So, I log onto my computer after work and notice that zone alarm had blocked 3 intrusion attempts on my computer. It gave the following information:

Protocol: TCP Source IP: 192.168.1.1: 1530 Destination IP: my ip on port 5000
Protocol: TCP Source IP: 192.168.1.1: 1529 Destination IP: my ip on port 5000
Protocol: TCP Source IP: 192.168.1.1: 1528 Destination IP: my ip on port 5000

Is this someone trying to hack my computer, and if so how could I find out more about the place it came from. It appears that the source ip is the ip of the router. ??? totally confused. Anyway to try this on my computer from my laptop to see how vunerable my computer is? I have also noticed that virus' show up out of no where even though i am not downloading anything. sorry if this is a stupid thread. just tryn to get some answers, and i have googled this with not too much luck. thanks.

it also said that it was a packet of some sort that was blocked.

What kind of a router do u have? Most of the routers maintain a log file. Did u check that?

its a netgear router...I don't have the password or login information for the router cause its at my gf's house. nobody knows how to log onto the router. i guess maybe i could call the cable company, they might have the password. i thought there maybe an application in bt that i could leave running or something so that i could get more info on the bastard that tried to hack me. assuming he is smart enough to try to hack me, he probably does mac spoofing or whatever technique hackers use to not leave any tracks behind that would be traceable, at least traceable by your average joe.

if its a netgear.. check out the type and google for the default logon account, then try http://192.168.1.1 in your browser.. might find its not been changed :P
if that fails and you feel you can set the thing back up (not a hard task if default) then just reset it (factory reset button)...

if its default then you'll find the logs are not switched on anyway.. but you can always enable it for future checks..

how often is the ip being blocked if concurrent could just be an app, if random could be someone attempting to connect, i doubt it as they would try on more than one port.

That is a local IP, then, Google port 5000, and realize that it's the Universal Plug'n'Play (UPnP) port TCP. Don't worry, it's just your router trying to grab some attention.

Mother

That is a local IP, then, Google port 5000, and realize that it's the Universal Plug'n'Play (UPnP) port TCP. Don't worry, it's just your router trying to grab some attention.

Mother

ok. thanks. it has only happenend once ever, all three of those attempts where within about 2 mins of each other. if someone was going through the router, would their ip show up, or the routers?

I did find this: http://www.linklogger.com/TCP5000.htm

buffer overflow exploit on tcp port 5000. anyway i can disable port 5000

Do you even know if it's open on your windows box?
Go to administrative tools>services and cut off UPNP, if it's even running.
You've got it firewalled off. I believe the upnp buffer overflow was patched, anyway.

Want to really freak out? Open a command prompt, if you can even call windows cmd one, and run "netstat -a". I bet that will get your attention. Shows all your "open" ports. Google is your friend. I don't know how good a friend False, I mean Zone Alarm is. :D It's an excellent free firewall but it ought to have a right-click google option.

I'd be more worried about the viri popping up "out of nowhere". Ever heard the words "clean install"?

There a plenty of programs on BT that might help you.
google nmap
http://backtrack.offensive-security.com/index.php?title=Tools#Network_Mapping

Have Fun

I'll check it out...

Yeah, im pretty familiar with the netstat command...

Actually, I have virus' pop up at least once a week for no apparent reason. I can't figure out where the hell they are coming from. I don't even download shit...:confused:

I'll check it out...

Yeah, im pretty familiar with the netstat command...

Actually, I have virus' pop up at least once a week for no apparent reason. I can't figure out where the hell they are coming from. I don't even download shit...:confused:

Must be one of those telepathic viruses ;)

perhaps it is too late. Maybe the attacker managed the buffer overflow attack and placed a back door in and drop viri' in? I would agree with ghaze and say clean install. Then harden your your computer (shut down all unnessesary ports).

Enjoy.

So, I log onto my computer after work and notice that zone alarm had blocked 3 intrusion attempts on my computer. It gave the following information:

Protocol: TCP Source IP: 192.168.1.1: 1530 Destination IP: my ip on port 5000
Protocol: TCP Source IP: 192.168.1.1: 1529 Destination IP: my ip on port 5000
Protocol: TCP Source IP: 192.168.1.1: 1528 Destination IP: my ip on port 5000

Is this someone trying to hack my computer, and if so how could I find out more about the place it came from. It appears that the source ip is the ip of the router. ??? totally confused. Anyway to try this on my computer from my laptop to see how vunerable my computer is? I have also noticed that virus' show up out of no where even though i am not downloading anything. sorry if this is a stupid thread. just tryn to get some answers, and i have googled this with not too much luck. thanks.

it also said that it was a packet of some sort that was blocked.

If all else fails there should be a small reset button on the router which would set everything back to defaults including the password :) Then you can properly setup your router with all the firewall settings etc.

ONE THING to remember is there are always updates from the company when they find out there is a known exploit. You need to get into it to get the latest firmware asap. There are always trolls scanning around to find if you haven't done your part in updating the router.

Not once did anybody advise this guy to back up his ISP information such as logon details before he resets his router...no wonder he hasnt replied, poor guy doesnt have a clue and probably cant connect to the internet because of the 'reset' advice without being told to backup.

...poor guy

Not once did anybody advise this guy to back up his ISP information such as logon details before he resets his router...no wonder he hasnt replied, poor guy doesnt have a clue and probably cant connect to the internet because of the 'reset' advice without being told to backup.

...poor guy

That's why ISP helpdesk people get paid the big bucks that they do.

Not once did anybody advise this guy to back up his ISP information such as logon details before he resets his router...no wonder he hasnt replied, poor guy doesnt have a clue and probably cant connect to the internet because of the 'reset' advice without being told to backup.

...poor guy

It probably has more to do with Mother warning him about "borderline spamming" than anything else.

Who in their right mind doesn't have a hard copy of their ISP logon details.
I cannot remember the last ISP i was with that didn't send out a hard copy of the information anyway, usually username in one letter and password in another.

Not once did anybody advise this guy to back up his ISP information such as logon details before he resets his router...no wonder he hasnt replied, poor guy doesnt have a clue and probably cant connect to the internet because of the 'reset' advice without being told to backup.

...poor guy

And once again, the bt forum team has made the internet a safer place. Maybe, by the time he gets back on, he will have learned to
configure a router
close default ports
use netstat
post intelligent questions on forums
use google

Naw, I must be delusional. It was nice while it lasted, though. :D

LOL, this was funny to read. Ah, my stomach hurts now.

Not once did anybody advise this guy to back up his ISP information such as logon details before he resets his router...Ya it'd be horrible if we assumed he might have at least a few firing neurons.

(Sry to bring this thread back from the dead I was looking at old threads I'd contributed to and this was just too funny to pass up)

If you use Windows, then it's a really good idea to follow this guide (http://www.devshed.com/c/a/Security/Vectors/)

It's also advisable from time to time to reflash the firmware on your router, as many are susceptible to HTML injection and lots of other nasty things...

This thread has served it's purpose and needs to be put out of our misery.