Jump to content

TCPs and UPDs?

By Parker, in Tech corner

Recommended Posts

Parker    19761

Parker
Posted

So, late last night my laptop started acting overly screwy.. I unplugged it from the internet and immediately started scanning through it and found a very tricky virus.. one that my anti-virus programs didn't seem able to properly remove.

 

Not being able to figure it out personally, I sent it to my cousin to be filled with junk data and reformatted..

 

After, I was looking through my router logs as I was hoping to find out exactly how this got on my laptop. (I only use my laptop for work e-mail and cerb)

I found numerous (as well as some of the same, over and over) IP addresses that had been blocked by my router for attempting send a TCP packet.

Another one it's constantly blocking is UDP packets.

 

What are these? Why are people sending them? And how do I stop them?

 

I've had a couple people tell me that they could be people attempting to get into my router, another person told me that it could be slowing down my connection... so at the moment I have no idea what they are and any ideas would be greatly appreciated.

 

xo

Share this post

Link to post
Share on other sites

Guest G***f******   

Guest G***f******
Posted

TCP and UDP are the protocols the Internet uses.

 

Services use specific TCP and UDP port numbers to communicate.

http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

 

For instance, http (the web) uses TCP port 80

Telnet uses 23' etc.

 

The thing to find out is what type of connection is being blocked (what port is being accessed) and where is it coming from, ( the originating IP address).

Share this post

Link to post
Share on other sites

Parker    19761

Parker
Posted

Yes, I understand that part.. I'm just wondering why/if these IPs are trying to access my router..

 

The log looks something like this...

 

Wed Aug 18 16:39:05 2010 Blocked incoming TCP packet from 173.189.14.208:53437 to *my router's IP*

 

or

 

Wed Aug 18 16:38:35 2010 Blocked incoming UDP packet from 90.205.102.65:25769 to ....

 

I believe 53437 & 25769 are the ports. (Please correct me if I am wrong though.)

 

I searched the IPs last night, many of them are from Canada but there are some from China, Finland, US, UK.. other random countries.

 

 

 

TCP and UDP are the protocols the Internet uses.

 

Services use specific TCP and UDP port numbers to communicate.

http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

 

For instance, http (the web) uses TCP port 80

Telnet uses 23' etc.

 

The thing to find out is what type of connection is being blocked (what port is being accessed) and where is it coming from, ( the originating IP address).

Share this post

Link to post
Share on other sites

Guest G***f******   

Guest G***f******
Posted

You are correct, those are the port numbers.

 

Those two are not assigned to a specific protocol or service, so what's probably happening is some hacker, bot or worm is scanning the addresses on your ISPs network and looking for connections it can gain access to. Your router is doing it's job and blocking them from getting into your system.

 

On another note, if you ever get a stubborn virus or other piece of malware you can't seem to get rid of, try running Malwarebytes from http://www.malwarebytes.org. It's free and works where other antivirus software has failed me.

Share this post

Link to post
Share on other sites

etasman2000    15994

etasman2000
Posted

Some background.

 

These packets, TCP or UDP, are means by which one computer program communicates with another. For example, as you browse the Web TCP packets are being sent to (and from) your Web Browser to (and from) the web servers.

 

Other applications may send or receive packets as well. To differentiate the various applications they use something called a port.

 

IP Address = building address.

 

Port = apartment number.

 

Imagine there is an apartment building. To find out if someone lives in an apartment you could send each apartment a letter with a SASE. If you get a reply you can safely say someone lives there. In geek speak we call this probing.

 

These computers all over the world are probing to find out if an application is on that port. If there is one they will now send a identification probe to find out what specific application is on that port. From there they can craft a specific probe to take over the application [1]. Once that is accomplish they can attempt taking control of your computer.

 

But why ? There are two main reasons:

 

1. they are viruses trying to infect another machine

 

2. they are botnets (robotic networks) trying to add another machine to their group.

 

Botnets are use for:

a. capturing user information for identity theft

b. massive spam senders

c. dissemination of illicit material

d. aiding in attacking computer resources (distributed denial of service)

 

A majority of the botnets are under control of criminal organization who rent these computers out. It is estimated that over 60% of PC around the world are under the control of at least one botnet [2].

 

Your firewall is the first line of defense in protecting your computer.

 

Hopefully this helps.

 

et

 

[1] this is the reason to keep your computer security updated.

 

[2] it takes about 12 mins for a brand new (unsecured) PC to be taken over by a botnet after it is plug into the Internet.

 

Yes, I understand that part.. I'm just wondering why/if these IPs are trying to access my router..

 

The log looks something like this...

 

Wed Aug 18 16:39:05 2010 Blocked incoming TCP packet from 173.189.14.208:53437 to *my router's IP*

 

or

 

Wed Aug 18 16:38:35 2010 Blocked incoming UDP packet from 90.205.102.65:25769 to ....

 

I believe 53437 & 25769 are the ports. (Please correct me if I am wrong though.)

 

I searched the IPs last night, many of them are from Canada but there are some from China, Finland, US, UK.. other random countries.

  • Like 2

Share this post

Link to post
Share on other sites

whatsup    11893

whatsup
Posted

Naomi, looking at your lovely avatar who want's to talk tech. :wink: :lol: Good post BTW.

Share this post

Link to post
Share on other sites

Parker    19761

Parker
Posted
Naomi, looking at your lovely avatar who want's to talk tech. :wink: :lol: Good post BTW.

 

Why thank you. ;) xx

 

Some background.

 

These packets, TCP or UDP, are means by which one computer program communicates with another. For example, as you browse the Web TCP packets are being sent to (and from) your Web Browser to (and from) the web servers.

 

Other applications may send or receive packets as well. To differentiate the various applications they use something called a port.

 

IP Address = building address.

 

Port = apartment number.

 

Imagine there is an apartment building. To find out if someone lives in an apartment you could send each apartment a letter with a SASE. If you get a reply you can safely say someone lives there. In geek speak we call this probing.

 

These computers all over the world are probing to find out if an application is on that port. If there is one they will now send a identification probe to find out what specific application is on that port. From there they can craft a specific probe to take over the application [1]. Once that is accomplish they can attempt taking control of your computer.

 

But why ? There are two main reasons:

 

1. they are viruses trying to infect another machine

 

2. they are botnets (robotic networks) trying to add another machine to their group.

 

Botnets are use for:

a. capturing user information for identity theft

b. massive spam senders

c. dissemination of illicit material

d. aiding in attacking computer resources (distributed denial of service)

 

A majority of the botnets are under control of criminal organization who rent these computers out. It is estimated that over 60% of PC around the world are under the control of at least one botnet [2].

 

Your firewall is the first line of defense in protecting your computer.

 

Hopefully this helps.

 

et

 

[1] this is the reason to keep your computer security updated.

 

[2] it takes about 12 mins for a brand new (unsecured) PC to be taken over by a botnet after it is plug into the Internet.

 

Thank you so very, very much for this post..

It's exactly what I was trying to figure out. (in a way I could understand to boot!)

 

xx

Share this post

Link to post
Share on other sites

masterowls    249

masterowls
Posted

another thimg you an try doing... a little extreme is using a program called hidemyip. what it doies is tells your computer/router to send a fake ip to the net... (I had mine sending a us address for a while... to get a site that blocked canadian ips to lemme in...)I stopped using it when the ban was lifted... but it works...

Share this post

Link to post
Share on other sites

etasman2000    15994

etasman2000
Posted

Unfortunately IP masking does not work for this case.

 

The reason is actually quite simple, viruses and botnets don't care.

 

The IP assigned to your machine (technically Internet modem) comes from a known range of addresses. When probing the virus or botnet would try every single address in the range before moving on to the next range.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
You are posting as a guest. If you have an account, please sign in.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go To Topic Listing Tech corner
×
×
  • Create New...