bigjimmy3
join:2003-02-03
| income traffic on port 14527
I have winxp home with ZoneAlarm installed.
Recently, my Zonealarm blocked intrusions (1 every 10min) on port 14527 from various external ip and port address.
does anyone know what software uses port 14527 or what warm/spyware could be the possible cause of this attack? (and solution,if any)
thanks |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
 ·AT&T Midwest
| If you are on a dynamic IP and your public IP is newly assigned to you, then these could be left-overs from whatever the previous user of that IP was doing. The previous user might have been running P2P applications or network games, and might have left that IP address and port behind in some tables elsewhere on the net.
If that's what it is, then the solution is to just stop worrying about it.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.9 |
|
bigjimmy3
join:2003-02-03 | reply to bigjimmy3
nwrickert,
thanks for your reply.
however, I don't have any dynamic IP set up (at least not to my knowledge),and I too, have P2P app running. would that be a problem?
thanks a lot |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| however, I don't have any dynamic IP set up (at least not to my knowledge), ... I think I need to explain that a little better.
You likely connect to the internet through your ISP (internet service provider). Your ISP provides you with an IP address. For most users, the IP address is obtained using DHCP (dynamic host configuration protocol). The computer asks the ISP to provide an IP address.
With some ISPs, you will get the same IP address every time you boot your computer, at least until the ISP decides to change it. With other ISPs, you are likely to get a different IP address every time you boot the computer. If you use a router, then it every time you boot the router rather than every time you boot the computer.
In my area, cable users mostly keep their IPs for extended periods of time. DSL users and dialup users are likely to see their IP addresses change more frequently. It is this frequent change of IP I was referring to as dynamic.
I'm not sure about your own use of P2P. Depending on how you use it, that may result in other systems trying to access data via your system. When you reboot, your own P2P software might start using different ports, but others on the network could continue trying to connect to the old port. And that would explain your ZA message. (Note: I am not a P2P expert).
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.9 |
|
bigjimmy3
join:2003-02-03
| reply to bigjimmy3
nwrickert,
Thanks for your help.
i figured out what happened.
I have UPNP configured in my router (by my P2P software, Bit Comet) on port 14527.
I assume that the connect is some how initiated by other users trying to connect to my previous connections |
|
NetWatchMan
Premium,VIP
join:2001-03-13
Alpharetta, GA | reply to bigjimmy3
What's the sourceIP? |
|
bigjimmy3
join:2003-02-03 | reply to bigjimmy3
I have about 1000+ attacks, most of them from different IP, and different ports too. |
|
