Being slammed or what?

Saaby

Flashaholic
Joined
Jun 17, 2002
Messages
7,447
Location
Utah
My internet connection seems unusually slow today. My firewall is combating traffic at ports:
TCP 2745
UDP 1026
UDP 1027
etc. etc.

I think some/all of these are the ports for windows pop up messages, what else??
 

kakster

Flashlight Enthusiast
Joined
Feb 6, 2003
Messages
1,903
Location
London, UK
Those windows system message pop ups use port 127 (NetBios). My guess is some script kiddy is scanning a block of IPs for a compromised machine, unless you are getting repeated traffic. They usually only scan once or twice, so if you're getting hit more than that, then someone has got it in for you.
 

x-ray

Flashlight Enthusiast
Joined
Jul 1, 2002
Messages
1,941
Location
London
Port 1026 Used by the Windows Messenger Service (As well as the more well known Port 135, So probably getting hit with Messenger pop-up spam.

Port 1027 Sometimes used for ICQ DDoS attacks.

Port 2745 W32.Beagle.E@mm worm attempts to connect to this port (If infected with W32.Beagle.E@mm this port will be open)
 

Saaby

Flashaholic
Joined
Jun 17, 2002
Messages
7,447
Location
Utah
These ports are being blocked by a hardware firewall. Still lots of traffic to those ports this morning but things seem speedy enough again, so maybe it wasn't that /ubbthreads/images/graemlins/icon3.gif
 
Top