Blocked access

Started by globby, Sep 22, 2006, 16:45:36

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

globby

Sep 22, 2006, 16:45:36
My Zone Alarm firewall tells me that in an 24 hour period there has been over 3,000 attempts to gain access to my computer.

This has been happening every day for a couple of weeks now.

Typical example:

Description      Packet sent from 212.69.63.45 to 224.0.0.13 (IP Protocol 103) was blocked
Rating           Medium
Date / Time      2006/09/22 07:51:04+1:00 GMT
Type             Firewall
Protocol         IP Protocol 103
Program         
Source IP        212.69.63.45
Destination IP   224.0.0.13
Direction        Incoming
Action Taken     Blocked
Count            16
Source DNS       telehouse-bb-gw1-vpdn.idnet.net
Destination DNS  PIM-ROUTERS.MCAST.NET



Could anybody tell me whats going on as the destination DNS seems to be somewhere in the USA.

Why am I being re-routed throught the USA, is this normal?

What is IP Protocol 103

Is it normal? and if so why has it only just started happening when I've been with IDNET since March.

I'm worried my line has been hijacked and someone is watching / listeng in to gain some info however Virus and Trojan scans all come back clear.

Thanks,

p.s

paranoia is setting in

Simon_idnet

#1
Sep 22, 2006, 16:52:00
Hi Globby

It is multicast traffic. Our server 212.69.63.45 is configured to forward multicast traffic, all of which has a destination IP address of 224.0.0.x

Nothing nefarious to worry about.
Simon

jimmy231

#2
Sep 29, 2006, 18:39:53 Last Edit: Sep 29, 2006, 18:50:20 by jimmy231
New user - noticed this myself.

Never had this issue with any previous ISP. What is multicasting? What is the benefit of it? Is it secure?

More concerning is an issue I noticed in my logs of originating traffic that is not either my IP nor the server (but all in the IDnet range of IPs) trying to contact other addresses not in the range that simon mentioned.

From looking at it it appears that certain other IDnet IP's traffic passes through or at least is at parts logged by my own computer - this is very worrying as I would hate to think other users could see my traffic in the same way. Is this part of muti casting too?

I wont give either my nor the other logged IP's for privacy at this time, but will if this issue requires deeper examination

I am naturally concerned over the security issues this poses and have scanned my computer for trojans and the like but come up empty.

Is this normal? or should I be worried?

Jimmy231
Print
Go Up Pages1
User actions