Crazy high firewall access count

"Please leave a message at the beep, we will get back to you when your support contract expires."

Moderators: phlip, Moderators General, Prelates

YukoValis
Posts: 15
Joined: Fri Aug 28, 2009 11:50 am UTC

Crazy high firewall access count

Postby YukoValis » Wed Dec 10, 2014 12:32 pm UTC

So I'm up late in the morning, just messing about on the computer, when my sleepy mind decides to take a look at my firewall log. Cause you never know.
I see this curious sight before me, and I'm not quite 100% sure on what's going on. Keep in mind it's a Comcast standard firewall, so it is rather crummy.

Description
DENY: Inbound or outbound access request

Count
980211 times! and still active.

Occurrence Last
Wed Dec 10, -2 seconds ago-

Target
Keeps changing, sometimes my modem IP, sometimes my computer IP

Source
Also keeps changing. Sometimes 10.0.0.4, sometimes 74.125.22.188 on different ports.

Anyone have any idea on what I'm looking at here? What's more maybe something I can do to get more information? Think this might be a bot? Maybe I'm right now too sleepy to understand.
Ah well Thank you for anyone who responds.
Last edited by YukoValis on Thu Dec 11, 2014 10:03 am UTC, edited 1 time in total.

User avatar
Sizik
Posts: 1215
Joined: Wed Aug 27, 2008 3:48 am UTC

Re: Crazy high firewall access count

Postby Sizik » Wed Dec 10, 2014 4:19 pm UTC

10.0.0.4 is a private network address (like 192.168.x.x), which means it's from another device on your home network. 74.125.22.188 seems to be from Google.
gmalivuk wrote:
King Author wrote:If space (rather, distance) is an illusion, it'd be possible for one meta-me to experience both body's sensory inputs.
Yes. And if wishes were horses, wishing wells would fill up very quickly with drowned horses.

User avatar
hotaru
Posts: 1041
Joined: Fri Apr 13, 2007 6:54 pm UTC

Re: Crazy high firewall access count

Postby hotaru » Wed Dec 10, 2014 7:36 pm UTC

does the target port change, or does it stay the same? if it stays the same, what is it? is anything listening on that port on your computer?

Code: Select all

factorial product enumFromTo 1
isPrime n 
factorial (1) `mod== 1

YukoValis
Posts: 15
Joined: Fri Aug 28, 2009 11:50 am UTC

Re: Crazy high firewall access count

Postby YukoValis » Thu Dec 11, 2014 10:01 am UTC

hotaru wrote:does the target port change, or does it stay the same? if it stays the same, what is it? is anything listening on that port on your computer?


The port changes. each time I refresh it gives me a random port

Target has been
3306
443
63213

Source has been
55440
52320
443

In those orders. Whenever it's 3306, the source is 55440 etc.
It's up to a count of 994542 right now.

YukoValis
Posts: 15
Joined: Fri Aug 28, 2009 11:50 am UTC

Re: Crazy high firewall access count

Postby YukoValis » Sun Dec 14, 2014 12:13 pm UTC

UPDATE!
Turns out my GF's driod smartphone is the cause. I don't really know how. The count was still climbing, every second. She shuts off her phone and then the count stops. She turns it back on, and the count resumes. Why?? We have a family plan, and each has smartphones here, but it is only her phone that creates the firewall block. and yes she does have trouble connecting here.

User avatar
phlip
Restorer of Worlds
Posts: 7554
Joined: Sat Sep 23, 2006 3:56 am UTC
Location: Australia
Contact:

Re: Crazy high firewall access count

Postby phlip » Wed Dec 17, 2014 1:20 am UTC

Port 443 is HTTPS, while port 3306 is... usually MySQL? Weird. The high numbers are probably auto-generated source ports for the other end of the connection, ie the connection is probably from 10.0.0.4 (which I presume is the phone) on port [random large number] to Google on port 443 (HTTPS)... and which one of those ends is the "source" and "destination" depends on which way the packet you're looking at is going.

The IP 74.125.22.188 appears to be a Google Talk server (random Internet utilities tell me it's one of the IPs for mtalk.google.com). There's probably something on her phone that's trying to automatically connect to that server, and that's hitting your firewall. No idea what the port-3306 connection is for, maybe Google Talk just does something weird on a non-standard port that happens to be the same port MySQL uses? I dunno.

Code: Select all

enum ಠ_ಠ {°□°╰=1, °Д°╰, ಠ益ಠ╰};
void ┻━┻︵​╰(ಠ_ಠ ⚠) {exit((int)⚠);}
[he/him/his]

YukoValis
Posts: 15
Joined: Fri Aug 28, 2009 11:50 am UTC

Re: Crazy high firewall access count

Postby YukoValis » Thu Dec 18, 2014 4:59 am UTC

phlip wrote:Port 443 is HTTPS, while port 3306 is... usually MySQL? Weird. The high numbers are probably auto-generated source ports for the other end of the connection, ie the connection is probably from 10.0.0.4 (which I presume is the phone) on port [random large number] to Google on port 443 (HTTPS)... and which one of those ends is the "source" and "destination" depends on which way the packet you're looking at is going.

The IP 74.125.22.188 appears to be a Google Talk server (random Internet utilities tell me it's one of the IPs for mtalk.google.com). There's probably something on her phone that's trying to automatically connect to that server, and that's hitting your firewall. No idea what the port-3306 connection is for, maybe Google Talk just does something weird on a non-standard port that happens to be the same port MySQL uses? I dunno.


First of all.. why did that make so much sense to me? *shudders* second, that is an awesome avatar picture. third.. so I guess this is why she can't really connect to the wifi at home maybe since my firewall is off the modem and my router wifi goes through that. So her phone is trying to get out, and it continues to block her. I'm telling you the woman has no luck with technology. Last but not least, Thank you for the information phlip. I'm going to mess with it, I'll post here if I find anything interesting.


Return to “The Help Desk”

Who is online

Users browsing this forum: No registered users and 8 guests