port scan attacks

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by onehope, Mar 30, 2007.

  1. onehope

    onehope Private E-2

    Hi there, all day today my sygate firewall has been reporting several port scan attacks from a certain ip address. I'm not sure what this means or what to do. I have done the keeping myself safe from malware steps recommended.

    Thank you for your help. Here is a copy of the log:

    Code:
     
    3/30/2007 5:07:37 PM Application Hijacking Information Outgoing TCP sjremetrics.java.com [216.52.17.158] 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 C:\WINDOWS\system32\msiexec.exe Return of Mama Bear THELEMAYFAMILY Normal 1 3/30/2007 5:06:36 PM 3/30/2007 5:06:36 PM 
    3/30/2007 5:07:22 PM Application Hijacking Information Outgoing TCP javadl.sun.com [72.5.124.92] 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 C:\Documents and Settings\Return of Mama Bear\Desktop\jre-6u1-windows-i586-p-iftw.exe Return of Mama Bear THELEMAYFAMILY Normal 1 3/30/2007 5:06:19 PM 3/30/2007 5:06:19 PM 
    3/30/2007 5:05:39 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Normal 1 3/30/2007 5:04:35 PM 3/30/2007 5:04:35 PM 
    3/30/2007 5:01:17 PM Application Hijacking Information Outgoing TCP javadl.sun.com [72.5.124.92] 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 C:\Documents and Settings\Return of Mama Bear\Desktop\jdk-6u1-windows-i586-p-iftw.exe Return of Mama Bear THELEMAYFAMILY Normal 1 3/30/2007 5:00:14 PM 3/30/2007 5:00:14 PM 
    3/30/2007 4:39:55 PM Application Hijacking Information Outgoing TCP [URL="http://www.plimus.com/"]www.plimus.com[/URL] [209.128.93.234] 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 C:\Program Files\SpywareBlaster\sbautoupdate.exe Return of Mama Bear THELEMAYFAMILY Normal 1 3/30/2007 4:38:52 PM 3/30/2007 4:38:52 PM 
    3/30/2007 4:28:06 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Normal 1 3/30/2007 4:27:01 PM 3/30/2007 4:27:01 PM 
    3/30/2007 3:50:51 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Block All 1 3/30/2007 3:49:50 PM 3/30/2007 3:49:50 PM 
    3/30/2007 3:14:19 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Block All 1 3/30/2007 3:13:15 PM 3/30/2007 3:13:15 PM 
    3/30/2007 2:36:17 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Block All 1 3/30/2007 2:35:16 PM 3/30/2007 2:35:16 PM 
    3/30/2007 2:00:02 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Block All 1 3/30/2007 1:59:01 PM 3/30/2007 1:59:01 PM 
    3/30/2007 1:25:04 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Block All 1 3/30/2007 1:24:02 PM 3/30/2007 1:24:02 PM 
    3/30/2007 1:12:04 PM Port Scan Minor Incoming TCP 206.204.51.132 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Normal 63 3/30/2007 1:10:28 PM 3/30/2007 1:10:59 PM 
    3/30/2007 1:10:19 PM Port Scan Minor Incoming TCP 206.204.51.132 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Normal 7 3/30/2007 1:09:40 PM 3/30/2007 1:09:57 PM 
    3/30/2007 12:48:54 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Self Help & Business THELEMAYFAMILY Normal 1 3/30/2007 12:47:53 PM 3/30/2007 12:47:53 PM 
    3/30/2007 12:12:48 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Self Help & Business THELEMAYFAMILY Normal 1 3/30/2007 12:11:45 PM 3/30/2007 12:11:45 PM 
    3/30/2007 11:35:25 AM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Self Help & Business THELEMAYFAMILY Normal 1 3/30/2007 11:34:19 AM 3/30/2007 11:34:19 AM 
    3/30/2007 10:57:51 AM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Self Help & Business THELEMAYFAMILY Normal 1 3/30/2007 10:56:46 AM 3/30/2007 10:56:46 AM 
    3/30/2007 10:21:08 AM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Self Help & Business THELEMAYFAMILY Normal 1 3/30/2007 10:20:02 AM 3/30/2007 10:20:02 AM 
    3/30/2007 9:43:27 AM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Self Help & Business THELEMAYFAMILY Normal 1 3/30/2007 9:43:09 AM 3/30/2007 9:43:09 AM
    
     
    Last edited by a moderator: Mar 30, 2007
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You don't need to do anything (your firewall already is) and none of those are problems anyway.

    75.28.149.70 & 75.28.149.126 are IP addresses from SBC which is probably your ISP.

    72.5.124.92 is Sun Microsystems and you are running an update or auto update for their software.

    209.128.93.234 is from SpywareBlaster trying to autoupdate.

    206.204.51.132 is for ConXioN Corporation a web hosting company. I'm not sure why this is there. Perhaps it is from something you run or is somehow related to your ISP.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds