Inbound TCP communication in Recent History

Bowwie · ‎11-27-2008

Why Am`I getting these from an IP in China ?

They seem to be very consistent.

21/10/2009 9:27 AM,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 123.134.95.199, local service Port (8085) .",Detected,No Action Required,Firewall - Activities
21/10/2009 9:27 AM,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 123.134.95.199, local service Port (9090) .",Detected,No Action Required,Firewall - Activities
21/10/2009 9:27 AM,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 123.134.95.199, local service Port (8118) .",Detected,No Action Required,Firewall - Activities
21/10/2009 9:27 AM,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 123.134.95.199, local service Port (8000)

Computer #1 - Windows 7 Home Premium 64-bit SP1 IE10 NIS Version: 20.3.1.22 Malwarebytes`Anti-Malware - free (on demand) SAS - free (on demand)

Computer #2 - Windows XP Home SP3 IE8 NIS Version: 20.3.1.22 Malwarebytes`Anti-Malware - free (on demand)

Computer #3 - Windows 7 Home Premium 64-bit SP1 IE10 NIS Version: 20.3.1.22 Malwarebytes`Anti-Malware - free (on demand) SAS - free (on demand)

mdturner · ‎04-11-2008

Bowwie wrote:
Why Am`I getting these from an IP in China ?
They seem to be very consistent.

21/10/2009 9:27 AM,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 123.134.95.199, local service Port (8085) .",Detected,No Action Required,Firewall - Activities
21/10/2009 9:27 AM,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 123.134.95.199, local service Port (9090) .",Detected,No Action Required,Firewall - Activities
21/10/2009 9:27 AM,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 123.134.95.199, local service Port (8118) .",Detected,No Action Required,Firewall - Activities
21/10/2009 9:27 AM,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 123.134.95.199, local service Port (8000)

It is because that IP address is trying to connect on an unsolicited basis with your machine so Norton is blocking it and telling you it did so.

The best way to deal with it is to look up the owner of the IP address and email the abuse team at the ISP to let them know this is happening.

[edit: Please do not post email addresses per the Participation Guidelines and Terms of Service.]

Message Edited by shannons on 10-21-2009 09:17 AM

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone

Bowwie · ‎11-27-2008

G`day: mdturner

I, e-mailed the abuse team, and have not heard back .

This is very annoying and makes me very nervous as too their intent.

Is there anything else that can be done on my behalf ?

123.134.95.199

Usually (4) attempts in a second on any ports.

What will happen if NIS2010 does not block them ?

Computer #1 - Windows 7 Home Premium 64-bit SP1 IE10 NIS Version: 20.3.1.22 Malwarebytes`Anti-Malware - free (on demand) SAS - free (on demand)

Computer #2 - Windows XP Home SP3 IE8 NIS Version: 20.3.1.22 Malwarebytes`Anti-Malware - free (on demand)

Computer #3 - Windows 7 Home Premium 64-bit SP1 IE10 NIS Version: 20.3.1.22 Malwarebytes`Anti-Malware - free (on demand) SAS - free (on demand)

metalhead82 · ‎08-06-2009

Just looks like a port scan to me.

NIS will block the probes, they are just probing for open services that they can exploit, most probably running a port scan of the entire class C network to see what they can find to hack.

Looking at the Whois, the IP belongs to China Unicom Shandong Province Network, so don't expect any reply from them.

Do you have the NIS firewall set on the default settings with port stealthing turned on? If so, don't worry about it, ignore it.

Hope that puts your mind at rest.

Cheers,

Will.

_____________________________________________________________________
Microsoft Security Essentials 1.0 - Windows 7 Ultimate x64 RTM (Build 7600)
Uninstalled NIS 2010 due to the unfixed IPS driver issue - network has never been faster!

metalhead82 · ‎08-06-2009

I've actually figured out what it is through a little bit of help from nmap and Google.

Found this here: http://www.ipillion.com/?ip=123.134.95.199&ipsubmit=by+IP

It's a server in China scanning networks for open proxies, hence the ports which are being scanned repeatedly are 8085, 9090, 8080, 8800, 8000, 3128, which are all used for proxy servers of various types.

Definitely nothing to worry about, I reaffirm what I previously said....ignore it.

_____________________________________________________________________
Microsoft Security Essentials 1.0 - Windows 7 Ultimate x64 RTM (Build 7600)
Uninstalled NIS 2010 due to the unfixed IPS driver issue - network has never been faster!

planet · ‎10-23-2008

Even if they got through, those ports would be closed. No damage could be done. Only when a service has a port open and the listening service exploitable could there be trouble.

Edit: NM

Message Edited by planet on 10-24-2009 09:15 PM

Bowwie · ‎11-27-2008

Thank`s for the info/website link

Learning is great !!

Computer #1 - Windows 7 Home Premium 64-bit SP1 IE10 NIS Version: 20.3.1.22 Malwarebytes`Anti-Malware - free (on demand) SAS - free (on demand)

Computer #2 - Windows XP Home SP3 IE8 NIS Version: 20.3.1.22 Malwarebytes`Anti-Malware - free (on demand)

Computer #3 - Windows 7 Home Premium 64-bit SP1 IE10 NIS Version: 20.3.1.22 Malwarebytes`Anti-Malware - free (on demand) SAS - free (on demand)

metalhead82 · ‎08-06-2009

Hi bowwie,

Can you please mark the post which you consider to be the most helpful solution as the solution, not your final post.

Cheers,

Will.

_____________________________________________________________________
Microsoft Security Essentials 1.0 - Windows 7 Ultimate x64 RTM (Build 7600)
Uninstalled NIS 2010 due to the unfixed IPS driver issue - network has never been faster!

Norton Internet Security / Norton AntiVirus

Inbound TCP communication in Recent History

Re: Inbound TCP communication in Recent History

Re: Inbound TCP communication in Recent History

Re: Inbound TCP communication in Recent History

Re: Inbound TCP communication in Recent History

Re: Inbound TCP communication in Recent History

Re: Inbound TCP communication in Recent History

Re: Inbound TCP communication in Recent History

Products

Services

Support