Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Incoming connections from "anyware"

  1. #1
    alstewart Guest

    Default Incoming connections from "anyware"

    Every hour ZA logs multiple incoming attempts to connect from ns2.anywarenetworks.com and anyware-2.border5.sef.pnap.net. Does anyone have any ideas what these might be, and the purpose of the attempt to connect? I have them blocked, everything seems to run okay ... but I'm wondering about the purpose of these incoming connection attempts.

    Al

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm (Free)
    Software Version:6.5

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Incoming connections from "anyware"

    http://www.checkdomain.com/cgi-bin/c...5.sef.pnap.net


    http://ws.arin.net/cgi-bin/whois.pl?...08.114.176.248



    http://www.checkdomain.com/cgi-bin/c...renetworks.com

    It maybe spam or is maybe a hacker. Did you just get a new IP address? Either a router will block all intrusions and make the inbound control for the ZA easier. Please make sure there is no malware- in adition to your scanners try a free online scanner such as bitdefender.com or kaspersky labs and ewido.net (highly recommended).

    Oldsod
    Best regards.
    oldsod

  3. #3
    alstewart Guest

    Default Re: Incoming connections from "anyware"

    The computers are clean. And this has been going on for months. ... All trying to connect to svchost.exe apparently.

    Al

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Incoming connections from "anyware"

    Hi

    Your DNS servers are allowed to contact the svchost.exe. Others are not appreciated!

    Is the Generic Host set as allowed for the Trusted and Internet Access, allowed for the Server rights for the Trusted and denied (red X) for the Internet Server?

    Do you use a IM?

    Do you have all of the Windows patches and updates?

    Do a good going over the Services in the Windows, may fix this issue. Many are using svchost.exe in various forms and disabling the unwanted or unneeded Services may eliminate the problem entirely. A good help reference for the disabling Services are the Services section in the eldergeek.com site or google blackviper list.

    Check for a possibility of a malware, again. Try the freeware download/install from ASquared from emsisoft.com.It is a manual update sodt with no running processes when not used- very nice free scanner. I would also consider contacting or reading up on some security forums for additional info- something like the spywarewarrior.com since it has a good forum for all sorts of problems.

    Still the low-priced home router with SPI/NAT will block all of these intrusions and every other type of conceived intrusions. Maybe consider this for a good solid hardware protection.

    Oldsod

    Message Edited by Oldsod on 08-29-2006 09:51 PM

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Anti-Spyware
    Software Version:6.1
    Best regards.
    oldsod

  5. #5
    alstewart Guest

    Default Re: Incoming connections from "anyware"

    Yes .. to Generic Host.

    Yes ... Windows messenger ... occaisionally .. not regularly

    Yes ... all patches & updates.

    Okay ... I'll give that a try on scanning.

    Al

  6. #6
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Incoming connections from "anyware"

    LOL you beat me to the edited post. please recheck it for the Services mentioning.

    BTW what is the port concerned about the intrusions? They would appear as :x after the IP. such as 10.0.0.1:80

    Oldsod

    Message Edited by Oldsod on 08-29-2006 10:00 PM

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Anti-Spyware
    Software Version:6.1
    Best regards.
    oldsod

  7. #7
    alstewart Guest

    Default Re: Incoming connections from "anyware"

    I'll check out your other post later.

    The port is :53

    My router is DLINK DI-704P

    I'll do some more prowling and checking and scanning in the morning.

    Al

  8. #8
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Incoming connections from "anyware"

    Hi go to grc.com and do the ShieldsUp port scan. This will of course do the scan of your router not the PC since it is the first in line before the PC ( unless there is NAT in the modem to interfer). Let see what is really closed and stealthed. Also when there do the port scan for the port 53 specifically.

    Also is there any ports forwarded in the router? Is the router's firmware up to date?

    The DHCP is enabled in the router? Then add the router address into the Zones of the ZA and list as trusted.

    Oldsod
    Best regards.
    oldsod

  9. #9
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Incoming connections from "anyware"

    Also are the DNS servers listed in the router as such? And is there site blocking in this version of DLink router?

    Oldsod
    Best regards.
    oldsod

  10. #10
    alstewart Guest

    Default Re: Incoming connections from "anyware"

    I looked at eldergeek.com ... and it seems to be nothing but links all over the place for all kinds of things. For example boot.ini comes up with Western Boots, bargain boots etc. I'll check out the other suggestion.

    ASquared shows nothing on board that is not supposed to be there.

    I also have an inquiry in to the ISP (xplornet satellite broadband) to see if these addresses have any connection with them ... but no response yet.

    Al

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •