What is this?

jannier

Expert Member
Joined
Jul 31, 2005
Messages
1,137
Hi,

Can the clever guys who know please tell me what this is, and if I should worry, and what to do if it is a threat.
I run Avast Free Antivirus v8.x.
Win7 X64
Windows firewall is on
PC is connected to NAT'ed router.

The router firewall log is showing this:
I replaced the last few digits of my IP with xxx

Jun 8 15:32:15 HackAttack: [SPI:Illegal connection state attack] TCP packet from [ppp0] 74.125.233.63:443 to 105.236.xxx.xxx:51138
Jun 8 15:32:15 HackAttack: [SPI:Illegal connection state attack] TCP packet from [ppp0] 74.125.233.63:443 to 105.236.xxx.xxx:51139
Jun 8 15:34:05 HackAttack: [SPI:Illegal connection state attack] TCP packet from [ppp0] 68.64.146.210:80 to 105.236.xxx.xxx:51206
Jun 8 15:42:30 HackAttack: [SPI:Illegal connection state attack] TCP packet from [ppp0] 199.16.156.40:80 to 105.236.xxx.xxx:51516
Jun 8 15:45:18 HackAttack: [SPI:Illegal connection state attack] TCP packet from [ppp0] 68.64.146.210:80 to 105.236.xxx.xxx:51557
 

Tim the Techxpert

Expert Member
Joined
Jul 19, 2012
Messages
1,112
Hi There,
Looks like someone is trying to get into your computer.
What is Avast saying?
Have you done any scans and what settings have you go on in Avast?
Obviously keep your Avast software up to date and make sure that you scan regularly

Regards

Tim
 

jannier

Expert Member
Joined
Jul 31, 2005
Messages
1,137
Hi Tim,

AVAST is up to date, and not complaining.
Even did a full online and off line scan.

I did some research and I found that I can ignore most of these, some are harmless pings, others can be port scans.
The router successfully denied access.

I also did a "shields up" test and it reported my computer is totally safe, not visible on the net to hackers.
https://www.grc.com/x/ne.dll?bh0bkyd2
 

Burzum

Well-Known Member
Joined
Jun 19, 2012
Messages
136
lol...

That is a misconfiguration rule set ;)

That address is google

Host Name: jnb01s01-in-f31.1e100.net
IP address is numbered 74.125.233.63.
This IP address is active in United States, and refers to Mountain View, California.
IP Country code is US. IP address ISP is "Google", organization is "Google".
It's hostname is jnb01s01-in-f31.1e100.net.
IP address latitude is 37.419201 and longitude is -122.057404. Postal code of this IP is 94043 and area code is 650.


You might want to disable remote services and ... netbios :rolleyes:
 
Last edited:

jannier

Expert Member
Joined
Jul 31, 2005
Messages
1,137
They are disabled.
First thing I do when I install OS.

I have no rule set/s configured anywhere.
 
Top