I have too much firewall activity

Ian

Distinguished
Apr 5, 2004
820
0
18,980
Archived from groups: microsoft.public.security.virus,microsoft.public.windowsxp.basics,microsoft.public.windowsxp.general (More info?)

In my firewall logs, I am getting information sent to my computer every 4
secs or so. I am currently using the new XP SP2 firewall but I also got the
similar activity when I used Zonealarm. The IP addresses vary but tend to
start with 81.156, as an example:


2004-08-26 22:08:30 DROP TCP 81.156.185.233 81.156.58.12 4141 445 48 S
3869061011 0 65535 - - - RECEIVE
2004-08-26 22:08:36 DROP TCP 81.156.249.172 81.156.58.12 4195 445 48 S
1738999339 0 65535 - - - RECEIVE
2004-08-26 22:08:36 DROP TCP 81.156.249.172 81.156.58.12 4199 1433 48 S
1739036499 0 65535 - - - RECEIVE
2004-08-26 22:08:39 DROP TCP 81.156.231.115 81.156.58.12 4316 445 48 S
4243233531 0 65535 - - - RECEIVE
2004-08-26 22:08:39 DROP TCP 81.156.249.172 81.156.58.12 4195 445 48 S
1738999339 0 65535 - - - RECEIVE
2004-08-26 22:08:39 DROP TCP 81.156.249.172 81.156.58.12 4199 1433 48 S
1739036499 0 65535 - - - RECEIVE

I have set my firewall settings to allow echo or ping, but as you can see I
still get plenty of activity. I have AVG antivirus up to date and also use
Pandascan antivirus web checker and I run spybot and lavasoft adaware often.
can anyone help?



--




Ian


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.745 / Virus Database: 497 - Release Date: 27/08/2004
 
Archived from groups: microsoft.public.security.virus,microsoft.public.windowsxp.basics,microsoft.public.windowsxp.general (More info?)

ian,

your activity log shows nothing out of the ordinary. port 445 is basically
the port that other computer checks if you are on a network and is done
basically by other computers on the same network that you are. however, as
some firewalls do not have outbound blocking (like windows firewall), there
will be computers which will be probing port 445 of other computers even
when they are not on the same network.

more info on port 445:
http://grc.com/port_445.htm

hope this helps.
--
Regards,
Dennis Lazo

the email address from where this message has been sent from is unmonitored.
your replies may not be received. replies may be sent at
http://dennislazo.com/email/.
information herein is provided as is with no warranties, and confers no
rights.



"Ian" <ipember@removethisfirst.msn.com> wrote in message
news:%23dLdvbRjEHA.2764@TK2MSFTNGP11.phx.gbl...
> In my firewall logs, I am getting information sent to my computer every 4
> secs or so. I am currently using the new XP SP2 firewall but I also got
> the similar activity when I used Zonealarm. The IP addresses vary but
> tend to start with 81.156, as an example:
>
>
> 2004-08-26 22:08:30 DROP TCP 81.156.185.233 81.156.58.12 4141 445 48 S
> 3869061011 0 65535 - - - RECEIVE
> 2004-08-26 22:08:36 DROP TCP 81.156.249.172 81.156.58.12 4195 445 48 S
> 1738999339 0 65535 - - - RECEIVE
> 2004-08-26 22:08:36 DROP TCP 81.156.249.172 81.156.58.12 4199 1433 48 S
> 1739036499 0 65535 - - - RECEIVE
> 2004-08-26 22:08:39 DROP TCP 81.156.231.115 81.156.58.12 4316 445 48 S
> 4243233531 0 65535 - - - RECEIVE
> 2004-08-26 22:08:39 DROP TCP 81.156.249.172 81.156.58.12 4195 445 48 S
> 1738999339 0 65535 - - - RECEIVE
> 2004-08-26 22:08:39 DROP TCP 81.156.249.172 81.156.58.12 4199 1433 48 S
> 1739036499 0 65535 - - - RECEIVE
>
> I have set my firewall settings to allow echo or ping, but as you can see
> I still get plenty of activity. I have AVG antivirus up to date and also
> use Pandascan antivirus web checker and I run spybot and lavasoft adaware
> often. can anyone help?
>
>
>
> --
>
>
>
>
> Ian
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.745 / Virus Database: 497 - Release Date: 27/08/2004
>
 
Archived from groups: microsoft.public.security.virus,microsoft.public.windowsxp.basics,microsoft.public.windowsxp.general (More info?)

Thanks, very helpful. Does this high level of activity slow down my
computer or internet connection though?

Ian

--




"Dennis Lazo" <email@dennislazo.com> wrote in message
news:%23af$xhRjEHA.636@TK2MSFTNGP12.phx.gbl...
> ian,
>
> your activity log shows nothing out of the ordinary. port 445 is
> basically the port that other computer checks if you are on a network and
> is done basically by other computers on the same network that you are.
> however, as some firewalls do not have outbound blocking (like windows
> firewall), there will be computers which will be probing port 445 of other
> computers even when they are not on the same network.
>
> more info on port 445:
> http://grc.com/port_445.htm
>
> hope this helps.
> --
> Regards,
> Dennis Lazo
>
> the email address from where this message has been sent from is
> unmonitored.
> your replies may not be received. replies may be sent at
> http://dennislazo.com/email/.
> information herein is provided as is with no warranties, and confers no
> rights.
>
>
>
> "Ian" <ipember@removethisfirst.msn.com> wrote in message
> news:%23dLdvbRjEHA.2764@TK2MSFTNGP11.phx.gbl...
>> In my firewall logs, I am getting information sent to my computer every 4
>> secs or so. I am currently using the new XP SP2 firewall but I also got
>> the similar activity when I used Zonealarm. The IP addresses vary but
>> tend to start with 81.156, as an example:
>>
>>
>> 2004-08-26 22:08:30 DROP TCP 81.156.185.233 81.156.58.12 4141 445 48 S
>> 3869061011 0 65535 - - - RECEIVE
>> 2004-08-26 22:08:36 DROP TCP 81.156.249.172 81.156.58.12 4195 445 48 S
>> 1738999339 0 65535 - - - RECEIVE
>> 2004-08-26 22:08:36 DROP TCP 81.156.249.172 81.156.58.12 4199 1433 48 S
>> 1739036499 0 65535 - - - RECEIVE
>> 2004-08-26 22:08:39 DROP TCP 81.156.231.115 81.156.58.12 4316 445 48 S
>> 4243233531 0 65535 - - - RECEIVE
>> 2004-08-26 22:08:39 DROP TCP 81.156.249.172 81.156.58.12 4195 445 48 S
>> 1738999339 0 65535 - - - RECEIVE
>> 2004-08-26 22:08:39 DROP TCP 81.156.249.172 81.156.58.12 4199 1433 48 S
>> 1739036499 0 65535 - - - RECEIVE
>>
>> I have set my firewall settings to allow echo or ping, but as you can see
>> I still get plenty of activity. I have AVG antivirus up to date and
>> also use Pandascan antivirus web checker and I run spybot and lavasoft
>> adaware often. can anyone help?
>>
>>
>>
>> --
>>
>>
>>
>>
>> Ian
>>
>>
>> ---
>> Outgoing mail is certified Virus Free.
>> Checked by AVG anti-virus system (http://www.grisoft.com).
>> Version: 6.0.745 / Virus Database: 497 - Release Date: 27/08/2004
>>
>
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.745 / Virus Database: 497 - Release Date: 27/08/2004
 
Archived from groups: microsoft.public.security.virus,microsoft.public.windowsxp.basics,microsoft.public.windowsxp.general (More info?)

just a thought, I have SP2 and was wondering why a fix for this hadn't been
established...

--




"Ian" <ipember@removethisfirst.msn.com> wrote in message
news:%23gErLlRjEHA.3456@TK2MSFTNGP12.phx.gbl...
> Thanks, very helpful. Does this high level of activity slow down my
> computer or internet connection though?
>
> Ian
>
> --
>
>
>
>
> "Dennis Lazo" <email@dennislazo.com> wrote in message
> news:%23af$xhRjEHA.636@TK2MSFTNGP12.phx.gbl...
>> ian,
>>
>> your activity log shows nothing out of the ordinary. port 445 is
>> basically the port that other computer checks if you are on a network and
>> is done basically by other computers on the same network that you are.
>> however, as some firewalls do not have outbound blocking (like windows
>> firewall), there will be computers which will be probing port 445 of
>> other computers even when they are not on the same network.
>>
>> more info on port 445:
>> http://grc.com/port_445.htm
>>
>> hope this helps.
>> --
>> Regards,
>> Dennis Lazo
>>
>> the email address from where this message has been sent from is
>> unmonitored.
>> your replies may not be received. replies may be sent at
>> http://dennislazo.com/email/.
>> information herein is provided as is with no warranties, and confers no
>> rights.
>>
>>
>>
>> "Ian" <ipember@removethisfirst.msn.com> wrote in message
>> news:%23dLdvbRjEHA.2764@TK2MSFTNGP11.phx.gbl...
>>> In my firewall logs, I am getting information sent to my computer every
>>> 4 secs or so. I am currently using the new XP SP2 firewall but I also
>>> got the similar activity when I used Zonealarm. The IP addresses vary
>>> but tend to start with 81.156, as an example:
>>>
>>>
>>> 2004-08-26 22:08:30 DROP TCP 81.156.185.233 81.156.58.12 4141 445 48 S
>>> 3869061011 0 65535 - - - RECEIVE
>>> 2004-08-26 22:08:36 DROP TCP 81.156.249.172 81.156.58.12 4195 445 48 S
>>> 1738999339 0 65535 - - - RECEIVE
>>> 2004-08-26 22:08:36 DROP TCP 81.156.249.172 81.156.58.12 4199 1433 48 S
>>> 1739036499 0 65535 - - - RECEIVE
>>> 2004-08-26 22:08:39 DROP TCP 81.156.231.115 81.156.58.12 4316 445 48 S
>>> 4243233531 0 65535 - - - RECEIVE
>>> 2004-08-26 22:08:39 DROP TCP 81.156.249.172 81.156.58.12 4195 445 48 S
>>> 1738999339 0 65535 - - - RECEIVE
>>> 2004-08-26 22:08:39 DROP TCP 81.156.249.172 81.156.58.12 4199 1433 48 S
>>> 1739036499 0 65535 - - - RECEIVE
>>>
>>> I have set my firewall settings to allow echo or ping, but as you can
>>> see I still get plenty of activity. I have AVG antivirus up to date
>>> and also use Pandascan antivirus web checker and I run spybot and
>>> lavasoft adaware often. can anyone help?
>>>
>>>
>>>
>>> --
>>>
>>>
>>>
>>>
>>> Ian
>>>
>>>
>>> ---
>>> Outgoing mail is certified Virus Free.
>>> Checked by AVG anti-virus system (http://www.grisoft.com).
>>> Version: 6.0.745 / Virus Database: 497 - Release Date: 27/08/2004
>>>
>>
>>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.745 / Virus Database: 497 - Release Date: 27/08/2004
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.745 / Virus Database: 497 - Release Date: 27/08/2004
 
Archived from groups: microsoft.public.security.virus,microsoft.public.windowsxp.basics,microsoft.public.windowsxp.general (More info?)

How is your system supposed to stop other computers from trying to connect
to you? All it can do is stop them from accomplishing it.

Ian wrote:
> just a thought, I have SP2 and was wondering why a fix for this
> hadn't been established...
>
>
> "Ian" <ipember@removethisfirst.msn.com> wrote in message
> news:%23gErLlRjEHA.3456@TK2MSFTNGP12.phx.gbl...
>> Thanks, very helpful. Does this high level of activity slow down my
>> computer or internet connection though?
>>
>> Ian
>>
>> --
>>
>>
>>
>>
>> "Dennis Lazo" <email@dennislazo.com> wrote in message
>> news:%23af$xhRjEHA.636@TK2MSFTNGP12.phx.gbl...
>>> ian,
>>>
>>> your activity log shows nothing out of the ordinary. port 445 is
>>> basically the port that other computer checks if you are on a
>>> network and is done basically by other computers on the same
>>> network that you are. however, as some firewalls do not have
>>> outbound blocking (like windows firewall), there will be computers
>>> which will be probing port 445 of other computers even when they
>>> are not on the same network. more info on port 445:
>>> http://grc.com/port_445.htm
>>>
>>> hope this helps.
>>> --
>>> Regards,
>>> Dennis Lazo
>>>
>>> the email address from where this message has been sent from is
>>> unmonitored.
>>> your replies may not be received. replies may be sent at
>>> http://dennislazo.com/email/.
>>> information herein is provided as is with no warranties, and
>>> confers no rights.
>>>
>>>
>>>
>>> "Ian" <ipember@removethisfirst.msn.com> wrote in message
>>> news:%23dLdvbRjEHA.2764@TK2MSFTNGP11.phx.gbl...
>>>> In my firewall logs, I am getting information sent to my computer
>>>> every 4 secs or so. I am currently using the new XP SP2 firewall
>>>> but I also got the similar activity when I used Zonealarm. The IP
>>>> addresses vary but tend to start with 81.156, as an example:
>>>>
>>>>
>>>> 2004-08-26 22:08:30 DROP TCP 81.156.185.233 81.156.58.12 4141 445
>>>> 48 S 3869061011 0 65535 - - - RECEIVE
>>>> 2004-08-26 22:08:36 DROP TCP 81.156.249.172 81.156.58.12 4195 445
>>>> 48 S 1738999339 0 65535 - - - RECEIVE
>>>> 2004-08-26 22:08:36 DROP TCP 81.156.249.172 81.156.58.12 4199 1433
>>>> 48 S 1739036499 0 65535 - - - RECEIVE
>>>> 2004-08-26 22:08:39 DROP TCP 81.156.231.115 81.156.58.12 4316 445
>>>> 48 S 4243233531 0 65535 - - - RECEIVE
>>>> 2004-08-26 22:08:39 DROP TCP 81.156.249.172 81.156.58.12 4195 445
>>>> 48 S 1738999339 0 65535 - - - RECEIVE
>>>> 2004-08-26 22:08:39 DROP TCP 81.156.249.172 81.156.58.12 4199 1433
>>>> 48 S 1739036499 0 65535 - - - RECEIVE
>>>>
>>>> I have set my firewall settings to allow echo or ping, but as you
>>>> can see I still get plenty of activity. I have AVG antivirus up
>>>> to date and also use Pandascan antivirus web checker and I run
>>>> spybot and lavasoft adaware often. can anyone help?
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>>
>>>>
>>>>
>>>> Ian
>>>>
>>>>
>>>> ---
>>>> Outgoing mail is certified Virus Free.
>>>> Checked by AVG anti-virus system (http://www.grisoft.com).
>>>> Version: 6.0.745 / Virus Database: 497 - Release Date: 27/08/2004
>>>>
>>>
>>>
>>
>>
>> ---
>> Outgoing mail is certified Virus Free.
>> Checked by AVG anti-virus system (http://www.grisoft.com).
>> Version: 6.0.745 / Virus Database: 497 - Release Date: 27/08/2004
>>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.745 / Virus Database: 497 - Release Date: 27/08/2004
 
Archived from groups: microsoft.public.security.virus,microsoft.public.windowsxp.basics,microsoft.public.windowsxp.general (More info?)

That's exactly what a firewall is for..to prevent them from breaking in.

You can't control what someone else's computer does. You can only control
your computer.

Tom
"Ian" <ipember@removethisfirst.msn.com> wrote in message
news:ORzIdnRjEHA.1040@TK2MSFTNGP09.phx.gbl...
| just a thought, I have SP2 and was wondering why a fix for this hadn't
been
| established...
|
| --
|
|
|
|
| "Ian" <ipember@removethisfirst.msn.com> wrote in message
| news:%23gErLlRjEHA.3456@TK2MSFTNGP12.phx.gbl...
| > Thanks, very helpful. Does this high level of activity slow down my
| > computer or internet connection though?
| >
| > Ian
| >
| > --
| >
| >
| >
| >
| > "Dennis Lazo" <email@dennislazo.com> wrote in message
| > news:%23af$xhRjEHA.636@TK2MSFTNGP12.phx.gbl...
| >> ian,
| >>
| >> your activity log shows nothing out of the ordinary. port 445 is
| >> basically the port that other computer checks if you are on a network
and
| >> is done basically by other computers on the same network that you are.
| >> however, as some firewalls do not have outbound blocking (like windows
| >> firewall), there will be computers which will be probing port 445 of
| >> other computers even when they are not on the same network.
| >>
| >> more info on port 445:
| >> http://grc.com/port_445.htm
| >>
| >> hope this helps.
| >> --
| >> Regards,
| >> Dennis Lazo
| >>
| >> the email address from where this message has been sent from is
| >> unmonitored.
| >> your replies may not be received. replies may be sent at
| >> http://dennislazo.com/email/.
| >> information herein is provided as is with no warranties, and confers no
| >> rights.
| >>
| >>
| >>
| >> "Ian" <ipember@removethisfirst.msn.com> wrote in message
| >> news:%23dLdvbRjEHA.2764@TK2MSFTNGP11.phx.gbl...
| >>> In my firewall logs, I am getting information sent to my computer
every
| >>> 4 secs or so. I am currently using the new XP SP2 firewall but I also
| >>> got the similar activity when I used Zonealarm. The IP addresses vary
| >>> but tend to start with 81.156, as an example:
| >>>
| >>>
| >>> 2004-08-26 22:08:30 DROP TCP 81.156.185.233 81.156.58.12 4141 445 48 S
| >>> 3869061011 0 65535 - - - RECEIVE
| >>> 2004-08-26 22:08:36 DROP TCP 81.156.249.172 81.156.58.12 4195 445 48 S
| >>> 1738999339 0 65535 - - - RECEIVE
| >>> 2004-08-26 22:08:36 DROP TCP 81.156.249.172 81.156.58.12 4199 1433 48
S
| >>> 1739036499 0 65535 - - - RECEIVE
| >>> 2004-08-26 22:08:39 DROP TCP 81.156.231.115 81.156.58.12 4316 445 48 S
| >>> 4243233531 0 65535 - - - RECEIVE
| >>> 2004-08-26 22:08:39 DROP TCP 81.156.249.172 81.156.58.12 4195 445 48 S
| >>> 1738999339 0 65535 - - - RECEIVE
| >>> 2004-08-26 22:08:39 DROP TCP 81.156.249.172 81.156.58.12 4199 1433 48
S
| >>> 1739036499 0 65535 - - - RECEIVE
| >>>
| >>> I have set my firewall settings to allow echo or ping, but as you can
| >>> see I still get plenty of activity. I have AVG antivirus up to date
| >>> and also use Pandascan antivirus web checker and I run spybot and
| >>> lavasoft adaware often. can anyone help?
| >>>
| >>>
| >>>
| >>> --
| >>>
| >>>
| >>>
| >>>
| >>> Ian
| >>>
| >>>
| >>> ---
| >>> Outgoing mail is certified Virus Free.
| >>> Checked by AVG anti-virus system (http://www.grisoft.com).
| >>> Version: 6.0.745 / Virus Database: 497 - Release Date: 27/08/2004
| >>>
| >>
| >>
| >
| >
| > ---
| > Outgoing mail is certified Virus Free.
| > Checked by AVG anti-virus system (http://www.grisoft.com).
| > Version: 6.0.745 / Virus Database: 497 - Release Date: 27/08/2004
| >
|
|
| ---
| Outgoing mail is certified Virus Free.
| Checked by AVG anti-virus system (http://www.grisoft.com).
| Version: 6.0.745 / Virus Database: 497 - Release Date: 27/08/2004
|
|
 
Archived from groups: microsoft.public.security.virus,microsoft.public.windowsxp.basics,microsoft.public.windowsxp.general (More info?)

ian,

you are welcome.

the level of activity should not slow down your computer or internet
activity as these "probes" are so minimal you won't even notice. in fact,
you may not have even noticed it at all if you were not scanning the logs,
right? LOL!

anyways, it is good that you have a firewall. port scans may be done by
crackers, worms, trojans, etc, to see if your computer is "on the net" and
if they could "invade" you. a good firewall can block all the scanning and
make the prober believe that your computer is in fact not connected to the
net.

also, it would be wise if you could block ping and icmp echo.

if you would like to check if your computer is "not available to everyone"
you may check https://www.grc.com/x/ne.dll?bh0bkyd2

hope this helps.
--
Regards,
Dennis Lazo

the email address from where this message has been sent from is unmonitored.
your replies may not be received. replies may be sent at
http://dennislazo.com/email/.
information herein is provided as is with no warranties, and confers no
rights.


"Ian" <ipember@removethisfirst.msn.com> wrote in message
news:%23gErLlRjEHA.3456@TK2MSFTNGP12.phx.gbl...
> Thanks, very helpful. Does this high level of activity slow down my
> computer or internet connection though?
>
> Ian
>
> --
>
>
>
>
> "Dennis Lazo" <email@dennislazo.com> wrote in message
> news:%23af$xhRjEHA.636@TK2MSFTNGP12.phx.gbl...
>> ian,
>>
>> your activity log shows nothing out of the ordinary. port 445 is
>> basically the port that other computer checks if you are on a network and
>> is done basically by other computers on the same network that you are.
>> however, as some firewalls do not have outbound blocking (like windows
>> firewall), there will be computers which will be probing port 445 of
>> other computers even when they are not on the same network.
>>
>> more info on port 445:
>> http://grc.com/port_445.htm
>>
>> hope this helps.
>> --
>> Regards,
>> Dennis Lazo
>>
>> the email address from where this message has been sent from is
>> unmonitored.
>> your replies may not be received. replies may be sent at
>> http://dennislazo.com/email/.
>> information herein is provided as is with no warranties, and confers no
>> rights.
>>
>>
>>
>> "Ian" <ipember@removethisfirst.msn.com> wrote in message
>> news:%23dLdvbRjEHA.2764@TK2MSFTNGP11.phx.gbl...
>>> In my firewall logs, I am getting information sent to my computer every
>>> 4 secs or so. I am currently using the new XP SP2 firewall but I also
>>> got the similar activity when I used Zonealarm. The IP addresses vary
>>> but tend to start with 81.156, as an example:
>>>
>>>
>>> 2004-08-26 22:08:30 DROP TCP 81.156.185.233 81.156.58.12 4141 445 48 S
>>> 3869061011 0 65535 - - - RECEIVE
>>> 2004-08-26 22:08:36 DROP TCP 81.156.249.172 81.156.58.12 4195 445 48 S
>>> 1738999339 0 65535 - - - RECEIVE
>>> 2004-08-26 22:08:36 DROP TCP 81.156.249.172 81.156.58.12 4199 1433 48 S
>>> 1739036499 0 65535 - - - RECEIVE
>>> 2004-08-26 22:08:39 DROP TCP 81.156.231.115 81.156.58.12 4316 445 48 S
>>> 4243233531 0 65535 - - - RECEIVE
>>> 2004-08-26 22:08:39 DROP TCP 81.156.249.172 81.156.58.12 4195 445 48 S
>>> 1738999339 0 65535 - - - RECEIVE
>>> 2004-08-26 22:08:39 DROP TCP 81.156.249.172 81.156.58.12 4199 1433 48 S
>>> 1739036499 0 65535 - - - RECEIVE
>>>
>>> I have set my firewall settings to allow echo or ping, but as you can
>>> see I still get plenty of activity. I have AVG antivirus up to date
>>> and also use Pandascan antivirus web checker and I run spybot and
>>> lavasoft adaware often. can anyone help?
>>>
>>>
>>>
>>> --
>>>
>>>
>>>
>>>
>>> Ian
>>>
>>>
>>> ---
>>> Outgoing mail is certified Virus Free.
>>> Checked by AVG anti-virus system (http://www.grisoft.com).
>>> Version: 6.0.745 / Virus Database: 497 - Release Date: 27/08/2004
>>>
>>
>>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.745 / Virus Database: 497 - Release Date: 27/08/2004
>
 
Archived from groups: microsoft.public.security.virus,microsoft.public.windowsxp.basics,microsoft.public.windowsxp.general (More info?)

--


Thanks I visited the GRC site and this is what the report stated:

Attempting connection to your computer. . .
Shields UP! is now attempting to contact the Hidden Internet Server
within your PC. It is likely that no one has told you that your own personal
computer may now be functioning as an Internet Server with neither your
knowledge nor your permission. And that it may be serving up all or many of
your personal files for reading, writing, modification and even deletion by
anyone, anywhere, on the Internet!
Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE!
Standard Internet behaviour requires port connection attempts to be answered
with a success or refusal response. Therefore, only an attempt to connect to
a nonexistent computer results in no response of either kind. But YOUR
computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which
represents advanced computer and port stealthing capabilities. A machine
configured in this fashion is well hardened to Internet NetBIOS attack and
intrusion.
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED.
(This is very uncommon for a Windows networking-based PC.) Relative to
vulnerabilities from Windows networking, this computer appears to be VERY
SECURE since it is NOT exposing ANY of its internal NetBIOS networking
protocol over the Internet.



everything looks fine as you said it might be except for the first paragraph
about my pc acting as an internet server. what do you think. really
helpful responses by the way, I appreciate it.

Ian



"Dennis Lazo" <email@dennislazo.com> wrote in message
news:e5y7XqRjEHA.596@TK2MSFTNGP11.phx.gbl...
> ian,
>
> you are welcome.
>
> the level of activity should not slow down your computer or internet
> activity as these "probes" are so minimal you won't even notice. in fact,
> you may not have even noticed it at all if you were not scanning the logs,
> right? LOL!
>
> anyways, it is good that you have a firewall. port scans may be done by
> crackers, worms, trojans, etc, to see if your computer is "on the net" and
> if they could "invade" you. a good firewall can block all the scanning
> and
> make the prober believe that your computer is in fact not connected to the
> net.
>
> also, it would be wise if you could block ping and icmp echo.
>
> if you would like to check if your computer is "not available to everyone"
> you may check https://www.grc.com/x/ne.dll?bh0bkyd2
>
> hope this helps.
> --
> Regards,
> Dennis Lazo
>
> the email address from where this message has been sent from is
> unmonitored.
> your replies may not be received. replies may be sent at
> http://dennislazo.com/email/.
> information herein is provided as is with no warranties, and confers no
> rights.
>
>
> "Ian" <ipember@removethisfirst.msn.com> wrote in message
> news:%23gErLlRjEHA.3456@TK2MSFTNGP12.phx.gbl...
>> Thanks, very helpful. Does this high level of activity slow down my
>> computer or internet connection though?
>>
>> Ian
>>
>> --
>>
>>
>>
>>
>> "Dennis Lazo" <email@dennislazo.com> wrote in message
>> news:%23af$xhRjEHA.636@TK2MSFTNGP12.phx.gbl...
>>> ian,
>>>
>>> your activity log shows nothing out of the ordinary. port 445 is
>>> basically the port that other computer checks if you are on a network
>>> and
>>> is done basically by other computers on the same network that you are.
>>> however, as some firewalls do not have outbound blocking (like windows
>>> firewall), there will be computers which will be probing port 445 of
>>> other computers even when they are not on the same network.
>>>
>>> more info on port 445:
>>> http://grc.com/port_445.htm
>>>
>>> hope this helps.
>>> --
>>> Regards,
>>> Dennis Lazo
>>>
>>> the email address from where this message has been sent from is
>>> unmonitored.
>>> your replies may not be received. replies may be sent at
>>> http://dennislazo.com/email/.
>>> information herein is provided as is with no warranties, and confers no
>>> rights.
>>>
>>>
>>>
>>> "Ian" <ipember@removethisfirst.msn.com> wrote in message
>>> news:%23dLdvbRjEHA.2764@TK2MSFTNGP11.phx.gbl...
>>>> In my firewall logs, I am getting information sent to my computer every
>>>> 4 secs or so. I am currently using the new XP SP2 firewall but I also
>>>> got the similar activity when I used Zonealarm. The IP addresses vary
>>>> but tend to start with 81.156, as an example:
>>>>
>>>>
>>>> 2004-08-26 22:08:30 DROP TCP 81.156.185.233 81.156.58.12 4141 445 48 S
>>>> 3869061011 0 65535 - - - RECEIVE
>>>> 2004-08-26 22:08:36 DROP TCP 81.156.249.172 81.156.58.12 4195 445 48 S
>>>> 1738999339 0 65535 - - - RECEIVE
>>>> 2004-08-26 22:08:36 DROP TCP 81.156.249.172 81.156.58.12 4199 1433 48 S
>>>> 1739036499 0 65535 - - - RECEIVE
>>>> 2004-08-26 22:08:39 DROP TCP 81.156.231.115 81.156.58.12 4316 445 48 S
>>>> 4243233531 0 65535 - - - RECEIVE
>>>> 2004-08-26 22:08:39 DROP TCP 81.156.249.172 81.156.58.12 4195 445 48 S
>>>> 1738999339 0 65535 - - - RECEIVE
>>>> 2004-08-26 22:08:39 DROP TCP 81.156.249.172 81.156.58.12 4199 1433 48 S
>>>> 1739036499 0 65535 - - - RECEIVE
>>>>
>>>> I have set my firewall settings to allow echo or ping, but as you can
>>>> see I still get plenty of activity. I have AVG antivirus up to date
>>>> and also use Pandascan antivirus web checker and I run spybot and
>>>> lavasoft adaware often. can anyone help?
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>>
>>>>
>>>>
>>>> Ian
>>>>
>>>>
>>>> ---
>>>> Outgoing mail is certified Virus Free.
>>>> Checked by AVG anti-virus system (http://www.grisoft.com).
>>>> Version: 6.0.745 / Virus Database: 497 - Release Date: 27/08/2004
>>>>
>>>
>>>
>>
>>
>> ---
>> Outgoing mail is certified Virus Free.
>> Checked by AVG anti-virus system (http://www.grisoft.com).
>> Version: 6.0.745 / Virus Database: 497 - Release Date: 27/08/2004
>>
>
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.745 / Virus Database: 497 - Release Date: 27/08/2004


begin 666 reddash.gif
M1TE&.#EA(0`B`/<``$L`*DP`*D\`+% `+%(`+5(`+E0!+U4!,%8`,%0,-5D!
M,EL#-%P`,UX!-%T$-5X$-EL2.EP2.UL8/F$!-F %-V,".&$%.&4`.&8(/&L&
M/FT!/6H)/V$0/7 !/FL+0&T,0F,506 >0VD20W(!0'$%074"070%0G$.178)
M1G4-1W@!0WH!1'L'1WX!1W\&27H)2'X-3'4127(92GL337X33WP63WL=4'X8
M46HM3GXM678S6'='87A,97]:;H !1X(!2($$2H0"2H<&38,)38(-3H8(3HD!
M38D$3HT`3HH'4(X`4(T%48D,48T)4X844X$:4X(;5(4<5X@45(T35X\26(@=
M68\?79 !4) $4I,'59,(594)5Y4.69(069(?7YD279X68IX88X,D6( K6HD@
M6HPB78XD7X$Y8(DP8I$G8I<@8I0I9)D@9)TA9I@L:)TP;*$99*(C:J<F;JDD
M;JXM=: R;Z0T<J4X=:LX>*H\>:X[>[4Q>H!#99]0>X1C=;DY@+PZ@I1\BI9^
MC)ESB)UQB:],@[5 @;1%@[)+@[A"@[A(AKU,BKAME[!VE;MZG<%)B\)+C<Q.
ME,12DL=5E,A6E<Y6F<M8F-A9H-U>I-5BHMEEI>!HJ^%IK.IMLN5PL?1^O_5^
MP)&)CIJ!CY:.DY65E9N4F)J:FIZ>GJZ7I*B<HJ"@H**BHJ2DI*:FIJNKJZRL
MK*ZNKK"PL+*RLK6UM;>WM[RRN+BXN+JZNKR\O+Z^OL*NN<FTO\:]P].YR/:
MPOF!Q/^.TO60S?^0TO^6V?^<W_^>X>*PT^:[V?^I[/^L[_:Z\?:^\?^S]O^U
M^?^\_\'!P<+"PL3$Q,;&QLS!Q\C(R,O+R\S,S,[.SM+(SMG.U-W,U=#0T-+2
MTM34U-?7U]C8V-K:VMS<W-[>WN'#U>+&U^/)V.?/W.C0W>?7X.O7XNK?Y>W=
MYN#@X.+BXN3DY.;FYNCHZ.KJZNSL[.[N[O+G[?#P\/+R\O3T]/;V]OCX^/KZ
M^OS\_/[^_@```````````"P`````(0`B`$ (_@#Y"1PX<)\^??GRX5NX,.'!
M?00C\M-W#EFR89CV@-F"Y8K'CTN6%'FQP8(%5-6\L8MG+Y\^?OCJ%;I31TV7
M)AV5Z-RI$TF0%1<*"(!PZM6M:M_>U</';U\^>_+:?;-6:Y .$ <*$(B P\\H
M4ZI😛;(%S=JW=O):0I18T"#"A'!=ZMNWEFU!?>F4-4M&[!>G2I 2Z;'CI@P4
M,;O$N8M7[Y[+NOG*>?)4R6Y$I_*X53A@0!0M:=W8R7.L[UY4-#%.G$#!PD60
MUT%:J- PH4 ``!)(G7)E"S3:>R\%TLUWKYZ\=^S">>.V[9KS;=R\A6/W3E[C
M?'3MTM5GSE@P4)XT_EE:A(A1+WCRYMF[AV]N78+[Z"ESU@P8)D!SPGSAPK\+
M%2DTQ/"!#+QX(PX\\SBVEE/!`/-+)'-PT=$5//%T!! F6* `![9$P\V!:N4S
MSB22&-)4=MKA`\\U#1! 0""PX&(-./#4DU ]VIA!1A1.,)'$$A4J@801/Y10
MP0`!!!#**K#D8DTX-6+W5#SL3),#!A90\, #$TS0``(") E "*&8PN0MH*VD
MEG#$U0./5-M0\\PML\@2"RRQR#+++<]0L\U9-2JH'4+XV%////+$`\^B\:17
MCSWX/&89?&^M4PXYXZ!3SZ;K12KII ;1<PPRQ0CCBR>94*)('F^DT4<V_NX@
M".FGE*:SC#/,#--))'_0(4<<;;#A114WQ&"#+N"P@R!I=1ET3#/,`'/)'G!P
MH046V&+;!!-$I. !!F=4T\V!2\W5E#[&%$-,)X# P9%'%5ZQQ!$ND$"!`WP\
M<PTX[B0XES[K?.++)G^ D06\02IQA4\J5* ``JDX^4V_[>5#3B:9/"(<J/ED
M-H$!!0@BRS/;@*B0.HH<@D<;$E*8L$Y$=J# ``.48E0UX"BU4#V.N+&&%5,T
M`:3+/ WI0P<,A+E#4;C@K/.4C3Q1PPPP#"'$$48@,:01L940U&T\F,**+-"4
MS))+^,SS#C9C?+ !!AF08$())8R@@<-AXE;FC=A.YCQ/>P;=HS8XVQ BP@,+
M*, 9`0*$F4 /I)CY"BUE^PT<1 ;%1.4WUT1SBRROM,+**JJLPDHKK\AR2S37
M?+-2N>\Y55P\[833S3741/-,+KP_$PTUUW033CN,"<I6YO;,$\\[[K C3CC0
DB\...^_$HQ[@DPIGD$+WW&//]]]W'ZE[V6M'U_GGEQ\0```[
`
end