Jump to content

IP-BLOCK - why don't I see a port number?


Recommended Posts

I was originally going to make a feature request for MBAM to show port numbers for IP-BLOCK messages, but looking at other people's reports, I see it already does it - just not for me.

I see a lot of incoming IP-BLOCKs like this from todays protection log (attached), but there are no port numbers mentioned:

13:29:58 (null) IP-BLOCK 221.192.199.49 (Type: incoming)

13:29:58 (null) IP-BLOCK 221.192.199.49 (Type: incoming)

13:29:59 (null) IP-BLOCK 221.192.199.49 (Type: incoming)

16:52:18 (null) IP-BLOCK 221.192.199.49 (Type: incoming)

Is this some option I've failed to find and turn on? How can I get it to show me the ports that these people are presumably trying to scan?

I've had a lot of attempts from that particular IP and I'd like to find out as much about it as I can.

protection-log-2011-10-20.txt

Link to post
Share on other sites

Hello and :welcome:

Please provide following details, so that someone may be able to assist you:

  • What is your current version of windows (XP, Vista, or Win7)?
  • Is your windows OS 32-bit or 64-bit?
  • What is your OS Service Pack?
  • What version (if any) of MBAM are you running (current is 1.51.2.1300) and is it the Free or Pro version?
  • What MBAM database version do you have now (current is 7988)?
  • What brand and version of antivirus software do you have?
  • What firewall software do you use if any?
  • Do you use a router to connect to the internet?
  • Has your computer been infected recently, or is it currently showing any other abnormal behavior (browser redirects, IP blocks, etc.) to suggest an infection?

Link to post
Share on other sites

Hi, Firefox.

On the PC in question, I have Windows 2000 SP4 32 bit.

My MBAM is currently running a full scan so I can't ask it the database version but I updated it today, so it's the current one, as is the program version. It's Pro. I paid for two licenses earlier today and registered it on both my PCs. I'd been running it as the free version for quite a while, and with the protection trial enabled for the last week or so.

My antivirus is Avast! Pro 6.0.1203 - that's the last version that supported Windows 2000 (so I won't be renewing when my license runs out). A few days ago I updated the program version to the current one and got a BSOD so had to revert. Avast! support advised me of the version to use. The virus database for it is up to date though.

My firewall is ZoneAlarm 7.0.483.000 - again, the last version to support Windows 2000, as far as I know, now about 3 years old.

I connect to the internet through a Virgin Media (formerly NTL) cable modem. As I understand it, I'm behind a NAT box of some sort, owned by Virgin Media. This (Windows 2000 SP4) PC is connected directly to the cable modem (via ethernet), and my other one is connected to this PC (also via ethernet) and shares the connection via NAT routing. The cable modem doesn't have WiFi. This PC is almost always running, the other one just gets used occasionally.

I found a few suspect files on a scan with MBAM, but nothing that constitutes an infection in my opinion - at least two false positives, which I'll report at some point, and some junk that I've had lying around for some time but not in use, which I'll probably delete.

As all the IP-BLOCK reports are incoming, I assume that's a port scan, and not connected to anything running on my PC. If I was seeing outgoing IP-BLOCK reports, I'd be more worried.

At the moment, I'm just wondering how I get the functionality that other people seem to have i.e. getting MBAM to show me the port numbers associated with each IP-BLOCK report.

Link to post
Share on other sites

I see, thanks.

I've recently installed Windows 7 on the other PC, as a dual boot. I'll try that later. It's possible it won't see the port scans though, since it only connects indirectly through this one. This PC is just too old to bother putting 7 on it. I had enough trouble with the other one, which is a few years younger - I had to buy it new sound and graphics cards, just because Windows 7 drivers don't exist for the old ones.

Link to post
Share on other sites

Yes, I've noticed that in some of the posts about IP-BLOCKs. That would be very useful in the event of an infection that was trying to dial out.

I guess I could switch the PCs around so the one with 7 had the direct connection, but I've got everything I need set up on this one, plus the actual PC box is kind of wedged behind furniture and isn't easy to get to (I use an IR remote keyboard and some longish cables). Also, I had quite a bit of trouble getting the connection sharing to work, a few years ago. Virgin Media seemed to have gone out of their way to make it more difficult, by disabling the basic Windows ICS somehow. I'm not sure if that's still the case but I'm tempted not to mess with it.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.