[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: traffic leaking out on PPP connection

 --- "Ilya A. Kovalenko" <[email protected]> wrote: 
> PM> My firewall is pretty tight.  I block all incoming by default and let out only certain
> PM> destination ports.  I'm currently filtering on external interface only.
> PM> Now I decided to do a check on all outgoing traffic
> PM> (filtering out of course the allowed ports)
> PM> and I made an interesting discovery.
> PM> I am on dial-up (PPP) with a Canadian ISP (Sympatico) and I
> PM> am sending out regular replies to
> PM> port 135.  I figured this is due to PPP tunneling.  In 15
> PM> minutes I was replying to about a
> PM> dozen different IP addresses but they all resolve back to my ISPs servers (or clients?):
> These hosts, probably, infected w/ "Lovesan" (aka "MS-blast") virus. It
> scans networks for vulnerable Windows boxes to infect.
> but you, should see it as incoming requests, than, your host replys.
I do get, like everyone else, incoming requests due to the reason you give but this is the only
port my firewall is responding to and I have no idea why except the hypothesis that it is due
to some PPP tunneling being done by my ISP.
Furthermore, I went to the Shields Up! site at https://grc.com/x/ne.dll?bh0bkyd2 and it scanned
my IP and did not report *any* ports open.  This is what I should expect.
Post your free ad now! http://personals.yahoo.ca