1337 intrusions.

[Hitman]

Howdy.

I used to use AVG as my laptops security, and it came with a firewall, AV, etc. Recently I ditched it for Comodo CIS which is totally free and has pretty much the same things I need, minus the crap I don't need like email monitoring.

Anyway, I noticed I had some incoming connections, and they were from other peoples PC's. Weird. I don't have any trojans/viruses on my laptop because I'm careful with what I download and use, plus I've scanned with Comodo, Spybot S&D and Ad-aware SE. I also did a hijackthis log, and pasted onto a site that analyses it, nothing suspicious. I noticed them after I install some software, but which one I'm unsure... there was ares, a file splitter and a mass file renamer.



Anywho, CIS is now blocking those *******s and everything else I don't want to allow in. But the amount of intrusions is getting annoying.

I just so happened to catch it at 1337 btw, it's a coincidence.



Well, they could be port scanning or just pinging, but I doubt it. It says "Windows Operating System" and "explorer.exe", but from what I've read it's just classing it as the actual machine, not a specific process. There are the IP's and ports. They seem to be ISP IP's for normal web users...

Is there anyway I can reverse the connection and do something (there was something I read about before...), and is there anything I can do to get rid of the buggers?

They're not attacking my router 'cos my dads PC is fine, it received only 2 but I think they were false positives... it's either my machine or the IP they're attacking (the IP is dynamic).

Sinse this post it has gone up to 1384...

Cheers.

[Laggings]

Wow. I've really never seen anything like that.
First off, File splitters and joiners that are free are either hard to find, or they have viruses. I havn't found a free good one yet.

Now on to the 1337ness. They're not ping scans, since there's only 3 ports there that are actually trying to get access to. However, the ip and port of the source attacks are very weird, using high high ports which are really never used. I think you need to keep these blocked for a while. I'm going to google this for a while and write another post, hopfully helping you. Just hang in there.

[Hitman]

Wow. I've really never seen anything like that.
First off, File splitters and joiners that are free are either hard to find, or they have viruses. I havn't found a free good one yet.

Now on to the 1337ness. They're not ping scans, since there's only 3 ports there that are actually trying to get access to. However, the ip and port of the source attacks are very weird, using high high ports which are really never used. I think you need to keep these blocked for a while. I'm going to google this for a while and write another post, hopfully helping you. Just hang in there.

A decent one, which is free, is called File Splitter & Joiner. Splits huge files easily.

Hm yeah they're the sort of ports bittorrents use, which I did download some stuff the other day (rainbow tables).

Cheers mate.

[Laggings]

(Admin, if you even bother, merge this.)

I did some whois's on the ip's, and this is what I found:

88.5.157.0 - Geo Information
-Organization Telefonica de Espana

88.22.190.53 - Geo Information
-Organization Telefonica de Espana

163.117.52.8 - Geo Information
-Organization Universidad Carlos III de Madrid

81.104.170.18 - Geo Information
-Organization Virgin Media

81.202.244.162 - Geo Information
-Organization Cableuropa - ONO

83.58.193.16 - Geo Information
-OrganizationTelefonica de Espana

190.198.32.40 - Geo Information
-Organization CANTV Servicios, Venezuela

And the ports it's trying to gain access to are:

Port 32304 - Not Commonly Used - No Common Name
---
Port Number:1500TCP
Name:vlsi-lm
Port Description: VLSI License Manager
-----------------------------
Port 135 - DCOM Service Control Manager

So now I'm going to ask you, does:
Telefonica de Espana -
Universidad Carlos III de Madrid -
Virgin Media -
Cableuropa - ONO -
CANTV Servicios, Venezuela -

Make any sense? Like maybe you use a couple for phone or isp? I'll await your answer If you could also go to www.whatismyipaddress.com and post or pm your ip address to me, that would help

Also, if you could post the link to where you got the splitter joiner download? Thanks
Also, do you use torrents? Are you a seader?

[Hitman]

Telefonica de Espana - The biggest Spanish ISP, is also my ISP.
Universidad Carlos III de Madrid - No idea, it's a university in Madrid though
Virgin Media - UK...
Cableuropa - ONO - Another Spanish ISP
CANTV Servicios, Venezuela - o.o no idea

Thanks for looking up.

[Laggings]

Make any sense? Like maybe you use a couple for phone or isp? I'll await your answer If you could also go to www.whatismyipaddress.com and post or pm your ip address to me, that would help

Also, if you could post the link to where you got the splitter joiner download? Thanks
Also, do you use torrents? Are you a seader?

Ok so, do you use Virgin Media at all? Or Cableuropa? Or just Telefonica blah blah blah.. Also answer quote above please.

[Hitman]

Nope, just telefonica.

Download to the file splitter: http://www.jaist.ac.jp/~hoangle/filesj/index.html (freeware, it's not paid software so it's all good)

Sometimes I use torrents, I seed for a bit, but I've not used bittorrent for a few days.

It's not that I don't trust you with my IP, there's not much you can do with one really, but I don't see what it'd do to help.

[Laggings]

I wanted to do a full port scan on your ip to see if there were any vulns currently on your system, but I really don't have to

Ok, so, cross out all of the telefonica ones. The two svchost ones are Virgin Media, which means something on your computer is connected with something Virgin Media, and it's trying to access / communicate with it. Not a really big issue.

The rest I really can't tell. I don't say this alot but I don't know what to do with those. They don't seem to be trying to do any harm to your computer at all, since they're all ligit companys. I wouldn't be too worried with them, really.

Im going to download the program right now and virusscan it quickly.

Sorry I couldn't be of more help Hopfully the info I found will help someone to help you.

http://www.virustotal.com/analisis/c...2cb2ecf41380aa Clean.

[Hitman]

I've done port scans, it's all in stealth mode now - everything is blocked off that's coming in unless I've allowed it.

Well, they're not the companies themselves wanting access, it's the users of their services...

Yeah, it's a good program, I was surprised to find it because they're all usually expensive. You were quite helpful, thanks for taking time to post! +rep.

[Laggings]

Yeah, I didn't think of it that way, stupid me Got to host an event, not thinking straight.

Someone could be continually pinging those couple ports, but I don't know why anyone would try such unused ports.

When I used comodo, I noticed a heck of a lot more traffic inbound and outbound aswell. It's a very hard program to configure so you don't get all these warnings.