• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Strange IP Destinations through wireless router

P

pepsi71ocean

New Member
Joined
Nov 7, 2007
Messages
1,471 (0.24/day)
Location
The Peoples Republic of New South Jersey
System Specs
System Name The Grand Phoenix Clusterflop
Processor AMD Phenom II X4 965 Black Edition Deneb @3.4GHz
Motherboard ASRock 870 EXTREME3
Cooling Xigmatec S1284 (Lapped)1x200mm, 4x120mm
Memory Muskin Silverline 4GB DDR3 1333 (PC3 10666) 9-9-9-24
Video Card(s) eVGA GTX 470 SC Edition 1280mb RAM (C/S/M)(640/1280/1705)
Storage 2x500GB Seagate, 32MB Cache 1xWD 40GB UMD IDE Hdd.
Display(s) SAMSUNG 22" LCDTV HD Monitor and Samsung 24"
Case COOLER MASTER RC-690
Audio Device(s) USB 2.0 Sound (USB out to my Stero System)
Power Supply Thermaltake XT TPX-775M 775W
Software Windows XP Home SP3
I was checking up on the wireless router's transfers page that show what ip is goign to what places and i found some strange ones sending information to 78.39.76.29, which when tracked through dns look up goes back to iran. From what the wireless box says the Outgoing log show it is going through port 25897. After checking the incoming log it doesn't show up, so i am assuming it is only sending information.

Just the nature of Iran showing up scares me, and im not sure from what computer it is coming from either, of the 5 computer on the network this stuff show up from home(ie 192.168).102

As of now im checking the rest of the IP's to see where they are going.

Does anyone know how to shed some more light on this?
 
IggSter

IggSter

Joined
Aug 24, 2007
Messages
443 (0.07/day)
Location
BY-S36
System Specs
System Name Bitch / Dogma
Processor 955 BE @ 3.8Gig / 9850 @stock
Video Card(s) 8800 GTX 512 / 4890
Storage 8 x Samsung F2 1.5TB, 8 x Seagate 500s
Display(s) Acer 24 / Dell 24
Case Lian li / Akasa
Software Win server 2008 / Win 7
That port is not a known service so in fact can be anything. If you are certain that packets are being sent to 78.39.76.29 from one of your LAN devices I would:

Run comprehensive virus scan on that PC
Run comprehensive malware scan on that PC
Run Hijackthis on your PC and submit report to Hijackthis website to get their opinion
Also you can configure your firewall to block these outgoing packets if you are worried about what is going on.

EDIT: Ive just performed a simple portscan of the IP you gave, here are the result:

Scanning ports on 78.39.76.29

78.39.76.29 isn't responding on port 21 (ftp).
78.39.76.29 isn't responding on port 23 (telnet).
78.39.76.29 isn't responding on port 25 (smtp).
78.39.76.29 isn't responding on port 80 (http).
78.39.76.29 isn't responding on port 110 (pop3).
78.39.76.29 isn't responding on port 139 (netbios-ssn).
78.39.76.29 isn't responding on port 445 (microsoft-ds).
78.39.76.29 isn't responding on port 1433 (ms-sql-s).
78.39.76.29 isn't responding on port 1521 (ncube-lm).
78.39.76.29 isn't responding on port 1723 (pptp).
78.39.76.29 isn't responding on port 3306 (mysql).
78.39.76.29 isn't responding on port 3389 (ms-wbt-server).
78.39.76.29 isn't responding on port 5900 ().
78.39.76.29 isn't responding on port 8080 (webcache).
78.39.76.29 isn't responding on port 25897 ().

It appears that this IP is offline or is configured to not respond to portscans.
 
P

pepsi71ocean

New Member
Joined
Nov 7, 2007
Messages
1,471 (0.24/day)
Location
The Peoples Republic of New South Jersey
System Specs
System Name The Grand Phoenix Clusterflop
Processor AMD Phenom II X4 965 Black Edition Deneb @3.4GHz
Motherboard ASRock 870 EXTREME3
Cooling Xigmatec S1284 (Lapped)1x200mm, 4x120mm
Memory Muskin Silverline 4GB DDR3 1333 (PC3 10666) 9-9-9-24
Video Card(s) eVGA GTX 470 SC Edition 1280mb RAM (C/S/M)(640/1280/1705)
Storage 2x500GB Seagate, 32MB Cache 1xWD 40GB UMD IDE Hdd.
Display(s) SAMSUNG 22" LCDTV HD Monitor and Samsung 24"
Case COOLER MASTER RC-690
Audio Device(s) USB 2.0 Sound (USB out to my Stero System)
Power Supply Thermaltake XT TPX-775M 775W
Software Windows XP Home SP3
IggSter said:
That port is not a known service so in fact can be anything. If you are certain that packets are being sent to 78.39.76.29 from one of your LAN devices I would:

Run comprehensive virus scan on that PC
Run comprehensive malware scan on that PC
Run Hijackthis on your PC and submit report to Hijackthis website to get their opinion
Also you can configure your firewall to block these outgoing packets if you are worried about what is going on.
Click to expand...

im still not sure what computer its coming from, and iwas wonder if you could block that port through the network box or would that have to go through the firewall in windows.
 
IggSter

IggSter

Joined
Aug 24, 2007
Messages
443 (0.07/day)
Location
BY-S36
System Specs
System Name Bitch / Dogma
Processor 955 BE @ 3.8Gig / 9850 @stock
Video Card(s) 8800 GTX 512 / 4890
Storage 8 x Samsung F2 1.5TB, 8 x Seagate 500s
Display(s) Acer 24 / Dell 24
Case Lian li / Akasa
Software Win server 2008 / Win 7
Your router might be able to block that port...it depends on make/model and features.
You can configure a windows firewall to block outgoing packets to that IP but would need to be done on a per PC basis.
You can also install tunneling s/w on each PC which you can configure to send any packets destined for that IP to a fake destination.

If you post the make/model of your router I can have a search to see if it can be blocked there as this would be the quickest/easiest solution.
 
P

pepsi71ocean

New Member
Joined
Nov 7, 2007
Messages
1,471 (0.24/day)
Location
The Peoples Republic of New South Jersey
System Specs
System Name The Grand Phoenix Clusterflop
Processor AMD Phenom II X4 965 Black Edition Deneb @3.4GHz
Motherboard ASRock 870 EXTREME3
Cooling Xigmatec S1284 (Lapped)1x200mm, 4x120mm
Memory Muskin Silverline 4GB DDR3 1333 (PC3 10666) 9-9-9-24
Video Card(s) eVGA GTX 470 SC Edition 1280mb RAM (C/S/M)(640/1280/1705)
Storage 2x500GB Seagate, 32MB Cache 1xWD 40GB UMD IDE Hdd.
Display(s) SAMSUNG 22" LCDTV HD Monitor and Samsung 24"
Case COOLER MASTER RC-690
Audio Device(s) USB 2.0 Sound (USB out to my Stero System)
Power Supply Thermaltake XT TPX-775M 775W
Software Windows XP Home SP3
Linksys Wireless B 802.11B, its about 5 years old.

Any clue on how to block off that port in windows firewall. i kep looking aroudn but i can only find program blocks for firewall.
 
IggSter

IggSter

Joined
Aug 24, 2007
Messages
443 (0.07/day)
Location
BY-S36
System Specs
System Name Bitch / Dogma
Processor 955 BE @ 3.8Gig / 9850 @stock
Video Card(s) 8800 GTX 512 / 4890
Storage 8 x Samsung F2 1.5TB, 8 x Seagate 500s
Display(s) Acer 24 / Dell 24
Case Lian li / Akasa
Software Win server 2008 / Win 7
The should be a model number for your router on a label somewhere, if you can find that it would help a lot.

For windows XP blocking:

According to XP Help and Support on the Start Menu, you use the Exceptions
tab for this purpose: "To open a port for a program or service, select the
check box for the program or service. To close a port for a program or
service, clear the check box for the program or service."

If the above does not help, you may need something more robust and
configurable than the XP built-in firewall. There are several free
firewalls available that are more robust and configurable than the XP
Firewall:
www.agnitum.com
www.zonelabs.com
www.sygate.com
http://www.tinysoftware.com/home/tiny2?la=EN
http://www.kerio.com/kerio.html
 
P

pepsi71ocean

New Member
Joined
Nov 7, 2007
Messages
1,471 (0.24/day)
Location
The Peoples Republic of New South Jersey
System Specs
System Name The Grand Phoenix Clusterflop
Processor AMD Phenom II X4 965 Black Edition Deneb @3.4GHz
Motherboard ASRock 870 EXTREME3
Cooling Xigmatec S1284 (Lapped)1x200mm, 4x120mm
Memory Muskin Silverline 4GB DDR3 1333 (PC3 10666) 9-9-9-24
Video Card(s) eVGA GTX 470 SC Edition 1280mb RAM (C/S/M)(640/1280/1705)
Storage 2x500GB Seagate, 32MB Cache 1xWD 40GB UMD IDE Hdd.
Display(s) SAMSUNG 22" LCDTV HD Monitor and Samsung 24"
Case COOLER MASTER RC-690
Audio Device(s) USB 2.0 Sound (USB out to my Stero System)
Power Supply Thermaltake XT TPX-775M 775W
Software Windows XP Home SP3
any firewall you perfer?

ide have to look for the router lable.

EDIT: that Ip and the port number dissapereed from the outgoing log, and im not sure why.
 
IggSter

IggSter

Joined
Aug 24, 2007
Messages
443 (0.07/day)
Location
BY-S36
System Specs
System Name Bitch / Dogma
Processor 955 BE @ 3.8Gig / 9850 @stock
Video Card(s) 8800 GTX 512 / 4890
Storage 8 x Samsung F2 1.5TB, 8 x Seagate 500s
Display(s) Acer 24 / Dell 24
Case Lian li / Akasa
Software Win server 2008 / Win 7
I always prefer a hardware firewall but for software I have read good things about Commodo and Kerio.

EDIT: Best-Free-Firewalls
 
B

blaznee

Joined
Sep 17, 2008
Messages
97 (0.02/day)
System Specs
System Name Blaznee's pc
Processor i7-4770k
Motherboard Asus Maximus VII Ranger
Cooling Noctua NH-U14S
Memory 16GB Kingston HyperX Beast DDR3 2400mhz
Video Card(s) Evga GTX980 Superclocked
Storage Samsung 840Pro 500GB, WD Black 1TB Sata6GB, WD Green 2TB Sata
Display(s) Acer Predator 34" G-Sync
Case Corsair Graphite 600D White edition
Audio Device(s) FiiO E18 Kunlun DAC
Power Supply NZXT Hale90 850w
Software Windows 10
An easy fix is to just route the scary ip into nothingness locally..
 
You must log in or register to reply here.
Top