Trying to understand...

Someone just hit me over 70 times inside 3 minutes on TCP ports over
63700 from 200.192.240.8.  I dropped my connection and picked up a new
IP, but is there really anything other than an attempt to invade my box
that this kind of activity could be?  Just trying to get an education...
0
nospam
5/13/2001 12:29:00 AM
grc.security.software 15003 articles. 0 followers. Follow

11 Replies
530 Views

Similar Articles

[PageSpeed] 6

nospam@myaddress.com wrote:
> 
> Someone just hit me over 70 times inside 3 minutes on TCP ports over
> 63700 from 200.192.240.8.  I dropped my connection and picked up a new
> IP, but is there really anything other than an attempt to invade my box
> that this kind of activity could be?  Just trying to get an education...

Oh, and btw, this started within seconds of signing on to the net, even
before my browser opened, so assuming that it was an invasion, it was
not targeting me specifically, but rather the person who last had my IP
or nobody in particular at all.  I must say I was a little shocked to
see this activity immediately on signing on.
0
nospam
5/13/2001 12:39:00 AM
Is IBR likely to be the cause of 70+ hits in a couple of minutes?  I
ignore 
most of the hits I get, but I have never seen anything this aggressive
unless
I had asked for it (like shields up or the equivalent).

The Night Stalker wrote:
> 
> Do a search on "background internet radiation" at GRC.com  someone may post
> the direct link to it here..I dont have it handy.
> 
> Stalker Steve, MCP
> eAegis http://www.stormpages.com/eaegis
> 
> <nospam@myaddress.com> wrote in message
> news:3AFDD570.984CA746@cybrsolutions.com...
> > Someone just hit me over 70 times inside 3 minutes on TCP ports over
> > 63700 from 200.192.240.8.  I dropped my connection and picked up a new
> > IP, but is there really anything other than an attempt to invade my box
> > that this kind of activity could be?  Just trying to get an education...
0
nospam
5/13/2001 12:56:00 AM
Hi nospam,

here are some links.
<http://grc.com/cb-faq.htm#zause-kiddies>
<http://www.robertgraham.com/pubs/firewall-seen.html#2>
Also if it happened right after you logged on, there is a good chance,
whoever had the IP before was playing a game.

HiMan

<nospam@myaddress.com> schrieb im Newsbeitrag
news:3AFDD570.984CA746@cybrsolutions.com...
| Someone just hit me over 70 times inside 3 minutes on TCP ports over
| 63700 from 200.192.240.8.  I dropped my connection and picked up a new
| IP, but is there really anything other than an attempt to invade my box
| that this kind of activity could be?  Just trying to get an education...
0
HiMan
5/13/2001 12:57:00 AM
Ahhh, I hadn't thought of that (a game).  Good thought, thanks.

HiMan wrote:
> 
> Hi nospam,
> 
> here are some links.
> <http://grc.com/cb-faq.htm#zause-kiddies>
> <http://www.robertgraham.com/pubs/firewall-seen.html#2>
> Also if it happened right after you logged on, there is a good chance,
> whoever had the IP before was playing a game.
> 
> HiMan
> 
> <nospam@myaddress.com> schrieb im Newsbeitrag
> news:3AFDD570.984CA746@cybrsolutions.com...
> | Someone just hit me over 70 times inside 3 minutes on TCP ports over
> | 63700 from 200.192.240.8.  I dropped my connection and picked up a new
> | IP, but is there really anything other than an attempt to invade my box
> | that this kind of activity could be?  Just trying to get an education...
0
nospam
5/13/2001 1:00:00 AM
It is, as you say, probably aimed at the person who had your IP last before you got it. they may have been running
something like Napster & other machines are still trying to connect to them not realizing they have logged off. It's
very common. Nothing to worry about. if you'd been online for a few hrs. & it happened, then it might be something to
investigate, but the fact that you'd just logged on indicates that it's probably really just another form of IBR.

Don't worry about it. Your firewall did it's job & blocked it.

--
Rick

I am notjohnlennon@hotmail.com

MCSE

Need info? Check these links.
http://www.gpick.net/sbr/lists
<nospam@myaddress.com> wrote in message news:3AFDDBAB.53AA59ED@cybrsolutions.com...
> Is IBR likely to be the cause of 70+ hits in a couple of minutes?  I
> ignore
> most of the hits I get, but I have never seen anything this aggressive
> unless
> I had asked for it (like shields up or the equivalent).
>
> The Night Stalker wrote:
> >
> > Do a search on "background internet radiation" at GRC.com  someone may post
> > the direct link to it here..I dont have it handy.
> >
> > Stalker Steve, MCP
> > eAegis http://www.stormpages.com/eaegis
> >
> > <nospam@myaddress.com> wrote in message
> > news:3AFDD570.984CA746@cybrsolutions.com...
> > > Someone just hit me over 70 times inside 3 minutes on TCP ports over
> > > 63700 from 200.192.240.8.  I dropped my connection and picked up a new
> > > IP, but is there really anything other than an attempt to invade my box
> > > that this kind of activity could be?  Just trying to get an education...
0
Not
5/13/2001 1:01:00 AM
"HiMan" <Please@ReplyInForum.invalid> schrieb im Newsbeitrag
news:JHQCjg02AHA.1220@colossus.SMG...

just some info.     HiMan

http://www.iana.org/assignments/port-numbers
The Dynamic and/or Private Ports are those from 49152 through 65535

http://www.geektools.com/cgi-bin/proxy.cgi

Whois: 200.192.240.8
Server used for this query: [ whois.nic.br ]

                 % Copyright registro.br
%  The data below is provided for information purposes
%  and to assist persons in obtaining information about or
%  related to domain name and IP number registrations
%  By submitting a whois query, you agree to use this data
%  only for lawful purposes.
%  2001-05-12 22:00:31 (BRT -03:00)

inetnum:     200.192.240/21
aut-num:     AS14463
abuse-c:     HSO
owner:       TDKOM INFORMATICA LTDA.
ownerid:     001.693.339/0001-83
responsible: Herlon Schmeiske de Oliveira
address:     Rui Barbosa, 567, 1 andar
address:     86430-000 - S. A. Platina - PR
phone:       (043) 7344882 []
owner-c:     HSO
tech-c:      HSO
inetrev:     200.192.240/21
nserver:     SERVER.TDKOM.COM.BR
nsstat:      20000209 AA
nslastaa:    20000209
nserver:     NS.TDKOM.COM.BR
nsstat:      20000209 AA
nslastaa:    20000209

nic-hdl-br:  HSO
person:      Herlon Schmeiske de Oliveira
e-mail:      herlon@TDKOM.COM.BR
address:     Rui Barbosa, 567, 1 andar
address:     86430-000 - S. A. Platina - PR
phone:       (043) 7344882 []
created:     19971219
changed:     20010306

remarks:     Security issues should also be addressed to
remarks:     nbso@nic.br, http://www.nic.br/nbso.html
remarks:     Mail abuse issues should also be addressed to
remarks:     mail-abuse@nic.br

% whois.registro.br accepts only direct match queries.
% Types of queries are: domains (.BR),.BR POCs, CIDR blocks,
% IP and AS numbers.
0
HiMan
5/13/2001 1:03:00 AM
Hi Rick,would you please E-mail me<<<URGENT>>>TIA.

Smile: Joh@nnes
1216771 Ont.Inc.


"Not John Lennon" <notjohnlennon@hotmail.com> wrote:
>It is, as you say, probably aimed at the person who had your IP
last before
>you got it. they may have been running
>something like Napster & other machines are still trying to connect
to them
>not realizing they have logged off. It's
>very common. Nothing to worry about. if you'd been online for
a few hrs. &
>it happened, then it might be something to
>investigate, but the fact that you'd just logged on indicates
that it's probably
>really just another form of IBR.
>
>Don't worry about it. Your firewall did it's job & blocked it.
>
>--
>Rick
>
>I am notjohnlennon@hotmail.com
>
>MCSE
>
>Need info? Check these links.
>http://www.gpick.net/sbr/lists
><nospam@myaddress.com> wrote in message news:3AFDDBAB.53AA59ED@cybrsolutions.com...
>> Is IBR likely to be the cause of 70+ hits in a couple of minutes?
 I
>> ignore
>> most of the hits I get, but I have never seen anything this
aggressive
>> unless
>> I had asked for it (like shields up or the equivalent).
>>
>> The Night Stalker wrote:
>> >
>> > Do a search on "background internet radiation" at GRC.com
 someone may
>post
>> > the direct link to it here..I dont have it handy.
>> >
>> > Stalker Steve, MCP
>> > eAegis http://www.stormpages.com/eaegis
>> >
>> > <nospam@myaddress.com> wrote in message
>> > news:3AFDD570.984CA746@cybrsolutions.com...
>> > > Someone just hit me over 70 times inside 3 minutes on TCP
ports over
>> > > 63700 from 200.192.240.8.  I dropped my connection and picked
up a new
>> > > IP, but is there really anything other than an attempt to
invade my
>box
>> > > that this kind of activity could be?  Just trying to get
an education...
>
>
0
Joh
5/13/2001 1:25:00 AM
Just sent a mail to you a minute ago.

--
Rick

I am notjohnlennon@hotmail.com

MCSE

Need info? Check these links.
http://www.gpick.net/sbr/lists
"Joh@nnes" <niebach@sprint.ca> wrote in message news:9jOqau02AHA.1564@colossus.SMG...
>
> Hi Rick,would you please E-mail me<<<URGENT>>>TIA.
>
> Smile: Joh@nnes
> 1216771 Ont.Inc.
0
Not
5/13/2001 1:51:00 AM
I was thinking it might be an idea to have a list somewhere of the common
ports, but the peer to peers like Limewire, Gnotella and WinMX allow a user
to consigure a port and IP to get around their firewalls, which of course
means you can set almost any port. The upshot of this is that is someone is
searching you would get a lot of hits to that port for some considerable
time after you log off.... so it is also just possible that things like
attempted "Resumes" from several users might hit you when you take up a
recently vacated IP. I know in your case this was one single IP but thought
it worth mentioning.
0
Charlie
5/13/2001 2:13:00 AM
Got it,TX!!!Wait another reply<<<CHEERS>>>

Regard: Joh@nnes
1216771 Ont.Inc.


"Not John Lennon" <notjohnlennon@hotmail.com> wrote:
>Just sent a mail to you a minute ago.
>
>--
>Rick
>
>I am notjohnlennon@hotmail.com
>
>MCSE
>
>Need info? Check these links.
>http://www.gpick.net/sbr/lists
>"Joh@nnes" <niebach@sprint.ca> wrote in message news:9jOqau02AHA.1564@colossus.SMG...
>>
>> Hi Rick,would you please E-mail me<<<URGENT>>>TIA.
>>
>> Smile: Joh@nnes
>> 1216771 Ont.Inc.
>
>
0
Joh
5/13/2001 2:30:00 AM
Do a search on "background internet radiation" at GRC.com  someone may post
the direct link to it here..I dont have it handy.

Stalker Steve, MCP
eAegis http://www.stormpages.com/eaegis


<nospam@myaddress.com> wrote in message
news:3AFDD570.984CA746@cybrsolutions.com...
> Someone just hit me over 70 times inside 3 minutes on TCP ports over
> 63700 from 200.192.240.8.  I dropped my connection and picked up a new
> IP, but is there really anything other than an attempt to invade my box
> that this kind of activity could be?  Just trying to get an education...
0
The
5/13/2001 2:44:00 AM
Reply:

Similar Artilces:

Trying to understand security management in ASP.NET
Hi,I've been requested to develop a website, which will be most probably used only in a intranet...after a lot of search I've final come up with setting the connection correctly to a local SQL Server (no way to the remote), but I don't understand now the fllwoing:-- I cannot add any user...ok, that's fine because it depends on the Windows Authentication...-- On the other hand, I've got no user (not even mine!) listed in the user list...so I cannot add anything to any role I'm trying to define..Why I cann't see my user, the one I use to log in to this machine, wher...

Software [In]Security: Twitter Security
Making Your Thoughts as Small and Incomplete as Possible Just for the record, I don't use Twitter. But if this column were a Twitter entry, it might read something like: http://www.informit.com/articles/article.aspx?p=1350268&cid=nl_DR_DAILY_T -- "If U know neither the enemy nor yourself,U will succumb in every battle" ...

Open software, secure software
Monday, 1 March 2004, 1:51 PM CET Fifty-plus years ago Grace Hopper used her experiences with programming the UNIVAC with FLOW-MATIC (an open-source project) to write her first compiler paper and the modern era of computing programming began. Some would also say that things haven't improved much since her day. Indeed, the National Institute of Standards and Technology (NIST) estimated that in 2001 $59.5 billion annually, about 0.6 percent of the gross domestic product was being lost because of software bugs. The Sustainable Computing Consortium (SCC), an academic, gove...

Newbie Needs Help: Trying to understand wireless network security
I have been reading posts and websites and I feel like I'm getting bits and pieces of the story. I'm trying to understand security over a wireless network. I have read a few people saying that they are confident that they have a secure wireless network. I was wondering if there is a good resource for beginners who would like to set up a secure network. I understand up to using WPA, that disabling SSID doesn't really make a difference and that's about it. I want to also know if one sets up a home network system, will the transmission between the desktop and ...

Is security software becoming a security risk?
"Due to bugs in antivirus software, the security suite becomes a risk by itself, and adding multiple pieces of security software makes the problem worse, not better "... <http://www.infoworld.com/article/07/11/21/Is-security-software-becoming-a-security-risk_1.html> or http://preview.tinyurl.com/2nkk9r -- js http://justheadlines.exofire.net john s. smith wrote: > "Due to bugs in antivirus software, the security suite becomes a risk > by itself, and adding multiple pieces of security software makes the > problem worse, not better "... > ...

Security software to secure USB flash drives?
Hello, does anyone know of some software (preferably freeware that would password protect access to a USB flash drive?) Currentlty the drive I have is open wide as soon as it is plugged in. Any help would be appreciated. Paul -- Calculating in binary code is as easy as 01,10,11. Paul Jackson wrote: > Hello, > > does anyone know of some software (preferably freeware that would > password protect access to a USB flash drive?) > > Currentlty the drive I have is open wide as soon as it is plugged in. > > Any help would be appreciated. >...

F-Secure Readies Security Software For Linux
F-Secure Corp. on Tuesday unveiled security software for open-source Samba file servers and Linux, addressing a need that's growing within the enterprise market. The Finnish company announced the availability of antivirus software for Samba that automatically detects and removes viruses from files stored on the server. The new product is meant to protect all Samba-attached computers from malicious code that could enter the network from a Windows or Linux machine. Next month, F-Secure plans to ship a Linux version of F-Secure Policy Manager, which will extend centrally managed ...

Book Review: Software Security
I'm jealous. No seriously. If Cigital is actually ran as depicted in the book Software Security - Building Security In, I have to give kudos to Gary and the gang for making an impressive environment for software security. I'm a fan of Gary's writing. If you are a regular reader, you know I loved both his books on Building Secure Software and Exploiting Software. This latest book is, in my mind at least, a balancing act between the two previous books on the topic. Gary calls it the "Ying and Yang". Which makes total sense, since the book cover is of exactly that, ...

What do security guards and computer security software have in common???
http://www.securitynewsportal.com/article.php?sid=920&mode=thread&order=0 -- Regard: Joh@nnes� 1216771 Ont.Inc. "Nothing is more damaging to a new truth than an old error" ...

trying and trying
Name: otto de koningh Email: ottodotdedotkoninghatskynetdotbe Product: Firefox Release Candidate Summary: trying and trying Comments: what a weird robot !! please refrain from using these horrendous figures i like the motorcycle though shown on the add-ons page i am having trouble because there is an unknown dump on firefox - never encountered this ! your browser is otherwise top of the bill !! from Firefox Setup 1.5.0.3 onwards in May 2006 Firefox has become a true companion ! now with Firefox Setup 3.0 RC1 i have error reports ! how come ? Browser Details: Mozilla/5.0 (...

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

Try this software
Name: Bambang Rudiyanto Email: roediekbrdatyahoodotcom Product: Firefox Summary: Try this software Comments: I'm very thank you for try this Software Browser and i think The Mozila Fire Fox is The Best Browser Software,Good Luck Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

security software
Name: Roland Hanke Email: roland_h5atmywaydotcom Product: Firefox Summary: security software Comments: Have you ever thought about doing security software? I would have more confidence in it than most of what is out there. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

Web resources about - Trying to understand... - grc.security.software

Resonate Social For Facebook Helps Advertisers Understand Users’ Motivations
Why do Facebook users make the decisions they make? Resonate wants to help advertisers find out, so the digital marketing outfit launched Resonate ...

Facebook PMD Gigya releases Consumer Insights to better understand user identities
... allows marketers to easily query Gigya’s Identity Storage database and tie identity information with key performance indicators to understand ...

Genius — Search and understand the meaning of song lyrics, poetry, literature, and news on the App Store ...
Get Genius — Search and understand the meaning of song lyrics, poetry, literature, and news on the App Store. See screenshots and ratings, and ...

All sizes - Most people do not listen with the intent to understand; they listen with the intent to reply ...
Flickr is almost certainly the best online photo management and sharing application in the world. Show off your favorite photos and videos to ...

"Understands" - YouTube
If Mitt Romney wins, the middle class loses. (Priorities USA Action is responsible for the content of this advertising)

Scientists continue search to understand Mers
The Mers coronavirus continues to confound scientists. To better understand the disease and determine where it comes from, a new project set ...

Explainer Video of the Day: Author John Green Helps You Understand Boko Haram
... in the news, but the situation in Nigeria with the Islamist terrorist group Boko Haram often gets overlooked and can be difficult to understand. ...



Businesses don't understand FTAs, so how will they deal with the TPP?
The government is keen to negotiate free trade agreements to bolster economic activity, but new research shows it has its work cut out to educate ...

Resources last updated: 12/11/2015 1:16:42 PM