Results 1 to 4 of 4

Thread: UDP alert upon computer restart

  1. #1
    blueeyedfox Guest

    Default UDP alert upon computer restart



    What do you make of this?



    Operating System:
    Windows XP Home Edition
    Software Version:
    7.0
    Product Name:
    ZoneAlarm Internet Security Suite


    Message Edited by BlueEyedFox on 05-12-2008 08:36 PM

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: UDP alert upon computer restart

    <blockquote><hr>BlueEyedFox wrote:


    What do you make of this?



    Operating System:
    Windows XP Home Edition
    Software Version:
    7.0
    Product Name:
    ZoneAlarm Internet Security Suite


    Message Edited by BlueEyedFox on 05-12-2008 08:36 PM
    <hr></blockquote>


    208.111.128.0 - 208.111.159.255 is www.wjp.net

    Your UDP port 1747 UDP is "ftrapid-2" as found in the IANA Port Numbers listing.

    http://en.wikipedia.org/wiki/Limelight_Networks

    Figure out yet if you used this network?

    <hr>How to get to the URL of an IP. You should try these yourself, as it is a great method of "tracing an IP to the URL"....

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\SKYRIDER>nslookup 208.111.133.84
    Server: resolver1.opendns.com
    Address: 208.67.222.222

    *** resolver1.opendns.com can't find 208.111.133.84: Non-existent domain

    C:\Documents and Settings\SKYRIDER>ping 208.111.133.84

    Pinging 208.111.133.84 with 32 bytes of data:

    Reply from 208.111.133.84: bytes=32 time=41ms TTL=119
    Reply from 208.111.133.84: bytes=32 time=42ms TTL=119
    Reply from 208.111.133.84: bytes=32 time=42ms TTL=119
    Reply from 208.111.133.84: bytes=32 time=44ms TTL=119

    Ping statistics for 208.111.133.84:
    Packets: Sent = 4, Received = 4, Lost = 0 (0&#37; loss),
    Approximate round trip times in milli-seconds:
    Minimum = 41ms, Maximum = 44ms, Average = 42ms

    C:\Documents and Settings\SKYRIDER>tracert 208.111.133.84

    Tracing route to 208.111.133.84 over a maximum of 30 hops

    1 <1 ms <1 ms <1 ms 192.168.0.1
    2 <1 ms <1 ms <1 ms 192.168.0.1
    3 <1 ms <1 ms <1 ms 192.168.0.1
    4 * * * Request timed out.
    5 6 ms 15 ms 7 ms gw10.wlfdle.rnc.net.cable.rogers.com [66.185.91.
    65]
    6 7 ms 9 ms 8 ms gw01.hnsn.phub.net.cable.rogers.com [66.185.80.2
    1]
    7 8 ms 8 ms 8 ms so-4-1-2.gw02.mtnk.phub.net.cable.rogers.com [66
    .185.81.94]
    8 13 ms 7 ms 7 ms gw02.bloor.phub.net.cable.rogers.com [66.185.80.
    9]
    9 8 ms 9 ms 7 ms pos-4-0.igw01.front.phub.net.cable.rogers.com [6
    4.71.240.53]
    10 9 ms 11 ms 8 ms 24.153.3.210
    11 45 ms 49 ms 49 ms tge11-3.fr3.lga.llnw.net [69.28.171.194]
    12 39 ms 39 ms 48 ms ve2002.fr4.lga.llnw.net [69.28.171.202]
    13 41 ms 49 ms 48 ms tge2-3.fr4.iad.llnw.net [69.28.171.153]
    14 41 ms 41 ms 41 ms 208.111.133.84

    Trace complete.

    C:\Documents and Settings\SKYRIDER>

    <hr>Okay usually all attempts of PING. NSLOOKUP and TRACERT will be fruitful.
    BUT this is a not A WEB SITE. Instead it is a file server, because no name or dns is available.

    Since it is contacting you and allowed in your router open port. I would assume this file server has been trying to resume previously established connections.


    You should just look deeper into your own logs and see the original established connections and it's related servers. Especially when playing those online games like Eve-Online.


    Oldsod.

    Message Edited by Oldsod on 05-13-2008 04:15 AM
    Best regards.
    oldsod

  3. #3
    blueeyedfox Guest

    Default Re: UDP alert upon computer restart

    It uses Valve Corportations which uses Steam which I was just using before I restarted my computer. Problem solved. Thanks.

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: UDP alert upon computer restart

    <blockquote><hr>BlueEyedFox wrote:
    It uses Valve Corportations which uses Steam which I was just using before I restarted my computer. Problem solved. Thanks.
    <hr></blockquote>


    So very often the user who just got a firewall with detailed logging will suddenly see so many new/strange connections and ask what is going on.
    Suddenly there are unusual ports and IPs involved, new protocols that were never realised before. Not to mention the processes involved.
    For the very most part, all of these connections are very normal and have no threat issues what so ever.
    The connections were always ongoing long before the user got a notice of the connections. It is just when the user finally takes a look at the connections, the user begins to wonder exactly what is happening.

    This is especially true for users with P2P,VPN, ftp, iis, online games, online site interaction, messengers, opened ports, etc, since there is extra inbound traffic occuring at different levels.

    Checking the ports and the protocols and the IPs will aid in following/tracking these events and either conclude it is normal or an attempt.
    Most will finally conclude it is safe and there should be no worries.

    For the very most part, the average home user is not at risk from malicious attempts to gain entry of the PC. The attempts to gain entry is for the most part aimed at servers and enterprise - this is where the money and the fame is. There is no money/profit or fame from hacking some home user.

    Even users with no hardware firewall in front of the PC will see numerous dropped connections attempts at various ports and often ICMP connection attempts. A lot of this is normal internet traffic . Sometimes it is actually some ***** attempting to find open ports of a server/firewall or attempting to open the port(s). Again these attempts will fail for the home user's PC - these ports will never open since the ports often do not apply to the home user.
    A home PC even with no hardware firewall and either using just a software firewall or a nicley hardened PC will never have open ports.
    Just closed and stealthed ports status.

    The trouble is most home users have no idea as how to close all the ports of the PC and properly secure the PC. The simplest solution is either get a hardware firewall or get a software firewall. Or get both a hardware firewall and a software firewall.
    To be honest, I myself use a hardware firewall, two routers (both doing SPI/NAT) and the ZA Antispyware firewall. Plus a dedicated IP blocker (over 2.5 billion IPs blocked) and a desktop proxy web filtering (web content and more sites, etc). Seems like I got the internet connections well covered. Plus the hardware filtering of the network connection is fully used. Plus the windows is fully/properly secured and there are no open ports by default.

    Usually a hacker will just ignore the home user and move on to the green pastures of enterprise/business/governmanet networks and servers.
    How does the home user become the victim?
    What happens is the home user opens a bad email or attachment or downloads/installs some malware. Or has the PC running without updates or improperly secured. Then the home owner will get owned.
    Not because of some hacker or cracker attempts, but because the home user actually did it to themsleves. Once the home user gets owned, many things are possible. But one thing for sure - a owned PC is no longer the user's PC, but now belongs to the new remote owner.

    Oldsod.

    Message Edited by Oldsod on 05-18-2008 06:23 AM
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •