Chat or Talk in the INReview Discussion Forum Chat or Talk in the INReview Discussion Forum
 
register chat members links refer search home
INReview INReview > The Scuttlebutt Lounge > Computers & Internet > Technical Support > Why is this happening?
Search this Thread:
  Print Version | Email Page | Bookmark | Subscribe to Thread
Author
Thread Post New Thread   
Gold Member
Flutterbywingz
Taking Flight

offline
Registered: Jul 2004
Local time: 10:35 PM
Location:
Posts: 2343

Why is this happening? post #1  quote:



I don't make a habit of checking my firewall's event log regularly, but I do on occasion. After checking it today, I noticed an attempted unsolicited connection to TCP port 2106. It says the port is commonly used by "ZMAP" service or program. Upon requesting further information, it was suggested that it could be hacker activity and to report it.

It is not alarming to me when I see these kinds of logs, but because, after looking at the network and registrant view I realized that I had a similar incident last year (and because I frequented the registrant's debate forum, which I guess he is part owner or founder of), I am taking this seriously. I did not report him the last time this happened, rather, I asked him privately why there was an attempted connection to one of my ports in the registered name of his personal business. He gave me a very basic answer claiming that, yes indeed, the registrant is his personal business, but that there must have been a glitch of some sort, since there was no reason why his company would be trying to access a port on my computer.

Is there something that I'm missing in all of this? Common sense indicates that there should be no reason for these attempted connections to be occurring, but I haven't wanted to cause trouble for his business by reporting him, in case, as he said, it was just a glitch.

Well, I run a business, too, and I try to secure the files on my computer, but, at this point in my business, I cannot afford to be extending the benefit of the doubt. Since my IP address is accessible to all of the administrators and moderators at that site, it really could be any of them attempting the connections.

Is this something that needs to be reported - or is there a reasonable explanation?


Old Post 05-15-2006 03:36 PM
Click here to Send Flutterbywingz a Private Message Find more posts by Flutterbywingz Add Flutterbywingz to your buddy list Click Here to Ignore Flutterbywingz REPORT this Post to a ModeratorNOMINATE this Post for Reward Points Reply w/Quote

Gold Member
Edward Teach
Blackbeard

offline
Registered: Feb 2003
Local time: 10:35 PM
Location: The Seven Seas or the Outer Banks.
Posts: 6097

post #2  quote:

Hacker attempt happen all the time, most firewalls will stop most attacks. I am happy that you are running a firewall and that is a good reason to do so.

MZAP Multicast-Scope Zone Announcement Protocol
quote:

The use of administratively-scoped IP multicast, as defined in RFC
2365 [1], allows packets to be addressed to a specific range of
multicast addresses (e.g., 239.0.0.0 to 239.255.255.255 for IPv4)
such that the packets will not cross configured administrative
boundaries, and also allows such addresses to be locally assigned and
hence are not required to be unique across administrative boundaries.
This property of logical naming both allows for address reuse, as
well as provides the capability for infrastructure services such as
address allocation, session advertisement, and service location to
use well-known addresses which are guaranteed to have local
significance within every organization.

The range of administratively-scoped addresses can be subdivided by
administrators so that multiple levels of administrative boundaries
can be simultaneously supported. As a result, a "multicast scope" is
defined as a particular range of addresses which has been given some
topological meaning.

To support such usage, a router at an administrative boundary is
configured with one or more per-interface filters, or "multicast
scope boundaries". Having such a boundary on an interface means that
it will not forward packets matching a configured range of multicast
addresses in either direction on the interface.

A specific area of the network topology which is within a boundary
for a given scope is known as a "multicast scope zone". Since the
same ranges can be reused within disjoint areas of the network, there
may be many "multicast scope zones" for any given multicast scope. A
scope zone may have zero or more textual names (in different
languages) for the scope, for human convenience. For example, if the
range 239.192/14 were assigned to span an entire corporate network,
it might be given (internally) the name "BigCo Private Scope".

Administrative scope zones may be of any size, and a particular host
may be within many administrative scope zones (for different scopes,
i.e., for non-overlapping ranges of addresses) of various sizes, as
long as scope zones that intersect topologically do not intersect in
address range.

Near as I can tell it's not something to worry about. However if you are worried about it just shut down port 2106 on your firewall.


Old Post 05-16-2006 06:24 AM
Click here to Send Edward Teach a Private Message View Edward Teach's Journal Visit Edward Teach's homepage! Find more posts by Edward Teach Add Edward Teach to your buddy list Click Here to Ignore Edward Teach REPORT this Post to a ModeratorNOMINATE this Post for Reward Points Reply w/Quote

Gold Member
Flutterbywingz
Taking Flight

offline
Registered: Jul 2004
Local time: 10:35 PM
Location:
Posts: 2343

post #3  quote:

Thanks for taking the time to reply, Ron.

I usually don't give a second thought to my firewall's event log, since I know that there are some pretty shady characters out there who attempt hackings all the time. However, since I can identify the culprit by the available network and registrant information, it took me by surprise, and I guess I'm a little disappointed, too, since I did have a tremendous amount of respect for this person's intelligence.

I have blocked that specific IP address, as well as IP addresses within the San Jose range.

Thanks again, your input is appreciated.


Old Post 05-19-2006 08:05 AM
Click here to Send Flutterbywingz a Private Message Find more posts by Flutterbywingz Add Flutterbywingz to your buddy list Click Here to Ignore Flutterbywingz REPORT this Post to a ModeratorNOMINATE this Post for Reward Points Reply w/Quote
Time: 03:35 AM Post New Thread   
  Print Version | Email Page | Bookmark | Subscribe to Thread
INReview INReview > The Scuttlebutt Lounge > Computers & Internet > Technical Support > Why is this happening?
Search this Thread:
Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is ON
Forum Policies Explained
 
Rate This Thread:

< >

Copyright ?2000 - 2018, Jelsoft Enterprises Limited
Page generated in 0.03366995 seconds (80.74% PHP - 19.26% MySQL) with 41 queries.

ADS

© 2018, INReview.com.   Popular Forums  All Forums   Web Hosting by Psyphire.
INReview.com: Back to Home