A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.comp.home-networking (UK home networking)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.comp.home-networking (UK home networking) (uk.comp.home-networking) Discussion of all aspects of computer networking in the home, regardless of the platforms, software, topologies and protocols used. Examples of topics include recommendations for hardware or suppliers (e.g. NICs and cabling), protocols, servers, and specific network software. Advertising is not allowed.

This may be a daft question ...



 
 
Thread Tools Display Modes
  #1  
Old July 17th 03, 12:25 PM posted to uk.comp.home-networking
Mike Faithfull
external usenet poster
 
Posts: 3
Default This may be a daft question ...

.... but I've just been looking at my firewall log file (Windows XP Home
Edition V5.1 + Service Pack 1) and noticed that I have several groups of
'dropped packets' from 217.39.173.231. 'Whois' tells me this is a BT Public
Internet Service address - my ISP is NTL and I'm connected via NTL cable.
So why would a BT server somewhere be wanting to talk to my PC in such a
manner that the Firewall disallows it? (You can probably tell I have just
slightly less knowledge than is required to be dangerous ... !)


  #2  
Old July 17th 03, 12:54 PM posted to uk.comp.home-networking
Groove
external usenet poster
 
Posts: 40
Default This may be a daft question ...

Mike Faithfull said this...
... but I've just been looking at my firewall log file (Windows XP Home
Edition V5.1 + Service Pack 1) and noticed that I have several groups of
'dropped packets' from 217.39.173.231. 'Whois' tells me this is a BT
Public Internet Service address - my ISP is NTL and I'm connected via
NTL cable. So why would a BT server somewhere be wanting to talk to my
PC in such a manner that the Firewall disallows it? (You can probably
tell I have just slightly less knowledge than is required to be
dangerous ... !)


Hi Mike. What sort of firewall are you running? Is it possible to give any
further information from the log such as local and remote port numbers?
It could be malicious or it may just be background noise, it's impossible
to tell without more detailed info.


--
~ dvd ~
  #3  
Old July 17th 03, 03:04 PM posted to uk.comp.home-networking
Mike Faithfull
external usenet poster
 
Posts: 3
Default This may be a daft question ...

"Groove" wrote in message
...
Mike Faithfull said this...
... but I've just been looking at my firewall log file (Windows XP Home
Edition V5.1 + Service Pack 1) and noticed that I have several groups of
'dropped packets' from 217.39.173.231.


Hi Mike. What sort of firewall are you running? Is it possible to give any
further information from the log such as local and remote port numbers?
It could be malicious or it may just be background noise, it's impossible
to tell without more detailed info.


It's the one built in to XP. It produces a log file called pfirewall.log
that captures certain events. Here's an entry ...

DROP TCP 217.39.173.231 213.104.104.35 4619 1433 48 S 1858592789 0 16384

According to the headings, the data represents:

action, protocol, source IP, destination IP, source port, destination port,
size, tcpflags, tcpsyn, tcpack, tcpwin

I have had similar entries (dropped packets, I mean, I don't know about the
other numbers) from strange places like Poland, Slovenia and Japan.


  #4  
Old July 17th 03, 06:10 PM posted to uk.comp.home-networking
Groove
external usenet poster
 
Posts: 40
Default This may be a daft question ...

Mike Faithfull said this...
DROP TCP 217.39.173.231 213.104.104.35 4619 1433 48 S 1858592789 0 16384


action, protocol, source IP, destination IP, source port, destination
port, size, tcpflags, tcpsyn, tcpack, tcpwin

I have had similar entries (dropped packets, I mean, I don't know about
the other numbers) from strange places like Poland, Slovenia and Japan.

If I read this correctly, this is something tapping at your port 1433. IIRC
there was a worm a while back that used this port. However, the dropped
packet is good, your firewall is not allowing access,
Hopefully there are wiser heads than mine that can add to this thread, but
in the meantime I would recommend you look at a "proper" firewall for your
system. The xp built-in firewall is very limited in function.



--
~ dvd ~
  #5  
Old July 17th 03, 11:11 PM posted to uk.comp.home-networking
Rob Morley
external usenet poster
 
Posts: 1,379
Default This may be a daft question ...

In article ,
says...
"Groove" wrote in message
...
Mike Faithfull said this...
... but I've just been looking at my firewall log file (Windows XP Home
Edition V5.1 + Service Pack 1) and noticed that I have several groups of
'dropped packets' from 217.39.173.231.


Hi Mike. What sort of firewall are you running? Is it possible to give any
further information from the log such as local and remote port numbers?
It could be malicious or it may just be background noise, it's impossible
to tell without more detailed info.


It's the one built in to XP. It produces a log file called pfirewall.log
that captures certain events. Here's an entry ...

DROP TCP 217.39.173.231 213.104.104.35 4619 1433 48 S 1858592789 0 16384


Port 1433 is used by MS SQL Server, so if you're not running that you
needn't worry anyway. It's quite likely that a BTOpenworld customer
(unknowingly) has a worm that is trying to exploit a known vulnerability
in MS SQL Server.

I have had similar entries (dropped packets, I mean, I don't know about the
other numbers) from strange places like Poland, Slovenia and Japan.

You will see dropped packets whenever something "outside" attempts to
initiate a connection to your machine - any time the firewall thinks
that the packets it receives aren't part of an exchange that you
initiated. They are a result of worms, hackers, badly configured
networks, buggy software ... if they're not getting in you don't need to
worry about them too much.
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Daft VOIP question? Ivor Jones uk.telecom.voip (UK VOIP) 0 December 10th 05 07:11 PM
Daft question of the week : BT DSLAM's & capacity P H uk.telecom.broadband (UK broadband) 1 December 15th 04 06:02 PM
Daft question of the week : BT DSLAM's & capacity Ed Start uk.telecom.broadband (UK broadband) 0 December 14th 04 01:39 PM
Daft question of the week : BT DSLAM's & capacity Iain uk.telecom.broadband (UK broadband) 0 December 14th 04 01:32 PM
A (probably daft) Micro Filter question Anthony Bowles uk.telecom.broadband (UK broadband) 10 June 11th 04 09:26 AM


All times are GMT +1. The time now is 10:15 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2017 BroadbanterBanter.
The comments are property of their posters.