warez.powerdns.com & netbios?
Posted in xn--kfs74mzzid01b.com edit by smith on January 8th, 2009
I've had a good look at the logging database (Outpost 2 pro, BTW), and noticed the following in the "blocked in the last 10 mins"
The second entry is most likely an incoming one (these are the only ones that should get a "Deny connection to port opened by system" reason) - you can confirm this by right-clicking on the log window, selecting Columns... and checking "Direction". If so then I would suggest that it is on its own harmless, but I would recommend doing a search to see if are any other connections relating to those IP addresses (just to check that there is nothing on your machine triggering these incoming attempts).
The first seems more suspicious - NetBIOS Datagram Service is normal if you have not disabled NetBIOS, but an access to a specific address is not. However a lookup (http://www.network-tools.com/default.asp?prog=express&Netnic=whois.arin.net&host=warez.powerdns.com) shows that warez.powerdns.com has been assigned the 127.0.0.1 loopback address (this has been done by domain name registrars to block access to certain sites in the past). Unfortunately, Outpost has a bug where this domain name is shown for all subsequent accesses to 127.0.0.1 (check the block www.coderz.com (http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=7653) thread for more on this). So I would suggest that this is unlikely to be a real attack.
#If you have any other info about this subject , Please add it free.# |
