PDA

View Full Version : Port Probe???

pillainp
12-07-2003, 03:33 AM
Ok, here's the deal:

I am being probed by someone out of the IP: <b>68.33.178.32</b> named "<b>chr176dhcp544.chrchv01.md.comcast.net</b>". There have been 2687 attempts over the past 24 hours. The probe is listed as the service "<b>AMD SCHED</b>" (or <b>amdsched</b>) and originate from various ports on the attacker, all directed at port 1931 on my machine. I am using ZoneAlarm Pro 4.5.530 for a firewall, VisualZone to log the attacks. ZoneAlarm has so far successfully blocked all the probes, and I have notified Comcast's abuse service of the incident. VisualZone can give me the attacker's DNS and Whois data, but cannot give me a location.
Question is, is there something else I need to do, and is someone else suffering the same problem?

My internet connection has really slowed down since this issue started. There was also a simultaneous probe from various users on the Kazaa network (mainly the US and Europe), but that seems to have tailed off.

Can somebody give me more info on this AMD SCHED thing? I cannot find anything from GOogle, and the closest I have got is to something called the <b>AMD SCHEDULER</b>.

All help sincerely appreciated.
bailey
12-07-2003, 03:55 AM
are you useing a router ?
what kind of connection are you useing
pillainp
12-07-2003, 07:56 AM
No router. I am using a firewall though (ZoneAlarm Pro 4.5.530, set in stealth mode).

I have a cable connection.
glc
12-07-2003, 02:30 PM
Location is somewhere in Maryland, USA. Port 1931 is indeed amdsched but haven't a clue what it does.
Blakhart
12-08-2003, 02:05 AM
http://www.onctek.com/registered_ports.txt
glc
12-08-2003, 02:46 AM
Yes, but that doesn't tell us what it does.
pillainp
12-08-2003, 09:04 AM
The old AMD SCHED intruder has changed IP now and is currently located at Parsippany, NJ, USA, (12-225-132-148.client.attbi.com, IP: 12.225.132.148). 15 attacks in the last one hour.

Strange how there is absolutely no info on that port (1931).

Thanks anyway all you guys.
pillainp
12-08-2003, 09:07 AM
At any rate, i am now glad i thought to put up a firewall and stealth it.
Is there any way to totally hide my IP?
(what if i disable broadcast/multicast in my firewall? will that affect my connection?)
DragonNOA1
12-08-2003, 10:12 AM
I have no idea what that is but I did find some articles that say it has to deal with "Simple Network Management Protocol (SNMP) on Cisco Systems".

Make sure you update your virus scanner and scan for viruses and spyware.
glc
12-08-2003, 02:06 PM
Actually that could be anywhere in the US - AT&T is headquartered in NJ and doesn't show locality in the hostname like Comcast.