Someone is knocking at my door

ishiiiishiii Cold lake, AB, CA
edited October 2003 in Science & Tech
Hi guys;
Got a strange one here. I honestly have no idea, so maybe someone can help me see the light on this.

1) The same IP has tryed to can accsess to my ftp three times tonight.
2) I cannot ping it
3) If I tracert it, I only make 7 hops then the rest is unreachable
4) Netstat-n says the same IP on port 199, and port 6000 in TIME_WAIT mode
5) I ran a portscanner on the ip (just to say hello) and ports 21, 23 ,199, 282, 513, and 6000 are open

I have zonealarm running, I know it is nothing special and it is no hardware firewall but it is better then nothing.
Is this something for me to worry about?
And why did netstat list the same IP in TIME_WAIT mode??

Any answers will be appreciated
Thanks guys

Comments

  • Mt_GoatMt_Goat Head Cheezy Knob Pflugerville (north of Austin) Icrontian
    edited October 2003
    The only thing I can offer is if you are running the pro version where you can specify how you want your ports to appear to the outside. I always have all my ports as stealth so they don't even appear and select the option to not be pingable. That way, even though I am in use and others may know I'm there I don't show up in scans.
  • KwitkoKwitko Sheriff of Banning (Retired) By the thing near the stuff Icrontian
    edited October 2003
    I wouldn't worry about it, it's probably some script kiddie doing port scans. Anyway, they didn't get in. ZA blocked them.

    TIME_WAIT is nothing to worry about. It's a part of the TCP protocol where a server stays open waiting for the final packet from the remote computer acknowledging that the connection is closed. It becomes a problem when you have nothing but TIME_WAIT across the board. In that case- and it doesn't sound like it's happening here- it might be a DoS attack.

    If you have a dynamic IP address, it could also be someone trying to access an FTP server at your IP that used to belong to someone else. Again, you have ZA and nothing got through so I wouldn't worry, and if you're that worried, block their IP in ZA.
Sign In or Register to comment.