port scan attacks

onehope · #1 03-30-07, 16:26

Hi there, all day today my sygate firewall has been reporting several port scan attacks from a certain ip address. I'm not sure what this means or what to do. I have done the keeping myself safe from malware steps recommended.

Thank you for your help. Here is a copy of the log:

Code:

 
3/30/2007 5:07:37 PM Application Hijacking Information Outgoing TCP sjremetrics.java.com [216.52.17.158] 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 C:\WINDOWS\system32\msiexec.exe Return of Mama Bear THELEMAYFAMILY Normal 1 3/30/2007 5:06:36 PM 3/30/2007 5:06:36 PM 
3/30/2007 5:07:22 PM Application Hijacking Information Outgoing TCP javadl.sun.com [72.5.124.92] 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 C:\Documents and Settings\Return of Mama Bear\Desktop\jre-6u1-windows-i586-p-iftw.exe Return of Mama Bear THELEMAYFAMILY Normal 1 3/30/2007 5:06:19 PM 3/30/2007 5:06:19 PM 
3/30/2007 5:05:39 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Normal 1 3/30/2007 5:04:35 PM 3/30/2007 5:04:35 PM 
3/30/2007 5:01:17 PM Application Hijacking Information Outgoing TCP javadl.sun.com [72.5.124.92] 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 C:\Documents and Settings\Return of Mama Bear\Desktop\jdk-6u1-windows-i586-p-iftw.exe Return of Mama Bear THELEMAYFAMILY Normal 1 3/30/2007 5:00:14 PM 3/30/2007 5:00:14 PM 
3/30/2007 4:39:55 PM Application Hijacking Information Outgoing TCP www.plimus.com [209.128.93.234] 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 C:\Program Files\SpywareBlaster\sbautoupdate.exe Return of Mama Bear THELEMAYFAMILY Normal 1 3/30/2007 4:38:52 PM 3/30/2007 4:38:52 PM 
3/30/2007 4:28:06 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Normal 1 3/30/2007 4:27:01 PM 3/30/2007 4:27:01 PM 
3/30/2007 3:50:51 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Block All 1 3/30/2007 3:49:50 PM 3/30/2007 3:49:50 PM 
3/30/2007 3:14:19 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Block All 1 3/30/2007 3:13:15 PM 3/30/2007 3:13:15 PM 
3/30/2007 2:36:17 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Block All 1 3/30/2007 2:35:16 PM 3/30/2007 2:35:16 PM 
3/30/2007 2:00:02 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Block All 1 3/30/2007 1:59:01 PM 3/30/2007 1:59:01 PM 
3/30/2007 1:25:04 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Block All 1 3/30/2007 1:24:02 PM 3/30/2007 1:24:02 PM 
3/30/2007 1:12:04 PM Port Scan Minor Incoming TCP 206.204.51.132 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Normal 63 3/30/2007 1:10:28 PM 3/30/2007 1:10:59 PM 
3/30/2007 1:10:19 PM Port Scan Minor Incoming TCP 206.204.51.132 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Normal 7 3/30/2007 1:09:40 PM 3/30/2007 1:09:57 PM 
3/30/2007 12:48:54 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Self Help & Business THELEMAYFAMILY Normal 1 3/30/2007 12:47:53 PM 3/30/2007 12:47:53 PM 
3/30/2007 12:12:48 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Self Help & Business THELEMAYFAMILY Normal 1 3/30/2007 12:11:45 PM 3/30/2007 12:11:45 PM 
3/30/2007 11:35:25 AM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Self Help & Business THELEMAYFAMILY Normal 1 3/30/2007 11:34:19 AM 3/30/2007 11:34:19 AM 
3/30/2007 10:57:51 AM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Self Help & Business THELEMAYFAMILY Normal 1 3/30/2007 10:56:46 AM 3/30/2007 10:56:46 AM 
3/30/2007 10:21:08 AM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Self Help & Business THELEMAYFAMILY Normal 1 3/30/2007 10:20:02 AM 3/30/2007 10:20:02 AM 
3/30/2007 9:43:27 AM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Self Help & Business THELEMAYFAMILY Normal 1 3/30/2007 9:43:09 AM 3/30/2007 9:43:09 AM

chaslang · #2 03-30-07, 21:41

Welcome to Major Geeks!

You don't need to do anything (your firewall already is) and none of those are problems anyway.

75.28.149.70 & 75.28.149.126 are IP addresses from SBC which is probably your ISP.

72.5.124.92 is Sun Microsystems and you are running an update or auto update for their software.

209.128.93.234 is from SpywareBlaster trying to autoupdate.

206.204.51.132 is for ConXioN Corporation a web hosting company. I'm not sure why this is there. Perhaps it is from something you run or is somehow related to your ISP.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Regarding Port scan attack	geneman	Malware Removal	3	11-10-05 07:26
Port Scan Attacks/Syn Attacks	mcpp66	Networking	3	04-22-05 06:33
port scan attack	wild orchid	Software	3	01-21-05 02:17
IP-Tools 2.30 and port scan	dismember	Software	2	08-13-04 23:45
Port scan of my computer	m79vest36	Software	3	11-09-03 05:58