Ok all, I'm new here so I'll try to be thorough and give as much info as I can. My roomate recently bought a computer, about 2 months ago, and he "contracted" some trojans.. 17 of em... through an "unknown" way.. porn sites. So I took his PC off the network because we were getting DOS attacked. I thought it would help.
I've recently been checking the network and we still get DOS attacked and now LAN accessed from remote... I figured "Ok I must have accidentally turned on remote access". I didn't. Not on the router or in xp.
My firewalls are active.. the router is secure and MAC filtered. I called comcast about it and they referred to me to Netgear support. After being on hold for a half an hour they took me through this process of restarting my router over and over. The support guy tried to Remote access it and couldn't, after all the steps, he was trying to check the logs. He told me to reset it to factory settings and call back. Great! Another half-hour and I'm on the phone with another guy telling me it's impossible to remote access my router because it's secure and he can't access it. Even though the logs state every 6 seconds a new Ip is accessing my PC's IP. So i hang up.
These ip's are from all over the world, and they always access the same port, which is 58315. I've tried looking up some ways to block specific ports with xp.. but no luck.. the only ones i could find are for Sp 2. I've tried using Ipsec.. http://support.microsoft.com/kb/813878 ..How to block specific network protocols and ports by using IPSec. I cannot get netdiag to install from my burned xp cd. Anyone have any ideas on how to block this port or a free firewall program that has UDP/TCP filtering or port filtering? I'm running around in circles now.. any help would be apreciated!
We are both running XP SP3 and the router I use is a NETGEAR WNR2000, remote access is off, I have no P2P/torrent/sharing enabled.. heres my log:
[LAN access from remote] from 123.122.97.185:12932 to 192.168.1.3:58315, Wednesday, February 25,2009 21:02:06
[LAN access from remote] from 125.69.81.60:17243 to 192.168.1.3:58315, Wednesday, February 25,2009 21:02:01
[LAN access from remote] from 115.35.6.58:8732 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:56
[LAN access from remote] from 60.241.221.38:16001 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:51
[LAN access from remote] from 79.53.181.241:34234 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:46
[LAN access from remote] from 86.204.82.246:18757 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:41
[LAN access from remote] from 195.200.91.142:1274 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:36
[LAN access from remote] from 79.163.156.227:23177 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:31
[LAN access from remote] from 78.106.101.115:12412 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:27
[LAN access from remote] from 218.1.250.40:1056 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:21
[LAN access from remote] from 93.100.29.204:13551 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:16
[LAN access from remote] from 201.8.169.176:17978 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:11
[LAN access from remote] from 220.234.82.192:23591 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:06
[LAN access from remote] from 79.184.234.68:24409 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:01
[LAN access from remote] from 122.148.70.181:55550 to 192.168.1.3:58315, Wednesday, February 25,2009 21:00:56
[LAN access from remote] from 60.185.178.132:19916 to 192.168.1.3:58315, Wednesday, February 25,2009 21:00:51
It happens all day long!
I've recently been checking the network and we still get DOS attacked and now LAN accessed from remote... I figured "Ok I must have accidentally turned on remote access". I didn't. Not on the router or in xp.
My firewalls are active.. the router is secure and MAC filtered. I called comcast about it and they referred to me to Netgear support. After being on hold for a half an hour they took me through this process of restarting my router over and over. The support guy tried to Remote access it and couldn't, after all the steps, he was trying to check the logs. He told me to reset it to factory settings and call back. Great! Another half-hour and I'm on the phone with another guy telling me it's impossible to remote access my router because it's secure and he can't access it. Even though the logs state every 6 seconds a new Ip is accessing my PC's IP. So i hang up.
These ip's are from all over the world, and they always access the same port, which is 58315. I've tried looking up some ways to block specific ports with xp.. but no luck.. the only ones i could find are for Sp 2. I've tried using Ipsec.. http://support.microsoft.com/kb/813878 ..How to block specific network protocols and ports by using IPSec. I cannot get netdiag to install from my burned xp cd. Anyone have any ideas on how to block this port or a free firewall program that has UDP/TCP filtering or port filtering? I'm running around in circles now.. any help would be apreciated!
We are both running XP SP3 and the router I use is a NETGEAR WNR2000, remote access is off, I have no P2P/torrent/sharing enabled.. heres my log:
[LAN access from remote] from 123.122.97.185:12932 to 192.168.1.3:58315, Wednesday, February 25,2009 21:02:06
[LAN access from remote] from 125.69.81.60:17243 to 192.168.1.3:58315, Wednesday, February 25,2009 21:02:01
[LAN access from remote] from 115.35.6.58:8732 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:56
[LAN access from remote] from 60.241.221.38:16001 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:51
[LAN access from remote] from 79.53.181.241:34234 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:46
[LAN access from remote] from 86.204.82.246:18757 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:41
[LAN access from remote] from 195.200.91.142:1274 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:36
[LAN access from remote] from 79.163.156.227:23177 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:31
[LAN access from remote] from 78.106.101.115:12412 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:27
[LAN access from remote] from 218.1.250.40:1056 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:21
[LAN access from remote] from 93.100.29.204:13551 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:16
[LAN access from remote] from 201.8.169.176:17978 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:11
[LAN access from remote] from 220.234.82.192:23591 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:06
[LAN access from remote] from 79.184.234.68:24409 to 192.168.1.3:58315, Wednesday, February 25,2009 21:01:01
[LAN access from remote] from 122.148.70.181:55550 to 192.168.1.3:58315, Wednesday, February 25,2009 21:00:56
[LAN access from remote] from 60.185.178.132:19916 to 192.168.1.3:58315, Wednesday, February 25,2009 21:00:51
It happens all day long!
Facebook
Twitter
Instagram