Venuscat2 From United States of America, joined Sep 2000, 478 posts, RR: 2 Posted (11 years 10 months 2 weeks 3 hours ago) and read 1105 times:
I just installed Norton Personal Firewall on my computer. So far, in the ten minutes or so that I've been online, it says that there have been 93 attack attempts. Most of them come from IP addresss 18.104.22.168 , which belonges to the Internet Software Consortium in Redwood City, CA. I took a look at their website (http://www.isc.org), and it looks legitimate. Why then, am I getting hacking attempts from this IP?
Bobrayner From United Kingdom, joined Apr 2003, 2227 posts, RR: 6
Reply 1, posted (11 years 10 months 2 weeks 3 hours ago) and read 1099 times:
1. Norton might be assuming that something is hostile, when it isn't;
2. Somebody might be spoofing the source address.
22.214.171.124 resolves to kechara.sorcery.net.
If this is hostile traffic, and really from that address, it's probably from some random geek with a shell account on that machine - not necessarily from the owner.
Staffan From , joined Dec 1969, posts, RR:
Reply 3, posted (11 years 10 months 2 weeks 1 hour ago) and read 1071 times:
What you should be looking for is port scanning, ie, the same IP trying to connect to your computer through many different ports. If it's the same port every time, in many cases you can find out what kind of activity it is.
Venuscat2 From United States of America, joined Sep 2000, 478 posts, RR: 2
Reply 4, posted (11 years 10 months 1 week 5 days 22 hours ago) and read 1038 times:
1. What is a log
2. I am using Windows 98 on that machine
3. It said that there were like 30 attack attempts every time I tried to log into sorcery (the IRC server). I'm not sure, however, how to determine what port(s) it was trying.
I also had on another machine (running windows XP) an alert saying that an IP address belonging to AOL tried to attack the computer when I dialed into Compuserve. (Seeing as Compuserve is an AOL company, I think there might be some kind of relationship with the fact that I was connecting to Compuserve). I haven't gotten that alert any other time I connected to Compuserve, though.