Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Someone is sending packets to my PC

  1. Jun 19, 2011 #1
    I ran a scan today and found that some 1 has tried sending packets to my pc several times today, can some 1 tell me why they would be doing so?
     
  2. jcsd
  3. Jun 19, 2011 #2
    Re: Sending UDP Packet

    also found a TCP connection, what is it pls
     
  4. Jun 20, 2011 #3
    Thirty years ago the internet was a group of white collar professionals who would never have thought of doing something stupid to risk their reputation.

    Twenty years ago someone told the public about the net and everyone came running, including petty criminals, non-petty criminals and an army of people who try to think of stupid things to do to make their reputation.

    Short answer to your question, the net is like people who are going down the hall, rattling every door knob just to see if anyone has left a door unlocked.

    1: Get yourself a router with a firewall and "nat" and "state", put it between your computer and what you use to connect to the net, turn up the security enough that most net scum never gets past that but you are still able to do useful work. That should block 50-100% of the net scum, depending on whether you visit sleazy parts of the net or not. And change the admin password on that to something other than the default.

    2: Get yourself a good internet security package that includes a software firewall, keep that up to date and turn up the security enough that you are barely able to do useful work. That should block 50-100% of the net scum that managed to get past your router.
     
    Last edited: Jun 20, 2011
  5. Jun 21, 2011 #4

    Borg

    User Avatar
    Science Advisor
    Gold Member

    Re: Sending UDP Packet

    That's your internet connection. Nothing dangerous there.
     
  6. Jun 23, 2011 #5
    Both the packets and the TCP connection are your internet connection. Don't worry about it. Most internet cards maintain activity well after your stop surfing the web, it doesn't contain any important information, just stuff to maintain an idle connection and say you're still there.
     
  7. Jun 23, 2011 #6
    I peek at the log my router keeps showing blocked attempts for the last 24 hours.
    Note: You can Google TCP or UDP followed by the port number to find out what doorknob they are rattling to see if it opens.

    Display time: Thu Jun 23 2011 16:54:47 GMT+0000
    <<<246 lines deleted>>>
    Thu Jun 23 2011 12:20:51 GMT+0000 Unrecognized attempt blocked from 204.176.49.11:123 to x.x.x.x UDP:60313
    Thu Jun 23 2011 12:20:51 GMT+0000 Unrecognized attempt blocked from 204.176.49.12:123 to x.x.x.x UDP:60313
    Thu Jun 23 2011 12:20:52 GMT+0000 Unrecognized attempt blocked from 204.176.49.11:123 to x.x.x.x UDP:60313
    Thu Jun 23 2011 12:20:52 GMT+0000 Unrecognized attempt blocked from 204.176.49.12:123 to x.x.x.x UDP:60313
    Thu Jun 23 2011 12:20:53 GMT+0000 Unrecognized attempt blocked from 204.176.49.11:123 to x.x.x.x UDP:60313
    Thu Jun 23 2011 12:20:53 GMT+0000 Unrecognized attempt blocked from 204.176.49.12:123 to x.x.x.x UDP:60313
    Thu Jun 23 2011 12:20:54 GMT+0000 Unrecognized attempt blocked from 204.176.49.11:123 to x.x.x.x UDP:60313
    Thu Jun 23 2011 12:20:54 GMT+0000 Unrecognized attempt blocked from 204.176.49.12:123 to x.x.x.x UDP:60313
    Thu Jun 23 2011 12:37:11 GMT+0000 Unrecognized attempt blocked from 208.115.219.10:12200 to x.x.x.x TCP:27977
    Thu Jun 23 2011 12:49:06 GMT+0000 Unrecognized attempt blocked from 216.245.196.122:12200 to x.x.x.x TCP:27977
    Thu Jun 23 2011 12:54:18 GMT+0000 Unrecognized attempt blocked from 208.115.219.10:12200 to x.x.x.x TCP:27977
    Thu Jun 23 2011 13:03:22 GMT+0000 Unrecognized attempt blocked from 61.160.222.115:6000 to x.x.x.x TCP:1433
    Thu Jun 23 2011 13:11:31 GMT+0000 Unrecognized attempt blocked from 208.115.219.10:12200 to x.x.x.x TCP:27977
    Thu Jun 23 2011 13:12:17 GMT+0000 Unrecognized attempt blocked from 76.164.195.77:6000 to x.x.x.x TCP:4899
    Thu Jun 23 2011 13:14:43 GMT+0000 Unrecognized attempt blocked from 184.168.192.30:80 to x.x.x.x TCP:33794
    Thu Jun 23 2011 13:23:37 GMT+0000 Unrecognized attempt blocked from 58.62.185.124:6000 to x.x.x.x TCP:1433
    Thu Jun 23 2011 13:28:41 GMT+0000 Unrecognized attempt blocked from 208.115.219.10:12200 to x.x.x.x TCP:27977
    Thu Jun 23 2011 13:31:51 GMT+0000 Unrecognized attempt blocked from 184.168.192.30:80 to x.x.x.x TCP:33794
    Thu Jun 23 2011 13:34:29 GMT+0000 Unrecognized attempt blocked from 188.138.88.183:42923 to x.x.x.x UDP:161
    Thu Jun 23 2011 13:45:48 GMT+0000 Unrecognized attempt blocked from 208.115.219.10:12200 to x.x.x.x TCP:27977
    Thu Jun 23 2011 14:20:31 GMT+0000 Unrecognized attempt blocked from 208.115.219.10:12200 to x.x.x.x TCP:27977
    Thu Jun 23 2011 14:25:50 GMT+0000 Unrecognized attempt blocked from 98.126.247.98:6000 to x.x.x.x TCP:3389
    Thu Jun 23 2011 14:25:56 GMT+0000 Unrecognized attempt blocked from 216.245.196.122:12200 to x.x.x.x TCP:27977
    Thu Jun 23 2011 14:29:25 GMT+0000 Unrecognized attempt blocked from 218.107.216.171:6000 to x.x.x.x TCP:1433
    Thu Jun 23 2011 14:37:43 GMT+0000 Unrecognized attempt blocked from 208.115.219.10:12200 to x.x.x.x TCP:27977
    Thu Jun 23 2011 14:44:18 GMT+0000 Unrecognized attempt blocked from 211.157.108.192:6000 to x.x.x.x TCP:3389
    Thu Jun 23 2011 14:55:00 GMT+0000 Unrecognized attempt blocked from 208.115.219.10:12200 to x.x.x.x TCP:27977
    Thu Jun 23 2011 14:58:09 GMT+0000 Unrecognized attempt blocked from 216.245.196.122:12200 to x.x.x.x TCP:27977
    Thu Jun 23 2011 15:04:38 GMT+0000 Unrecognized attempt blocked from 184.168.192.30:80 to x.x.x.x TCP:33794
    Thu Jun 23 2011 15:12:12 GMT+0000 Unrecognized attempt blocked from 208.115.219.10:12200 to x.x.x.x TCP:27977
    Thu Jun 23 2011 15:16:40 GMT+0000 Unrecognized attempt blocked from 184.168.192.30:80 to x.x.x.x TCP:33794
    Thu Jun 23 2011 15:29:42 GMT+0000 Unrecognized attempt blocked from 208.115.219.10:12200 to x.x.x.x TCP:27977
    Thu Jun 23 2011 15:30:09 GMT+0000 Unrecognized attempt blocked from 216.245.196.122:12200 to x.x.x.x TCP:27977
    Thu Jun 23 2011 15:37:41 GMT+0000 Unrecognized attempt blocked from 76.164.195.77:6000 to x.x.x.x TCP:1433
    Thu Jun 23 2011 15:43:26 GMT+0000 Unrecognized attempt blocked from 184.168.192.30:80 to x.x.x.x TCP:33794
    Thu Jun 23 2011 15:46:45 GMT+0000 Unrecognized attempt blocked from 208.115.219.10:12200 to x.x.x.x TCP:27977
    Thu Jun 23 2011 15:52:09 GMT+0000 Unrecognized attempt blocked from 202.201.152.41:31067 to x.x.x.x TCP:22
    Thu Jun 23 2011 16:04:05 GMT+0000 Unrecognized attempt blocked from 208.115.219.10:12200 to x.x.x.x TCP:27977
    Thu Jun 23 2011 16:16:08 GMT+0000 Unrecognized attempt blocked from 196.210.210.236:56998 to x.x.x.x TCP:7212
    Thu Jun 23 2011 16:17:51 GMT+0000 Unrecognized attempt blocked from 184.168.192.30:80 to x.x.x.x TCP:33794
    Thu Jun 23 2011 16:34:00 GMT+0000 Unrecognized attempt blocked from 184.168.192.30:80 to x.x.x.x TCP:33794
    Thu Jun 23 2011 16:34:39 GMT+0000 Unrecognized attempt blocked from 216.245.196.122:12200 to x.x.x.x TCP:27977
    Thu Jun 23 2011 16:38:16 GMT+0000 Unrecognized attempt blocked from 208.115.219.10:12200 to x.x.x.x TCP:27977
    Thu Jun 23 2011 16:54:29 GMT+0000 Admin from x.x.x.x login successful

    Some days there are a flood of port scans and attempted connections to see if I might be running an insecure service.
     
    Last edited: Jun 23, 2011
  8. Jun 23, 2011 #7
    well, that could pose a small security risk. someone is trying to poke at your machine, but the good news is that they're being blocked. these sorts of things aren't uncommon anymore now that the internet is so incredibly massive, so i wouldn't think it's anything personal, probably just spammers. it's probably nothing, but if you're running windows, i'd do a quick virus scan just to be safe. and if you're really worried, you can change your ip address. to do that on a dhcp connection just unplug your router for a few minutes and plug it back in.

    here's another forum with someone else who's had the same issue:
    http://forums.speedguide.net/showthread.php?196139-what-the-heck-is-all-this-on-my-logs
     
  9. Jun 23, 2011 #8
    Wasn't there a joke years ago, something about "It is the ones you don't see, those are the ones you have to worry about"? Maybe it was about mosquitoes? Perhaps relevant because it was announced yesterday that locally they have found we have a crop of mosquitoes carrying Dengue fever, West Nile virus and Encephalitis.

    I'd appreciate it if anyone could recommend an inexpensive 4 port router with a good firewall, Nat and State, onboard RS232 or VGA connector AND would use that connector to display all connections, inbound or outbound, that were not in a very small selected "ignore list."

    If I look at the last 24 hours of the firewall log, delete duplicates and only look at the port number on my end I find

    TCP:22 Dreaming they will find an open Secure Shell
    TCP:80 Dreaming I have an open Http server
    TCP:81 Hunting for an open Tor server
    TCP:443 Dreaming I have an open Https server
    UDP:646 Label Distribution Protocol?!?!
    UDP:647 DHCP failover????
    TCP:1034
    TCP:1035
    TCP:1036
    TCP:1037
    TCP:1038
    TCP:1039
    TCP:1040
    TCP:1041
    TCP:1042
    TCP:1043 ?????
    TCP:1044
    TCP:1045
    TCP:1046
    TCP:1047
    TCP:1048
    TCP:1049
    TCP:1050
    TCP:1051
    TCP:1052
    TCP:1053
    TCP:1054
    TCP:1055
    TCP:1433 Dreaming they will find a Microsoft SQL security hole
    TCP:3389 Dreaming they will find a Microsoft Terminal Server security hole
    TCP:7212 Dreaming they will find an open proxy service
    TCP:8080 Dreaming they will find an open Http service
    TCP:27977 Google finds years of people hammering this to get in
    TCP:33794 Google finds years of people hammering this to get in

    which gives a little better idea which doors they are trying to open.

    And that doesn't count the twit sending me MyDoom virus 6-8 times a day from 3 different domains in SE Asia.
     
    Last edited: Jun 23, 2011
  10. Jun 23, 2011 #9
    DoS them back. ;) lol
     
  11. Jun 23, 2011 #10
    I wouldn't want to go as far as that, but if anyone could point me to a resource that would teach me how to write half a dozen lines of code that would open port 27977 and send back a block of random bits every time I got a probe to that port I might be up for that.

    Correction to an earlier post where I said I was getting about 250 refused probes per day. It looks like the buffer only holds the last 250 and I misread the time stamp on the oldest entry. After flushing the buffer I see 250 probes just to port 27977 in the last two hours, almost all coming from China Unicom, but a few from Limestone Networks (known for hosting spam and fraud) and Chinanet.

    I wouldn't be at all surprised if probes to port 27977 were searching for bots waiting for instructions.
     
  12. Jul 18, 2011 #11
    Im not an expert, but it's like they are trying to poke your computer, poking someone does not tell you anything about them, and any modern computer will not fall over and die when someone pokes them, even if they are poking you over and over again like they are doing to you, you won't die. It's when they get a whole grid of computers to join fingers into the shape of a giant fist when you should worry. Fortunately they're probably not doing that.
     
Know someone interested in this topic? Share this thread via Reddit, Google+, Twitter, or Facebook




Similar Discussions: Someone is sending packets to my PC
Loading...