×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
sumgai
Former Member
Message 1 of 4

"Unsolicited Connections"

Hi,

I'm new here.
When viewing my "Log Viewer" for "Inbound Events" I get "Unsolicited Connections" all the time and under the "Event Information" heading it tells me what port was just accessed. And when I use the "Trace this IP" option it usually traces it to China or Australia and, of course, I have the option to ban it. I also get "Unsolicited Connections" from my ISP.

But, once in a while I get one from an IP that matches my ISP, but under the "Event Information" heading it says something obscene like (in this case) "Back Orifice 2000".

Under details it says:

"A computer at dns.rnc.net.cable.rogers.com..." (My ISP) "...has attempted an unsolicited connection to UDP port 54320 on your computer.

UDP port 54320 is commonly used by the "Back Orifice 2000" service or program. The source computer has scanned your computer for this trojan, but it has been blocked by your firewall."

QUESTIONS:
(1) In laymen's terms, what exactly does this mean, and should I be worried about someone accessing my computer?

(2) a) I also get hits for ports 18728 (like one every 15 seconds) and port 4466 (everytime I connect to the internet). What are these ports used for and how can I close them?
b) Have these connections already been blocked and my Log Viewer is merely noting that an attempt was made?

(3) I've also traced a group of IP's (all have the same set of numbers in them, with the exception of the last 2 or 3 digits) to a location the same distance away from CIA HQ in Virginia, and the Pentagon. To which I always scratch my head and wonder, WTF!?

(4) Has anyone else experienced the same thing here?
3 Replies
exbrit
MVP
MVP
Message 2 of 4

RE: "Unsolicited Connections"

One could easily panic reading the Inbound Events log and over the years I've learned to leave it well alone & simply ignore it. It represents FAILED attempts at entering your machine. Not all of them are malicious but many are and it just serves to show you that the firewall is alive and well.
sumgai
Former Member
Message 3 of 4

RE: "Unsolicited Connections"

Yeah, that's what I figured. But then why does it give me the option to "Ban this IP" or even "Trace this IP"?

I'm not panicking here as my computer is still running normally and I haven't experienced any drastic changes, let alone loss of control over it. I'm just curious.
exbrit
MVP
MVP
Message 4 of 4

RE: "Unsolicited Connections"

Not sure why they still give the option to ban the IP. I guess if you knew a certain one was trying to hack your machine, you could ban it and then at least give yourself the peace of mind knowing it was dealt with.

Trace is there to satisfy the curiosity I guess.
How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community