OT - Firewall explanations needed, identifying those long numbers |
|
Porsche, and the Porsche crest are registered trademarks of Dr. Ing. h.c. F. Porsche AG.
This site is not affiliated with Porsche in any way. Its only purpose is to provide an online forum for car enthusiasts. All other trademarks are property of their respective owners. |
|
OT - Firewall explanations needed, identifying those long numbers |
cooltimes |
Aug 18 2004, 09:32 AM
Post
#1
|
Advanced Member Group: Members Posts: 2,508 Joined: 18-May 04 Member No.: 2,081 Region Association: None |
Non 914:
Can anyone tell me in dummy language ( simple and understandable) what this below means. (IMG:style_emoticons/default/type.gif) Blocked incoming TCP Blocked outgoing TCP McAfee Firewall blocked an incoming TCP packet. The remote address associated with the traffic was 211.232.56.200 (port 3148). The template rule in effect for this traffic was "Unknown traffic" I am especially interested in how to look up numbers such as the 211.232.56.200 (port 3148) and identify where they originate. The number shown is just an example of many other numbers the firewall reports. My firewall shows this often as well as SYN attack blocked. Thanks. Cooley |
Part Pricer |
Aug 18 2004, 10:09 AM
Post
#2
|
Believe everything I post Group: Benefactors Posts: 1,825 Joined: 28-December 02 From: Danbury, CT Member No.: 35 |
You got probed. (IMG:style_emoticons/default/bootyshake.gif)
Here's the info: 211.232.56.200 = [ 211-232-56-200.intertns.com ] (www.nic.or.kr) Whois query: 211.232.56.200 ENGLISH KRNIC is not a ISP but a National Internet Registry similar to APNIC. The IPv4 address is allocated and still held by the following ISP or its Whois information is not updated after assigned to end-users. Please see the following ISP contacts for further information or network abuse. [ ISP Organization Information ] Org Name : INTERTNS Service Name : JLAN Org Address : 281-3 Hyoja1-Dong Wansan-Ku Chonju city [ ISP IP Admin Contact Information ] Name : Hyun-sung Lee Phone : 82-63-224-6774 Fax : 82-63-227-1126 E-Mail : adasu@intertns.com [ ISP IP Tech Contact Information ] Name : Geun-Soo Kim Phone : 82-63-224-6774 Fax : 82-63-227-1126 E-mail : ip@intertns.com [ ISP Network Abuse Contact Information ] Name : Geun-Soo Kim Phone : 82-63-224-6774 Fax : 82-63-227-1126 E-mail : help@intertns.com KOREAN IPv4 ISP (End-User) IPv4 KRNIC ISP IPv4 ISP [ ISP IPv4 ] : : : 281-3 () [ ISP IPv4 ] : : 82-63-224-6774 : 82-63-227-1126 : adasu@intertns.com [ ISP IPv4 ] : : 82-63-224-6774 : 82-63-227-1126 : ip@intertns.com [ ISP Network Abuse ] : : 82-63-224-6774 : 82-63-227-1126 : help@intertns.com - KRNIC Whois Service - You can go to samspade.org for online tools to lookup IP addresses. |
cooltimes |
Aug 18 2004, 10:39 AM
Post
#3
|
Advanced Member Group: Members Posts: 2,508 Joined: 18-May 04 Member No.: 2,081 Region Association: None |
Thanks. The explanation was superb. Simple is easy to understand. I copied and pasted your reply as a permanent file in my VIP files.
Advice: Lots of old farts like me should do the same. Why do they want to probe a persons computer? What do they hope to find? Any idea? I don't do porn since I live in the real world of man/woman relations, not perverted in any sense but lots of time using a search engine will always muster up one of those slim sites that won't let you back out or close the link. |
Part Pricer |
Aug 18 2004, 10:49 AM
Post
#4
|
Believe everything I post Group: Benefactors Posts: 1,825 Joined: 28-December 02 From: Danbury, CT Member No.: 35 |
QUOTE(cooltimes @ Aug 18 2004, 11:39 AM) Why do they want to probe a persons computer? What do they hope to find? Any idea? You get probed because they are looking for vulnerabilities. They are looking for openings that may let them take over control of your computer. I live in this online underworld everyday and you might be suprised how rampant this is. I was reading a report this morning that estimates that there are over 3 million PC in the U.S. That are under someone else's control. They want to place a bot on your machine and turn it into a zombie. Usulally, these PCs can be set into action via a simple IRC command. The most common use of this is to launch distributed Denial of Service attacks. |
davep |
Aug 18 2004, 10:54 AM
Post
#5
|
914 Historian Group: Benefactors Posts: 5,154 Joined: 13-October 03 From: Burford, ON, N0E 1A0 Member No.: 1,244 Region Association: Canada |
As to why you were probed, I would say that the attacker probes random or sequential addresses looking for vulnerable computers. If the computer is vulnerable, then a program is installed allowing the attacker to use your computer as he would use his own. Why? To host or store porn or possibly to be used to attack other computers.
Without a firewall your computer is a sitting duck. With Windows 2000 on up you can be attacked and compromised just by logging onto the internet. If you have just added a firewall, then update you virus definitions and do a full scan. Then use AdAware and Spybot S&D to scan for other infections. Sometimes your only course of action is to wipe and reinstall. But be sure to install the firewall before you connect to the internet the first time. DaveP |
cooltimes |
Aug 18 2004, 03:29 PM
Post
#6
|
Advanced Member Group: Members Posts: 2,508 Joined: 18-May 04 Member No.: 2,081 Region Association: None |
Found this address for the free, but several years old, Sam Spade software that will find those IP long numbers sleazebags probing our computers. Use gently as some of those returned probing efforts by you of those IP numbers are often offended and may add you to a blacklist.
http://samspade.org/ssw/download.html I am beginning to think that computers are not just passing time instruments, game and email toys anymore. |
davep |
Aug 18 2004, 03:58 PM
Post
#7
|
914 Historian Group: Benefactors Posts: 5,154 Joined: 13-October 03 From: Burford, ON, N0E 1A0 Member No.: 1,244 Region Association: Canada |
QUOTE(cooltimes @ Aug 18 2004, 01:29 PM) I am beginning to think that computers are not just passing time instruments, game and email toys anymore. No, they are tools to be supplied by the unwary to the unscrupulous to be used to inflict misery on the masses. JMHO (IMG:style_emoticons/default/mad.gif) |
cooltimes |
Aug 18 2004, 05:11 PM
Post
#8
|
Advanced Member Group: Members Posts: 2,508 Joined: 18-May 04 Member No.: 2,081 Region Association: None |
Truer than it sounds.
Musing since the thread subject is not 914 and winding down: This BBS, Forum or whatever anyone wants to call it has a place for everybody and the subjects we can come up with. Nice. Thanks 914World.com, Brad and all the helping adminstrators that make it so. Use to be.. there was shooters that just waited in 914 cyberspace to shoot at written email if we didn't aim our fingers to the right keys on our keyboard and talked off subject. I am not referring to the list master on Rennlist. He ran a good track as far as I am concerned. Besides that, he's my friend. Only to those who tried to police the messages. Here, if you got something to say you say it and screw the shooters. Thanks for the help to my query. I appreciate the knowledge you furnished. |
Lo-Fi Version | Time is now: 10th June 2024 - 03:13 AM |
All rights reserved 914World.com © since 2002 |
914World.com is the fastest growing online 914 community! We have it all, classifieds, events, forums, vendors, parts, autocross, racing, technical articles, events calendar, newsletter, restoration, gallery, archives, history and more for your Porsche 914 ... |