I noticed that my firewall has blocked 195 access attempts to multiple ports from HTF (216.66.21.97) in the last two days. Anyone know what's going on?? Thanks
Kevin, Here's some, but not all of the log, with my IP removed. The sending port was 80 for all the events, with the destination ports all in the 28** range. I don't recall if I was on the site when they occurred, but I haven't had any trouble accessing HTF.
Could be just junkies out there pinging your IP looking for vulnerbilities to hack at most people don't even know when it's being done unless they have a software based Firewall that logs them. they're usually harmless as long as either a hardware/software firewall is in place. Nothing to get riled up about.
Lookos like your firewall isn't configured properly. Those are return packets from HTF, in other words, the forum pages you're reading. In short, when you browse HTF, what happens is:
Your computer contacts the HTF server, with an ephemeral source port (over 1024) and a destination port of 80.
HTF replies back, with the source port as 80 and the destination port being whatever ephemeral port your PC contacted HTF with.
This exchange repeats as needed until the entire transaction is complete (the page displays in your browser).
In your example the ephemeral ports for each connection to HTF are in the 2800s. For whatever reason your firewall is logging these as if they're connection attempts on those ports (really they aren't, but are parts of an existing outbound connection to HTF).
What firewall are you using, and did you fiddle with the rules at all, such as the logging rules?
Kevin, I'm using the McAfee firewall that came free with the Comcast HSI service. Been using it since July. Haven't changed any configurations and haven't had any problems, nor have I seen any more hits from HTF since the 16th. I'm not too worried about it, just curious since the hits came from HTF. Anyway, I'm going to be getting a router soon. Thanks for the info you provided.