1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Strange IP Destinations through wireless router

Discussion in 'Networking & Security' started by pepsi71ocean, Jan 11, 2009.

  1. pepsi71ocean New Member

    Joined:
    Nov 7, 2007
    Messages:
    1,471 (0.60/day)
    Thanks Received:
    125
    Location:
    The Peoples Republic of New South Jersey
    I was checking up on the wireless router's transfers page that show what ip is goign to what places and i found some strange ones sending information to 78.39.76.29, which when tracked through dns look up goes back to iran. From what the wireless box says the Outgoing log show it is going through port 25897. After checking the incoming log it doesn't show up, so i am assuming it is only sending information.

    Just the nature of Iran showing up scares me, and im not sure from what computer it is coming from either, of the 5 computer on the network this stuff show up from home(ie 192.168).102

    As of now im checking the rest of the IP's to see where they are going.

    Does anyone know how to shed some more light on this?
  2. IggSter

    IggSter

    Joined:
    Aug 24, 2007
    Messages:
    443 (0.17/day)
    Thanks Received:
    127
    Location:
    BY-S36
    That port is not a known service so in fact can be anything. If you are certain that packets are being sent to 78.39.76.29 from one of your LAN devices I would:

    Run comprehensive virus scan on that PC
    Run comprehensive malware scan on that PC
    Run Hijackthis on your PC and submit report to Hijackthis website to get their opinion
    Also you can configure your firewall to block these outgoing packets if you are worried about what is going on.

    EDIT: Ive just performed a simple portscan of the IP you gave, here are the result:

    Scanning ports on 78.39.76.29

    78.39.76.29 isn't responding on port 21 (ftp).
    78.39.76.29 isn't responding on port 23 (telnet).
    78.39.76.29 isn't responding on port 25 (smtp).
    78.39.76.29 isn't responding on port 80 (http).
    78.39.76.29 isn't responding on port 110 (pop3).
    78.39.76.29 isn't responding on port 139 (netbios-ssn).
    78.39.76.29 isn't responding on port 445 (microsoft-ds).
    78.39.76.29 isn't responding on port 1433 (ms-sql-s).
    78.39.76.29 isn't responding on port 1521 (ncube-lm).
    78.39.76.29 isn't responding on port 1723 (pptp).
    78.39.76.29 isn't responding on port 3306 (mysql).
    78.39.76.29 isn't responding on port 3389 (ms-wbt-server).
    78.39.76.29 isn't responding on port 5900 ().
    78.39.76.29 isn't responding on port 8080 (webcache).
    78.39.76.29 isn't responding on port 25897 ().

    It appears that this IP is offline or is configured to not respond to portscans.
    pepsi71ocean says thanks.
  3. pepsi71ocean New Member

    Joined:
    Nov 7, 2007
    Messages:
    1,471 (0.60/day)
    Thanks Received:
    125
    Location:
    The Peoples Republic of New South Jersey
    im still not sure what computer its coming from, and iwas wonder if you could block that port through the network box or would that have to go through the firewall in windows.
  4. IggSter

    IggSter

    Joined:
    Aug 24, 2007
    Messages:
    443 (0.17/day)
    Thanks Received:
    127
    Location:
    BY-S36
    Your router might be able to block that port...it depends on make/model and features.
    You can configure a windows firewall to block outgoing packets to that IP but would need to be done on a per PC basis.
    You can also install tunneling s/w on each PC which you can configure to send any packets destined for that IP to a fake destination.

    If you post the make/model of your router I can have a search to see if it can be blocked there as this would be the quickest/easiest solution.
    pepsi71ocean says thanks.
  5. pepsi71ocean New Member

    Joined:
    Nov 7, 2007
    Messages:
    1,471 (0.60/day)
    Thanks Received:
    125
    Location:
    The Peoples Republic of New South Jersey
    Linksys Wireless B 802.11B, its about 5 years old.

    Any clue on how to block off that port in windows firewall. i kep looking aroudn but i can only find program blocks for firewall.
  6. IggSter

    IggSter

    Joined:
    Aug 24, 2007
    Messages:
    443 (0.17/day)
    Thanks Received:
    127
    Location:
    BY-S36
    The should be a model number for your router on a label somewhere, if you can find that it would help a lot.

    For windows XP blocking:

    According to XP Help and Support on the Start Menu, you use the Exceptions
    tab for this purpose: "To open a port for a program or service, select the
    check box for the program or service. To close a port for a program or
    service, clear the check box for the program or service."

    If the above does not help, you may need something more robust and
    configurable than the XP built-in firewall. There are several free
    firewalls available that are more robust and configurable than the XP
    Firewall:
    www.agnitum.com
    www.zonelabs.com
    www.sygate.com
    http://www.tinysoftware.com/home/tiny2?la=EN
    http://www.kerio.com/kerio.html
    pepsi71ocean says thanks.
  7. pepsi71ocean New Member

    Joined:
    Nov 7, 2007
    Messages:
    1,471 (0.60/day)
    Thanks Received:
    125
    Location:
    The Peoples Republic of New South Jersey
    any firewall you perfer?

    ide have to look for the router lable.

    EDIT: that Ip and the port number dissapereed from the outgoing log, and im not sure why.
  8. IggSter

    IggSter

    Joined:
    Aug 24, 2007
    Messages:
    443 (0.17/day)
    Thanks Received:
    127
    Location:
    BY-S36
    I always prefer a hardware firewall but for software I have read good things about Commodo and Kerio.

    EDIT: Best-Free-Firewalls
    pepsi71ocean says thanks.
  9. blaznee New Member

    Joined:
    Sep 17, 2008
    Messages:
    87 (0.04/day)
    Thanks Received:
    9
    An easy fix is to just route the scary ip into nothingness locally..

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page