At the time of these connections there are a lot of requests to AIM and MSN's messanger services. Two computers where running one of each. These connections are probably to get the ad's and ticker news. So if the answer lies as a badly configured HTTP server farm wouldn't others be getting the same requests? (Im sure there are other users that have the same setup using AIM and MSN) Another suggestion was that my NAT wasn't blocking it as it should. If this is the case, how is the person connecting to me with 192.168.1.x address? Wouldn't it be their NAT that wasn't changing their internal IP back to their external IP? Since these last entries I have blocked all 192.168.1.x address except the ones I am using, and I distanced the IP's so they are not just 2, 3, and 4. I also haven't received any more requests. -West P. ----- Original Message ----- From: West P. <god-adminat_private> To: <incidentsat_private> Sent: Sunday, August 26, 2001 10:21 PM Subject: Weird Incoming IP's and port numbers. > I'm using @home internet cable. I have the linksys cable router + 4 port > switch. This splits the connection to 3 computers in the house. DHCP is > turned off. The Internal IPs are 192.168.1.x (2,3,4)... Over the past day > I received a couple of weird INCOMING entries in the log. > > DATE TIME SCR SCR_PORT DEST DEST_PORT > 08/25/2001 13:24:52 192.168.1.8 80 <my ip address> 3976 > 08/25/2001 19:04:42 192.168.1.16 80 <my ip address> 4319 > 08/25/2001 23:25:38 192.168.1.9 80 <my ip address> 4450 > > How is it possible that these are coming into the router from the outside? > Is this an error on the router? Do any of these ports seem familiar. > > Extra note: When I tried to make a connection with these ports from within > my network it refused the connection and didn't put it in the incoming or > outgoing log. > > Is there an explanation for this? > > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 29 2001 - 08:15:39 PDT