Incessant firewall alerts!

[Dugg80]

Incessant firewall alerts!

Hello all

I hope you can help me with my problem as I am going nuts! the firewall is
picking a lot of 'Alerts!' with the
below information (had to remove IPs - 'attackers' and our public IP)

SOURCE PORT DESTINATION PORT
11646 Unassigned 5138 Unassigned
11653 Unassigned 4344 VinaInstall
13373 Unassigned 5616 Unassigned
13378 Unassigned 7520 Unassigned
53644 PRIVATE 5276 Unassigned
15726 Unassigned 6306 Unassigned
64567 PRIVATE 4412 Unassigned
1791 EA1 7552 Unassigned
2424 KOFAX-SVR 5374 Unassigned
2433 codasrv-se 5742 IDA Discover Port 2
58605 PRIVATE 6090 Unassigned

The source port on the left, is being reported in the same event with the
destination port on the right...

Can anyone tell me what is this about?? is this some sort of hacking or
simply port scans?

Thanks a lot

 

[squirltok]

Incessant firewall alerts!

Hello all

I hope you can help me with my problem as I am going nuts! the firewall is
picking a lot of 'Alerts!' with the
below information (had to remove IPs - 'attackers' and our public IP)

SOURCE PORT DESTINATION PORT
11646 Unassigned 5138 Unassigned
11653 Unassigned 4344 VinaInstall
13373 Unassigned 5616 Unassigned
13378 Unassigned 7520 Unassigned
53644 PRIVATE 5276 Unassigned
15726 Unassigned 6306 Unassigned
64567 PRIVATE 4412 Unassigned
1791 EA1 7552 Unassigned
2424 KOFAX-SVR 5374 Unassigned
2433 codasrv-se 5742 IDA Discover Port 2
58605 PRIVATE 6090 Unassigned

The source port on the left, is being reported in the same event with the
destination port on the right...

Can anyone tell me what is this about?? is this some sort of hacking or
simply port scans?

Thanks a lot

I always turn off alerts. The alerts show the firewall is working as
expected.

Keep windows up to date and with the firewall and not installing
trojans and such there should be little to nothing that is a real
threat. Try this though, having nothing connected to the internet,
like browsers, email clients etc, do netstat in a command prompt and
see if something is connected to or tryingto connect to a 'foreign'
address. Not the localhost 'foreign address' but an actual remote
address,

But seriously, even if somebody was trying to hack, it don't mean
shit. A computer here that I rarely use was connecting to a hundred
unsolicited addresses and hour, had trojans obviously trying to
download trojans. Studied what it was doing for a bit and wiped the
drive and reinstalled windows, no big deal.

Try linux for a while and come back to windows and understand the hype
windows creates about security concerns. Try pclinux as a live cd.
Install it if you like it.