MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 03-30-07, 16:26
onehope onehope is offline
Private E-2
 
Join Date: Nov 2006
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default port scan attacks

Hi there, all day today my sygate firewall has been reporting several port scan attacks from a certain ip address. I'm not sure what this means or what to do. I have done the keeping myself safe from malware steps recommended.

Thank you for your help. Here is a copy of the log:

Code:
 
3/30/2007 5:07:37 PM Application Hijacking Information Outgoing TCP sjremetrics.java.com [216.52.17.158] 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 C:\WINDOWS\system32\msiexec.exe Return of Mama Bear THELEMAYFAMILY Normal 1 3/30/2007 5:06:36 PM 3/30/2007 5:06:36 PM 
3/30/2007 5:07:22 PM Application Hijacking Information Outgoing TCP javadl.sun.com [72.5.124.92] 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 C:\Documents and Settings\Return of Mama Bear\Desktop\jre-6u1-windows-i586-p-iftw.exe Return of Mama Bear THELEMAYFAMILY Normal 1 3/30/2007 5:06:19 PM 3/30/2007 5:06:19 PM 
3/30/2007 5:05:39 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Normal 1 3/30/2007 5:04:35 PM 3/30/2007 5:04:35 PM 
3/30/2007 5:01:17 PM Application Hijacking Information Outgoing TCP javadl.sun.com [72.5.124.92] 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 C:\Documents and Settings\Return of Mama Bear\Desktop\jdk-6u1-windows-i586-p-iftw.exe Return of Mama Bear THELEMAYFAMILY Normal 1 3/30/2007 5:00:14 PM 3/30/2007 5:00:14 PM 
3/30/2007 4:39:55 PM Application Hijacking Information Outgoing TCP www.plimus.com [209.128.93.234] 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 C:\Program Files\SpywareBlaster\sbautoupdate.exe Return of Mama Bear THELEMAYFAMILY Normal 1 3/30/2007 4:38:52 PM 3/30/2007 4:38:52 PM 
3/30/2007 4:28:06 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Normal 1 3/30/2007 4:27:01 PM 3/30/2007 4:27:01 PM 
3/30/2007 3:50:51 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Block All 1 3/30/2007 3:49:50 PM 3/30/2007 3:49:50 PM 
3/30/2007 3:14:19 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Block All 1 3/30/2007 3:13:15 PM 3/30/2007 3:13:15 PM 
3/30/2007 2:36:17 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Block All 1 3/30/2007 2:35:16 PM 3/30/2007 2:35:16 PM 
3/30/2007 2:00:02 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Block All 1 3/30/2007 1:59:01 PM 3/30/2007 1:59:01 PM 
3/30/2007 1:25:04 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Block All 1 3/30/2007 1:24:02 PM 3/30/2007 1:24:02 PM 
3/30/2007 1:12:04 PM Port Scan Minor Incoming TCP 206.204.51.132 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Normal 63 3/30/2007 1:10:28 PM 3/30/2007 1:10:59 PM 
3/30/2007 1:10:19 PM Port Scan Minor Incoming TCP 206.204.51.132 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Return of Mama Bear THELEMAYFAMILY Normal 7 3/30/2007 1:09:40 PM 3/30/2007 1:09:57 PM 
3/30/2007 12:48:54 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Self Help & Business THELEMAYFAMILY Normal 1 3/30/2007 12:47:53 PM 3/30/2007 12:47:53 PM 
3/30/2007 12:12:48 PM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Self Help & Business THELEMAYFAMILY Normal 1 3/30/2007 12:11:45 PM 3/30/2007 12:11:45 PM 
3/30/2007 11:35:25 AM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Self Help & Business THELEMAYFAMILY Normal 1 3/30/2007 11:34:19 AM 3/30/2007 11:34:19 AM 
3/30/2007 10:57:51 AM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Self Help & Business THELEMAYFAMILY Normal 1 3/30/2007 10:56:46 AM 3/30/2007 10:56:46 AM 
3/30/2007 10:21:08 AM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Self Help & Business THELEMAYFAMILY Normal 1 3/30/2007 10:20:02 AM 3/30/2007 10:20:02 AM 
3/30/2007 9:43:27 AM Port Scan Minor Incoming UDP 75.28.149.70 00-13-A3-A4-05-F8 75.28.149.126 00-11-11-5A-64-E1 Self Help & Business THELEMAYFAMILY Normal 1 3/30/2007 9:43:09 AM 3/30/2007 9:43:09 AM

Last edited by chaslang; 03-30-07 at 21:32..
Reply With Quote
Sponsored links
  #2  
Old 03-30-07, 21:41
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 79,717
Thanks: 61
Thanked 7,420 Times in 3,971 Posts
Default Re: port scan attacks

Welcome to Major Geeks!

You don't need to do anything (your firewall already is) and none of those are problems anyway.

75.28.149.70 & 75.28.149.126 are IP addresses from SBC which is probably your ISP.

72.5.124.92 is Sun Microsystems and you are running an update or auto update for their software.

209.128.93.234 is from SpywareBlaster trying to autoupdate.

206.204.51.132 is for ConXioN Corporation a web hosting company. I'm not sure why this is there. Perhaps it is from something you run or is somehow related to your ISP.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Regarding Port scan attack geneman Malware Removal 3 11-10-05 07:26
Port Scan Attacks/Syn Attacks mcpp66 Hardware 3 04-22-05 06:33
port scan attack wild orchid Software 3 01-21-05 02:17
IP-Tools 2.30 and port scan dismember Software 2 08-13-04 23:45
Port scan of my computer m79vest36 Software 3 11-09-03 05:58


All times are GMT -5. The time now is 08:23.


MajorGeeks.Com Home Page
| Admin Tools | All In One | Anti-Spyware | Anti-Virus | Appearance | Backup | Benchmarking | BIOS | Browsers | Covert Ops |
Data Recovery | Diagnostics | Drive Cleaners | Drive Utilities | Drivers | Driver Tools Ergonomics | Firewalls | Games | Game Tweaks | Graphics | Input Devices | Internet Tools | Macintosh | Mail Utilities | Memory | Messaging | Monitoring | Microsoft | Multimedia | Networking | Office Tools | Process Management | Processor | Registry | Security | System Info | Toys | Video | Miscellaneous
|
Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger