Am I being hacked?

  • Thread starter Thread starter Don_Ace
  • Start date Start date
D

Don_Ace

How can I tell whether my server is being compromised. In
my incoming table on my router I get various IPs with
incrementing ports as below. The pattern seems to be
different IPs with incrementing port values in the 10,000
and above.
Incoming Log Table
Source IP Destination Port Number
63.218.25.230 21828
65.110.33.33 21806
63.218.25.230 21808
65.110.33.33 21798
216.52.67.202 25
63.218.25.230 21739
199.245.138.228 21594
206.8.63.130 25
38.113.200.28 25
63.218.25.230 21556
63.218.25.230 21548
65.110.33.33 21539
208.38.45.174 3073
63.211.153.104 3069
65.110.33.33 21513
63.218.25.230 21500
207.230.244.59 25
63.240.4.179 3671
65.110.33.33 21481
65.110.33.33 21479
63.218.25.230 21436
63.218.25.230 21407
204.86.200.164 25
199.245.138.228 21379
207.230.244.59 25
63.218.25.230 21345
65.110.33.33 21334
65.110.33.33 21297
63.218.25.230 21287
63.218.25.230 21268
208.181.131.7 113
63.218.25.230 21249
63.218.25.230 21243
63.218.25.230 21226
204.127.202.55 25
199.245.138.228 21172
63.218.25.230 21143
65.110.33.33 21139
207.230.244.59 25
65.110.33.33 21067
63.218.25.230 21056
63.218.25.230 21009
202.108.249.21 1434
199.245.138.228 20959
63.218.25.230 20923
65.110.33.33 20913
63.218.25.230 20836
65.110.33.33 20826
65.110.33.33 20823
146.82.220.229 25
63.218.25.230 20785
207.230.244.59 25
199.245.138.228 20734
63.218.25.230 20703
65.110.33.33 20695
65.110.33.33 20666
63.218.25.230 20654
63.218.25.230 20612
199.245.138.228 20553
63.218.25.230 20525
63.218.25.230 20476
65.110.33.33 20470
65.110.33.33 20466
208.181.131.7 113
63.218.25.230 20430
199.245.138.228 20379
63.218.25.230 20348
199.72.44.102 20283

Thanks

Don
 
This is pretty normal fare in firewall logs and I see same stuff on mine. As
long as you do not have any of these ports available as a "hole" in you
firewall or they are not in response to traffic originated by a trojan on
your computer, I would not worry about it and be glad my firwall is doing
it's job. You can use netstat -an or a utlity like fport to see what ports
your computer is listening on or connected to. --- Steve

http://www.ibiblio.org/security/articles/fport.html
http://www.microsoft.com/security/home/
 
How can I tell whether my server is being compromised. In
my incoming table on my router I get various IPs with
incrementing ports as below. The pattern seems to be
different IPs with incrementing port values in the 10,000
and above.
Click to expand...

That looks more like a distributed port scan than evidence of compromise
-- someone is using a bunch of (possibly compromised) hosts to do the
Internet equivalent of rattle your windows and try your door handles.
You shouldn't even take it personally as you could well be being
targeted at random.
 
Back
Top