Hi,
I'm new here.
When viewing my "Log Viewer" for "Inbound Events" I get "Unsolicited Connections" all the time and under the "Event Information" heading it tells me what port was just accessed. And when I use the "Trace this IP" option it usually traces it to China or Australia and, of course, I have the option to ban it. I also get "Unsolicited Connections" from my ISP.
But, once in a while I get one from an IP that matches my ISP, but under the "Event Information" heading it says something obscene like (in this case) "Back Orifice 2000".
Under details it says:
"A computer at dns.rnc.net.cable.rogers.com..." (My ISP) "...has attempted an unsolicited connection to UDP port 54320 on your computer.
UDP port 54320 is commonly used by the "Back Orifice 2000" service or program. The source computer has scanned your computer for this trojan, but it has been blocked by your firewall."
QUESTIONS:
(1) In laymen's terms, what exactly does this mean, and should I be worried about someone accessing my computer?
(2) a) I also get hits for ports 18728 (like one every 15 seconds) and port 4466 (everytime I connect to the internet). What are these ports used for and how can I close them?
b) Have these connections already been blocked and my Log Viewer is merely noting that an attempt was made?
(3) I've also traced a group of IP's (all have the same set of numbers in them, with the exception of the last 2 or 3 digits) to a location the same distance away from CIA HQ in Virginia, and the Pentagon. To which I always scratch my head and wonder, WTF!?
(4) Has anyone else experienced the same thing here?