Someone is knocking at my door
ishiii
Cold lake, AB, CA
Hi guys;
Got a strange one here. I honestly have no idea, so maybe someone can help me see the light on this.
1) The same IP has tryed to can accsess to my ftp three times tonight.
2) I cannot ping it
3) If I tracert it, I only make 7 hops then the rest is unreachable
4) Netstat-n says the same IP on port 199, and port 6000 in TIME_WAIT mode
5) I ran a portscanner on the ip (just to say hello) and ports 21, 23 ,199, 282, 513, and 6000 are open
I have zonealarm running, I know it is nothing special and it is no hardware firewall but it is better then nothing.
Is this something for me to worry about?
And why did netstat list the same IP in TIME_WAIT mode??
Any answers will be appreciated
Thanks guys
Got a strange one here. I honestly have no idea, so maybe someone can help me see the light on this.
1) The same IP has tryed to can accsess to my ftp three times tonight.
2) I cannot ping it
3) If I tracert it, I only make 7 hops then the rest is unreachable
4) Netstat-n says the same IP on port 199, and port 6000 in TIME_WAIT mode
5) I ran a portscanner on the ip (just to say hello) and ports 21, 23 ,199, 282, 513, and 6000 are open
I have zonealarm running, I know it is nothing special and it is no hardware firewall but it is better then nothing.
Is this something for me to worry about?
And why did netstat list the same IP in TIME_WAIT mode??
Any answers will be appreciated
Thanks guys
0
Comments
TIME_WAIT is nothing to worry about. It's a part of the TCP protocol where a server stays open waiting for the final packet from the remote computer acknowledging that the connection is closed. It becomes a problem when you have nothing but TIME_WAIT across the board. In that case- and it doesn't sound like it's happening here- it might be a DoS attack.
If you have a dynamic IP address, it could also be someone trying to access an FTP server at your IP that used to belong to someone else. Again, you have ZA and nothing got through so I wouldn't worry, and if you're that worried, block their IP in ZA.