Re: A flurry of port scans
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: A flurry of port scans

From: Duane Arnold <notme@notme.com>
Date: Mon Jul 25 2005 - 18:55:27 CEST



"Anne" <anne_simpson1@hmail.com> wrote in


news:1122301183.7695.0@nnrp-t71-03.news.uk.clara.net: 



> 


> "Duane Arnold" <Notme@notme.com> wrote in message 


> news:m76Fe.179048$x96.21572@attbi_s72...


>> Anne wrote:


>>


>>>


>>> "Duane Arnold" <Notme@notme.com> wrote in message


>>> news:Kg5Fe.178746$x96.53437@attbi_s72...


>>>> Anne wrote:


>>>


>>>>> For the past three days I've had a flurry of alerts from


>>>>> Zonealarm, registering high rating activity - all blocked OK, but


>>>>> logged. 


>>>>


>>


>> What's the name of the router?


>>


>> 82.4.93.xxx is doesn't seem to be a LAN IP so what is it the IP


>> issued by the ISP the public IP?


>>


>> Duane :)


>>


>>


> I'm getting increasingly confused/worried here.


> Casting my mind back, I think I know when things started to go wrong,


> if not why.    I have another machine connected to the router, though


> it's rarely switched on.    The last time I used it (about a week ago)


> ZA produced a pop-up 'new network detected'.    I clicked OK, named


> it, and thought no more about it.


> 


> Now, looking at the ZA firewall tab, I see my home network, within the


> 192 range, and this new network, 82.4.93.x/255.255.255.0, which


> belongs to my ISP.


> 


> I now find I can't connect to the router's online configuration


> utility as the PC's IP address is now reported as 82.4.93.x, rather


> than the 192.... 


> 


> Am I somehow bypassing the router?



The machine seems to not have a private LAN IP that belongs to the 


router. Therefore, the machine will not be able to access the router's 


Admin screens.



> 


> I wonder if it's worth trying an XP system restore in the hope that it


> includes network details... 



Secondly, I don't know how you did it but apparently, the machine is not 


connected to the router or is not getting a LAN IP from the router and is 


not being protected by the router.



I cannot say that some restore is going to fix the problem either. You 


need to figure out what IP the machine is using for sure and you can do 


that by entering IPconfig /all at the DOS Command Prompt.



Duane :)


Received on Thu Sep 29 19:59:28 2005