.42:53,N/A
PE,2001/08/09,14:05:41 +12:00 GMT,Microsoft FrontPage application file,0.0.0.0:0,N/A
PE,2001/08/09,14:52:45 +12:00 GMT,Outlook Express,203.109.252.42:53,N/A
PE,2001/08/11,11:41:13 +12:00 GMT,Microsoft FrontPage application file,203.173.202.29:1231,N/A
PE,2001/08/11,12:02:21 +12:00 GMT,Outlook Express,203.109.252.42:53,N/A
PE,2001/08/12,13:40:05 +12:00 GMT,RealPlayer,127.0.0.1:1048,N/A
PE,2001/08/14,18:49:51 +12:00 GMT,Windows Media Player,203.109.252.42:53,N/A
PE,2001/08/14,18:50:03 +12:00 GMT,Windows Media Player,203.109.252.42:53,N/A
PE,2001/08/14,18:52:00 +12:00 GMT,Windows Media Player,203.109.252.42:53,N/A
PE,2001/08/14,18:53:05 +12:00 GMT,Windows Media Player,203.109.252.42:53,N/A
PE,2001/08/14,18:54:57 +12:00 GMT,Windows Media Player,203.109.252.42:53,N/A
PE,2001/08/14,18:56:13 +12:00 GMT,Windows Media Player,203.109.252.42:53,N/A
PE,2001/08/15,16:17:17 +12:00 GMT,AutoDownload,203.109.252.42:53,N/A
FWIN,2001/09/14,21:56:07 +12:00 GMT,0.0.0.0:68,255.255.255.255:67,UDP
PE,2001/09/24,12:54:50 +12:00 GMT,Microsoft Outlook,203.109.252.66:110,N/A
PE,2001/09/24,12:55:09 +12:00 GMT,Microsoft Outlook,208.56.155.113:110,N/A
PE,2001/09/24,12:58:39 +12:00 GMT,Internet Explorer,203.109.252.42:53,N/A
FWIN,2001/09/24,14:55:57 +12:00 GMT,210.236.163.223:2013,203.173.203.14:53,TCP (flags:S)
PE,2001/09/24,14:57:08 +12:00 GMT,Internet Explorer,203.109.252.42:53,N/A
FWIN,2001/09/24,15:08:12 +12:00 GMT,203.239.58.68:2593,203.173.203.14:80,TCP (flags:S)
FWIN,2001/09/24,15:14:05 +12:00 GMT,203.228.164.130:1118,203.173.203.14:80,TCP (flags:S)
FWIN,2001/09/24,15:17:32 +12:00 GMT,203.252.173.16:4209,203.173.203.14:80,TCP (flags:S)
FWIN,2001/09/24,15:32:30 +12:00 GMT,203.224.8.149:1708,203.173.203.14:80,TCP (flags:S)
FWIN,2001/09/24,15:47:09 +12:00 GMT,203.70.114.115:4150,203.173.203.14:80,TCP (flags:S)
FWIN,2001/09/24,15:54:37 +12:00 GMT,203.70.114.115:4621,203.173.203.14:80,TCP (flags:S)
FWIN,2001/09/24,17:52:09 +12:00 GMT,203.155.241.31:1556,203.173.202.8:80,TCP (flags:S)
FWIN,2001/09/24,17:56:48 +12:00 GMT,203.151.157.50:1840,203.173.202.8:80,TCP (flags:S)
FWIN,2001/09/25,09:34:08 +12:00 GMT,203.232.170.196:1302,203.173.203.108:80,TCP (flags:S)
FWIN,2001/09/25,09:47:11 +12:00 GMT,203.239.41.43:1543,203.173.203.108:80,TCP (flags:S)
FWIN,2001/09/25,10:52:34 +12:00 GMT,202.84.249.129:0,203.173.202.82:0,ICMP (type:3/subtype:1)
FWIN,2001/09/25,11:12:04 +12:00 GMT,203.244.24.112:1164,203.173.202.82:80,TCP (flags:S)
Sally

26-09-2001, 07:35 AM
If you are getting a heap of http port probes these could be machines that have been infected with Code Red and they are now pinging out looking for other Win2000/ILS machines. Anonying it is is but at least you know your firewall is working.

27-09-2001, 08:49 AM
To satisfy my curiosity, can someone please explain what would happen if Sally didn't have her firewall running when her computer was being pinged?