Results 1 to 5 of 5

Thread: Continuous UDP atack

Hybrid View

  1. #1
    victorbrca Guest

    Default Continuous UDP atack

    Hi all,


    I have Zone Alarm Pro 6.5.700.000.

    I have set port fowarding (16881) to use with Azureus. However, if I go to Alerts & Logs => Log Viewer and choose alert type firewall, I see that Zone Alarm is blocking a huge amount of connections. They come from different IP addresses, UDPs, all directed to port 16881. I get 2-3 blocked per second. By the way, this happens even when Azureus is turned of.

    I have deleted the port fowarding on the firewall expert zone and noticed that the log stoped.

    Can anyone help me woth this? I this normal?

    Here's a list of some of the IPs I found on the log:

    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,82.198.50.190:50528,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,24.122.63.190:6881,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,24.89.252.159:56272,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,89.80.2.43:1003,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,200.89.164.21:59775,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,84.143.107.199:53001,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,201.52.83.42:24275,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,200.104.76.83:6881,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,207.161.2.60:62369,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,87.228.189.110:40363,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,71.108.236.71:65535,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,81.224.99.86:56151,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,89.216.225.25:27873,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,83.113.166.158:1595,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,62.163.78.220:6881,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,68.4.200.192:65100,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,81.34.186.59:53000,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,86.13.97.172:56912,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,62.34.130.159:6881,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,216.158.162.88:58128,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,82.253.135.222:6881,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,84.52.190.34:5881,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,84.152.205.50:48558,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,88.122.221.178:55751,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,201.107.248.80:39120,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,84.174.243.236:52525,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,220.237.149.142:61082,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,86.193.184.33:19913,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,68.102.91.52:62570,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,84.60.46.121:29027,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:4713,80.195.19.111:6879,TCP (flags:S)
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,82.171.14.128:6881,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:4715,80.126.112.195:2665,TCP (flags:S)
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,58.169.76.105:6881,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,68.238.74.48:9000,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,172.177.244.58:46652,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:4716,85.98.110.252:55446,TCP (flags:S)
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,88.134.106.46:64237,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,88.144.40.194:49664,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,12.217.167.191:61275,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,62.150.163.236:58376,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,212.102.16.138:55251,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,59.189.205.196:6881,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,62.163.191.194:14800,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:16881,69.230.104.219:32659,UDP
    FWOUT,2006/09/10,14:13:26 -7:00 GMT,192.168.1.10:4714,24.239.166.98:6881,TCP (flags:S)
    FWOUT,2006/09/10,14:57:44 -7:00 GMT,192.168.1.10:16881,213.219.227.157:31544,UDP
    FWIN,2006/09/10,15:20:52 -7:00 GMT,84.155.163.95:14953,192.168.1.10:16881,UDP

    Thanks a lot,

    Vic

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Pro
    Software Version:6.5

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Continuous UDP atack

    Hi

    You do any P2P?
    Oldsod
    Best regards.
    oldsod

  3. #3
    victorbrca Guest

    Default Re: Continuous UDP atack

    Hi Oldsod,


    The only thing I use for file sharing is Azureus, and it's very rare when I use limewire.

    Don't think it's relevant, but I also have the following installed:

    - Logmein
    - Avast Antivirus
    - Spyware guard
    - Spyware blaster


    Thanks,


    Vic.

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Continuous UDP atack

    Hi

    I checked a couple - two were providers and one was a net server. No harm or foul yet.

    http://www.dshield.org/ipinfo.php

    http://www.dnsstuff.com/

    http://ws.arin.net/whois

    are several of the many sites to check the list of ip's. Who and what they are can be found for yourself.BTW The router should have a list of traffic- including the dropped connections.

    As for the four softs listed- logmein can be disabled when not needed and the av is okay.

    JMO:The javacool softs are really out of date in applications usage. The Pro is controlling these better then they are plus if a block list of sites is needed, then use MVPS list plus hpguru or bluetack list. Also the IE-Spyads is worthy. . As for the active X component, the properly setup IE plus the ZA Privacy and the custom setting in the ZA OS cover this as well. Again it is JMO. Even the freeware CCleaner from ccleaner.com will find and remove errant or unused activeX.

    I would suggest to definitely enhance the security with these freeware scanners. Please do this as soon as possible:

    ewdio from ewido.net ( becomes freeware after trial)
    asquared from emsisoft.com ( covers almost the same as the ewido, but does go into areas the ewdio may misss and vica versa).
    superantispyware from superantispyware.com ( good for various browser induced malware)
    ad-aware from lavasoft.de or downloads.com ( freeware and is the best scanner for adware to date)

    Plus
    online scans from bitdefender and kaspersky ( free and just use the IE6 when doing these)


    Try using something like Peer Guardian or Protowall. Both freeware, spyware free and worth the effort. Excellent block list for P2P users plus there are extensive list found at the blocklist converter aside from the additions of the user. Almost a must for this type of pc usage.

    Also check out the spywarewarrior.com for better security and reviews plus spyware removal and cleanups.



    JMO:
    I use the ZA AS, free antivirus (antivir and AOL), Nortons noscripts.exe (free), Protowall (free), ewido (paid and free), spysweeper (heavy but is quite good), System Safety Monitor (free version), CCleaner, HJT (free), Host list (free) made from MVPS, bluetack and hpGuru, and the other scanners and online scans as mentioned. Plus the router and use of limited user account.

    Last but not least the Opera and FireFox (both free of course, but no VBS or active x is used by either one and java/javascripts/cookies can be disabled) Opera has a custom 200k filter.ini for ads/gif/banners/adware.

    Oldsod

    Message Edited by Oldsod on 09-11-2006 10:36 AM
    Best regards.
    oldsod

  5. #5
    billc Guest

    Default Re: Continuous UDP atack

    In my view, I don't think you've got anything at all to worry about. These UDP packets are just trying to figure out if you are there, online and perhaps to check if your Azureus is running. Have a look at this explanation of UDP and you'll see what I mean.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •