Continuous firewall intrusion attempts

dge334 · July 3, 2010, 2:12pm

I have a continuous firewall intrusion every second which CIS is successfully blocking.

It is coming from Source IP 195.14.135.4 and the Destination Port is 7070. Source port is 13190. Application: Windows Operating System.

If I switch off the broadband modem, it stops. As soon as I turn it on, the intrusion attempts begin every second. It’s been like this for at least 24 hours.

dge334 · July 4, 2010, 11:27am

I’ve run an online IP trace and the Source IP 195.14.135.4 is in Cyprus. Since I am not in Cyprus it cannot be my ISP attempting to connect to my computer. The intrusion attempts continue and occur every second non-stop.

Does anyone have any idea what is going on? Is it a hacker attacking my computer? Shields UP says I have ‘TruStealth’ and all my ports are invisible yet the intrusion attempts have been unceasing and unrelenting for a couple of days now.

rhgtyink · July 4, 2010, 1:25pm

Have you been using torrent or other P2P applications recently?

This behavior is seen after torrent applications are closed and other peers still thing your serving torrents…

dge334 · July 4, 2010, 1:42pm

Hi,

No I have not been using torrent or other P2P applications recently.

futuretech · July 4, 2010, 1:58pm

From what I can find, it is used for streaming media using RealPlayer.
References:
http://www17.real.com/firewall/adminfw.html
http://www.pc-library.com/ports/tcp-udp-port/7070/

rhgtyink · July 4, 2010, 1:59pm

Well the port is registered to real-audio, been using that and or hosting something like that?

If not it could be a misconfiguration, or you got the IP of someone who did etc, best thing would be to create a block rule that doesn’t log so the counter does not increase either

Create a global rule

Block
Incoming
TCP
Source = 195.14.135.4
Source port = Any
Destination = Any
Destination port = 7070

And move it up to the top. That should kill the noise.

jovan111p · July 4, 2010, 2:15pm

How do you know what protocol to put and destination port? Sorry for asking, just want to learn

dge334 · July 4, 2010, 3:03pm

Many thanks. I have Real Player installed.

dge334 · July 4, 2010, 3:10pm

Many thanks. I created this rule and it’s not logging the firewall intrusion attempts now unless of course I check the box “Log as a firewall event if this rule is fired”.

I receive these intrusion attempts non-stop every second even though RealPlayer is not running and no RealPlayer process is running in Windows Task Manager.

rhgtyink · July 4, 2010, 3:49pm

Well it’s not just that you have to have Real Player installed, you have to be “hosting” some audio stream for others to need to connect to your system, so I’m not sure if that’s the case here.

Have you run antivirus and scanners like Malwarebytes etc lately? just to be sure…
Also please make sure you have your system up-to-date windows update and take a look at secunia’s PSI

http://www.secunia.com that’s a tool that can scan your system for vulnerable software on it.

rhgtyink · July 4, 2010, 3:50pm

Have a look at this movie here:
http://www.warriorsofthe.net/movie.html

dge334 · July 4, 2010, 4:52pm

Thanks for reply.

I’m not hosting any audio stream for others to connect to my computer.

I just ran Comodo Anti-Virus scan (‘My Computer’ profile) and MalwareBytes full system scan and my system is clean.

jovan111p · July 4, 2010, 7:39pm

Scan it with Hitman Pro 3.5 too!