Archived from groups: microsoft.public.security.virus,microsoft.public.windowsxp.basics,microsoft.public.windowsxp.general (
More info?)
--
Thanks I visited the GRC site and this is what the report stated:
Attempting connection to your computer. . .
Shields UP! is now attempting to contact the Hidden Internet Server
within your PC. It is likely that no one has told you that your own personal
computer may now be functioning as an Internet Server with neither your
knowledge nor your permission. And that it may be serving up all or many of
your personal files for reading, writing, modification and even deletion by
anyone, anywhere, on the Internet!
Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE!
Standard Internet behaviour requires port connection attempts to be answered
with a success or refusal response. Therefore, only an attempt to connect to
a nonexistent computer results in no response of either kind. But YOUR
computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which
represents advanced computer and port stealthing capabilities. A machine
configured in this fashion is well hardened to Internet NetBIOS attack and
intrusion.
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED.
(This is very uncommon for a Windows networking-based PC.) Relative to
vulnerabilities from Windows networking, this computer appears to be VERY
SECURE since it is NOT exposing ANY of its internal NetBIOS networking
protocol over the Internet.
everything looks fine as you said it might be except for the first paragraph
about my pc acting as an internet server. what do you think. really
helpful responses by the way, I appreciate it.
Ian
"Dennis Lazo" <email@dennislazo.com> wrote in message
news:e5y7XqRjEHA.596@TK2MSFTNGP11.phx.gbl...
> ian,
>
> you are welcome.
>
> the level of activity should not slow down your computer or internet
> activity as these "probes" are so minimal you won't even notice. in fact,
> you may not have even noticed it at all if you were not scanning the logs,
> right? LOL!
>
> anyways, it is good that you have a firewall. port scans may be done by
> crackers, worms, trojans, etc, to see if your computer is "on the net" and
> if they could "invade" you. a good firewall can block all the scanning
> and
> make the prober believe that your computer is in fact not connected to the
> net.
>
> also, it would be wise if you could block ping and icmp echo.
>
> if you would like to check if your computer is "not available to everyone"
> you may check
https://www.grc.com/x/ne.dll?bh0bkyd2
>
> hope this helps.
> --
> Regards,
> Dennis Lazo
>
> the email address from where this message has been sent from is
> unmonitored.
> your replies may not be received. replies may be sent at
> http://dennislazo.com/email/.
> information herein is provided as is with no warranties, and confers no
> rights.
>
>
> "Ian" <ipember@removethisfirst.msn.com> wrote in message
> news:%23gErLlRjEHA.3456@TK2MSFTNGP12.phx.gbl...
>> Thanks, very helpful. Does this high level of activity slow down my
>> computer or internet connection though?
>>
>> Ian
>>
>> --
>>
>>
>>
>>
>> "Dennis Lazo" <email@dennislazo.com> wrote in message
>> news:%23af$xhRjEHA.636@TK2MSFTNGP12.phx.gbl...
>>> ian,
>>>
>>> your activity log shows nothing out of the ordinary. port 445 is
>>> basically the port that other computer checks if you are on a network
>>> and
>>> is done basically by other computers on the same network that you are.
>>> however, as some firewalls do not have outbound blocking (like windows
>>> firewall), there will be computers which will be probing port 445 of
>>> other computers even when they are not on the same network.
>>>
>>> more info on port 445:
>>>
http://grc.com/port_445.htm
>>>
>>> hope this helps.
>>> --
>>> Regards,
>>> Dennis Lazo
>>>
>>> the email address from where this message has been sent from is
>>> unmonitored.
>>> your replies may not be received. replies may be sent at
>>> http://dennislazo.com/email/.
>>> information herein is provided as is with no warranties, and confers no
>>> rights.
>>>
>>>
>>>
>>> "Ian" <ipember@removethisfirst.msn.com> wrote in message
>>> news:%23dLdvbRjEHA.2764@TK2MSFTNGP11.phx.gbl...
>>>> In my firewall logs, I am getting information sent to my computer every
>>>> 4 secs or so. I am currently using the new XP SP2 firewall but I also
>>>> got the similar activity when I used Zonealarm. The IP addresses vary
>>>> but tend to start with 81.156, as an example:
>>>>
>>>>
>>>> 2004-08-26 22:08:30 DROP TCP 81.156.185.233 81.156.58.12 4141 445 48 S
>>>> 3869061011 0 65535 - - - RECEIVE
>>>> 2004-08-26 22:08:36 DROP TCP 81.156.249.172 81.156.58.12 4195 445 48 S
>>>> 1738999339 0 65535 - - - RECEIVE
>>>> 2004-08-26 22:08:36 DROP TCP 81.156.249.172 81.156.58.12 4199 1433 48 S
>>>> 1739036499 0 65535 - - - RECEIVE
>>>> 2004-08-26 22:08:39 DROP TCP 81.156.231.115 81.156.58.12 4316 445 48 S
>>>> 4243233531 0 65535 - - - RECEIVE
>>>> 2004-08-26 22:08:39 DROP TCP 81.156.249.172 81.156.58.12 4195 445 48 S
>>>> 1738999339 0 65535 - - - RECEIVE
>>>> 2004-08-26 22:08:39 DROP TCP 81.156.249.172 81.156.58.12 4199 1433 48 S
>>>> 1739036499 0 65535 - - - RECEIVE
>>>>
>>>> I have set my firewall settings to allow echo or ping, but as you can
>>>> see I still get plenty of activity. I have AVG antivirus up to date
>>>> and also use Pandascan antivirus web checker and I run spybot and
>>>> lavasoft adaware often. can anyone help?
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>>
>>>>
>>>>
>>>> Ian
>>>>
>>>>
>>>> ---
>>>> Outgoing mail is certified Virus Free.
>>>> Checked by AVG anti-virus system (http://www.grisoft.com).
>>>> Version: 6.0.745 / Virus Database: 497 - Release Date: 27/08/2004
>>>>
>>>
>>>
>>
>>
>> ---
>> Outgoing mail is certified Virus Free.
>> Checked by AVG anti-virus system (http://www.grisoft.com).
>> Version: 6.0.745 / Virus Database: 497 - Release Date: 27/08/2004
>>
>
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.745 / Virus Database: 497 - Release Date: 27/08/2004
begin 666 reddash.gif
M1TE&.#EA(0`B`/<``$L`*DP`*D\`+% `+%(`+5(`+E0!+U4!,%8`,%0,-5D!
M,EL#-%P`,UX!-%T$-5X$-EL2.EP2.UL8/F$!-F %-V,".&$%.&4`.&8(/&L&
M/FT!/6H)/V$0/7 !/FL+0&T,0F,506 >0VD20W(!0'$%074"070%0G$.178)
M1G4-1W@!0WH!1'L'1WX!1W\&27H)2'X-3'4127(92GL337X33WP63WL=4'X8
M46HM3GXM678S6'='87A,97]:;H !1X(!2($$2H0"2H<&38,)38(-3H8(3HD!
M38D$3HT`3HH'4(X`4(T%48D,48T)4X844X$:4X(;5(4<5X@45(T35X\26(@=
M68\?79 !4) $4I,'59,(594)5Y4.69(069(?7YD279X68IX88X,D6( K6HD@
M6HPB78XD7X$Y8(DP8I$G8I<@8I0I9)D@9)TA9I@L
TP;*$99*(C:J<F;JDD
M;JXM=: R;Z0T<J4X=:LX>*H\>:X[>[4Q>H!#99]0>X1C=;DY@+PZ@I1\BI9^
MC)ESB)UQB:],@[5 @;1%@[)+@[A"@[A(AKU,BKAME[!VE;MZG<%)B\)+C<Q.
ME,12DL=5E,A6E<Y6F<M8F-A9H-U>I-5BHMEEI>!HJ^%IK.IMLN5PL?1^O_5^
MP)&)CIJ!CY:.DY65E9N4F)J:FIZ>GJZ7I*B<HJ"@H**BHJ2DI*:FIJNKJZRL
MK*ZNKK"PL+*RLK6UM;>WM[RRN+BXN+JZNKR\O+Z^OL*NN<FTO\:]P].YR/:
MPOF!Q/^.TO60S?^0TO^6V?^<W_^>X>*PT^:[V?^I[/^L[_:Z\?:^\?^S]O^U
M^?^\_\'!P<+"PL3$Q,;&QLS!Q\C(R,O+R\S,S,[.SM+(SMG.U-W,U=#0T-+2
MTM34U-?7U]C8V-K:VMS<W-[>WN'#U>+&U^/)V.?/W.C0W>?7X.O7XNK?Y>W=
MYN#@X.+BXN3DY.;FYNCHZ.KJZNSL[.[N[O+G[?#P\/+R\O3T]/;V]OCX^/KZ
M^OS\_/[^_@```````````"P`````(0`B`$ (_@#Y"1PX<)\^??GRX5NX,.'!
M?00C\M-W#EFR89CV@-F"Y8K'CTN6%'FQP8(%5-6\L8MG+Y\^?OCJ%;I31TV7
M)AV5Z-RI$TF0%1<*"(!PZM6M:M_>U</';U\^>_+:?;-6:Y .$ <*$(B P\\H
M4ZI
😛;(%S=JW=O):0I18T"#"A'!=ZMNWEFU!?>F4-4M&[!>G2I 2Z;'CI@P4
M,;O$N8M7[Y[+NOG*>?)4R6Y$I_*X53A@0!0M:=W8R7.L[UY4-#%.G$#!PD60
MUT%:J- PH4 ``!)(G7)E"S3:>R\%TLUWKYZ\=^S">>.V[9KS;=R\A6/W3E[C
M?'3MTM5GSE@P4)XT_EE:A(A1+WCRYMF[AV]N78+[Z"ESU@P8)D!SPGSAPK\+
M%2DTQ/"!#+QX(PX\\SBVEE/!`/-+)'-PT=$5//%T!! F6* `![9$P\V!:N4S
MSB22&-)4=MKA`\\U#1! 0""PX&(-./#4DU ]VIA!1A1.,)'$$A4J@801/Y10
MP0`!!!#**K#D8DTX-6+W5#SL3),#!A90\, #$TS0``(") E "*&8PN0MH*VD
MEG#$U0./5-M0\\PML\@2"RRQR#+++<]0L\U9-2JH'4+XV%////+$`\^B\:17
MCSWX/&89?&^M4PXYXZ!3SZ;K12KII ;1<PPRQ0CCBR>94*)('F^DT4<V_NX@
M".FGE*:SC#/,#--))'_0(4<<;;#A114WQ&"#+N"P@R!I=1ET3#/,`'/)'G!P
MH046V&+;!!-$I. !!F=4T\V!2\W5E#[&%$-,)X# P9%'%5ZQQ!$ND$"!`WP\
M<PTX[B0XES[K?.++)G^ D06\02IQA4\J5* ``JDX^4V_[>5#3B:9/"(<J/ED
M-H$!!0@BRS/;@*B0.HH<@D<;$E*8L$Y$=J# ``.48E0UX"BU4#V.N+&&%5,T
M`:3+/ WI0P<,A+E#4;C@K/.4C3Q1PPPP#"'$$48@,:01L940U&T\F,**+-"4
MS))+^,SS#C9C?+ !!AF08$())8R@@<-AXE;FC=A.YCQ/>P;=HS8XVQ BP@,+
M*, 9`0*$F4 /I)CY"BUE^PT<1 ;%1.4WUT1SBRROM,+**JJLPDHKK\AR2S37
M?+-2N>\Y55P\[833S3741/-,+KP_$PTUUW033CN,"<I6YO;,$\\[[K C3CC0
DB\...^_$HQ[@DPIGD$+WW&//]]]W'ZE[V6M'U_GGEQ\0```[
`
end