Guys and ladies, recently I've been logging a lot of "alerts" on my ZoneAlarm (like 45 entries in less an hour).
There're all like "TCP Flag: S" directing against various TCP ports. The thing that cause me some concern is that all these entries are almost all from the same block, the "24.66...,24.63..., and 24.67...".
I have WinMX and Napigator, can this have something to do with these programs? Although one thing to point out is that almost all entries were logged after I disconnected from these program.
Now, should I be freaking out here?? Or is this like a everyday occurance??
Help from our resident computer wizzards are greatly appreciated in advance!
[ August 06, 2001: Message edited by: BlueElectron ]
Posted by Mr. Christopher (Member # 71) on :
That happened to me once. Then I made ZA log intrusion attempts and disabled the warning thingy. ZA won't let anything through. I checked through the log once and found over 200 consecutive attempts from the same block of IP addresses. *shrug*
Posted by BlueElectron (Member # 281) on :
Oh my god, I've logged 230 entries while I was away for work!
It would be a good time for me to freak out now.
Just a week ago, I get like 10 entries max a day!
Posted by My Publically Displayed Name (Member # 256) on :
Don't worry. TCP requests (short for Transmission Control Protocol) aren't harmful in any way. Your firewall intercepts them because they are foreign in origin. The TCP protocol is used for data transmission (hence the name), which is an integral component of computer networking theory. Programs like KaZaa, WinMX, et all cannot function without it. To cut a long story short: a TCP request (in this case, that is) is nothing more than an instruction (sent by another computer) telling your PC to start transferring a file.
Now, the reason why you keep getting these requests even after you've shutdown the program itself is that your PC, to the rest of the "network", appears to still be online. The networks these programs connect to do not dynamically update your PC's status, so any search that is done will continue to turn up a positive match if you were sharing that search-item. Your computer - or rather, its "idle ghost image" - seemingly remains connected: the network still acknowledges your PC presence, even though it isn't really "there" anymore. It takes a while before the networks catch up, especially if there are many users online.
[ August 07, 2001: Message edited by: My Publically Displayed Name ]
Posted by BlueElectron (Member # 281) on :
Thanks for the tip, it was very informative!
Posted by TSN (Member # 31) on :
Either that, or someone's trying to DDoS you, and doing a really really really crappy job of it. *L*
And, before you start worrying, that was a joke. :-)
Posted by Charles Capps (Member # 9) on :
Ignore the flags bit.
It's all in the port they're trying to reach.
Unless you've been living under a rock for the past month, there's a worm going out there that tries to infect Windows NT/2000 machines running IIS.
Connections to port 80 are 99.9% of the time that worm.
The 24.* block belongs to @home and other cable services.
In other words, there are tens of thousands of @home users infected, and they are slowly scanning the net, looking for open boxes...
Posted by PsyLiam (Member # 73) on :
Regarding that code red thingy, or whatever it was called. Did it seem to have the overall effectiveness of trying to stop the Hulk by throwing a paper aeroplane at him? Or, more accuratly, the effectiveness of the amazingly scary millenium bug?
Posted by BlueElectron (Member # 281) on :
Another informative message, thanks Capps!
Regarding the "worm", when will it stop?
[ August 08, 2001: Message edited by: BlueElectron ]