Jump to content



Sign up for a free account to remove the pop-up ads

Signing up for an account is fast and free. As a member you can join in the conversation, enter contests and remove the pop-up ads that guests get. Click here to create your free account.


Photo
- - - - -

HTF Attempts Access To My Computer?


  • You cannot start a new topic
  • Please log in to reply
6 replies to this topic

#1 of 7 OFFLINE   SteveCop

SteveCop

    Agent



  • 32 posts
  • Join Date: Feb 25 2000

Posted November 16 2003 - 09:19 PM

I noticed that my firewall has blocked 195 access attempts to multiple ports from HTF (216.66.21.97) in the last two days. Anyone know what's going on?? Thanks

#2 of 7 OFFLINE   Kevin P

Kevin P

    Screenwriter



  • 1,444 posts
  • Join Date: Jan 18 1999

Posted November 17 2003 - 02:19 AM

Was this while you were surfing HTF? Can you post the logs, as there will be more info (port #s, etc.) than just the IP address. It could be responses from the site that were timed out. Were you having troubles accessing HTF at the time? KJP

#3 of 7 OFFLINE   SteveCop

SteveCop

    Agent



  • 32 posts
  • Join Date: Feb 25 2000

Posted November 17 2003 - 04:00 AM

Kevin, Here's some, but not all of the log, with my IP removed. The sending port was 80 for all the events, with the destination ports all in the 28** range. I don't recall if I was on the site when they occurred, but I haven't had any trouble accessing HTF. 2003/11/16 06:18:59 216.66.21.97: 80 2816 LBC Watchdog 2003/11/16 06:18:57 216.66.21.97: 80 2807 cspmulti 2003/11/16 06:18:56 216.66.21.97: 80 2825 Port 2825 (TCP) 2003/11/16 06:18:56 216.66.21.97: 80 2816 slc systemlog 2003/11/16 06:18:52 216.66.21.97: 80 2808 J-LAN-P 2003/11/16 06:18:48 216.66.21.97: 80 2827 slc ctrlrloops 2003/11/16 06:18:48 216.66.21.97: 80 2817 NMSig Port 2003/11/16 06:18:42 216.66.21.97: 80 2804 Telexis VTU 2003/11/16 06:18:42 216.66.21.97: 80 2819 FC Fault Notification 2003/11/16 06:18:37 216.66.21.97: 80 2828 ITM License Manager 2003/11/16 06:18:37 216.66.21.97: 80 2818 rmlnk 2003/11/16 06:18:37 216.66.21.97: 80 2820 UniVision 2003/11/16 06:18:36 216.66.21.97: 80 2809 CORBA LOC 2003/11/16 06:18:35 216.66.21.97: 80 2805 WTA WSP-S 2003/11/16 06:18:33 216.66.21.97: 80 2821 vml_dms 2003/11/16 06:18:29 216.66.21.97: 80 2803 btprjctrl 2003/11/16 06:18:28 216.66.21.97: 80 2812 atmtcp 2003/11/16 06:18:28 216.66.21.97: 80 2806 cspuni 2003/11/16 06:18:26 216.66.21.97: 80 2810 Active Net Steward 2003/11/16 06:18:26 216.66.21.97: 80 2813 llm-pass 2003/11/16 06:18:06 216.66.21.97: 80 2823 CQG Net/LAN 2003/11/16 06:18:04 216.66.21.97: 80 2814 llm-csv 2003/11/16 06:18:04 216.66.21.97: 80 2815 LBC Measurement 2003/11/16 06:18:02 216.66.21.97: 80 2824 Port 2824 (TCP) 2003/11/16 06:17:58 216.66.21.97: 80 2826 slc systemlog Thanks

#4 of 7 OFFLINE   Gregory Maier

Gregory Maier

    Auditioning



  • 8 posts
  • Join Date: Oct 18 2003

Posted November 17 2003 - 03:23 PM

Could be just junkies out there pinging your IP looking for vulnerbilities to hack at most people don't even know when it's being done unless they have a software based Firewall that logs them. they're usually harmless as long as either a hardware/software firewall is in place. Nothing to get riled up about. Gregory Maier

#5 of 7 OFFLINE   JamesHl

JamesHl

    Supporting Actor



  • 813 posts
  • Join Date: May 08 2003

Posted November 17 2003 - 03:32 PM

The interest in this case, Greg, is that the ip address appears to be the main address for HTF.

#6 of 7 OFFLINE   Kevin P

Kevin P

    Screenwriter



  • 1,444 posts
  • Join Date: Jan 18 1999

Posted November 18 2003 - 01:39 AM

Lookos like your firewall isn't configured properly. Those are return packets from HTF, in other words, the forum pages you're reading. In short, when you browse HTF, what happens is:
    [*]Your computer contacts the HTF server, with an ephemeral source port (over 1024) and a destination port of 80.[*]HTF replies back, with the source port as 80 and the destination port being whatever ephemeral port your PC contacted HTF with.[*]This exchange repeats as needed until the entire transaction is complete (the page displays in your browser).
In your example the ephemeral ports for each connection to HTF are in the 2800s. For whatever reason your firewall is logging these as if they're connection attempts on those ports (really they aren't, but are parts of an existing outbound connection to HTF).

What firewall are you using, and did you fiddle with the rules at all, such as the logging rules?

KJP

#7 of 7 OFFLINE   SteveCop

SteveCop

    Agent



  • 32 posts
  • Join Date: Feb 25 2000

Posted November 18 2003 - 03:19 AM

Kevin, I'm using the McAfee firewall that came free with the Comcast HSI service. Been using it since July. Haven't changed any configurations and haven't had any problems, nor have I seen any more hits from HTF since the 16th. I'm not too worried about it, just curious since the hits came from HTF. Anyway, I'm going to be getting a router soon. Thanks for the info you provided. Steve




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users