5 votes

Washington DC pinging my computer?

I like to use zonealarm on my computers because it is very verbose about what's going on behind the scenes regarding network traffic. Lately I'm getting a lot of notices such as the following: "The firewall has blocked Internet access to your computer (NetBIOS Session) from 169.245.165.145 (TCP Port 3941) [TCP Flags: S]."


Here's what I get when I resolve the ip address:


HOST DETAILS
IP Address:
169.245.165.145
IP Block Start:
169.245.0.0
IP Block End:
169.251.255.255
Reverse DNS:
169.245.165.145
Host/ISP:
Diplomatic Telecommunications Services - Program Office (DTS-PO)


Anyone have any idea about what's going on? I did not used to get these notifications and in the last two days I've had several...

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

I'd be curious if you have that tcp port open on your computer

3941 tcp homeportal-web Home Portal Web Server

Its not a ping, its a tcp syn handshake...an attempt to connect
to a server listening on that port.

Type netstat -an from a command prompt on your pc (dos box)

look for "tcp 3941......listening"

Are they always trying to connect to the same port on your pc?
or are they port scanning you?

In the absence of that port being open and listening on your computer, there's other possibilities?

1) Its possible that someone FATfingered an ip address.
2) That ip is hacked and someone is using it as a springboard for further hacking attempts.
3) some stupid govt employee is trying to hack

2nd possibility doesn't seem as likely, but hacked servers are where the majority of hacking attacks come from on the net.

And in case your wondering, The NSA doesn't hack using lame techniques like that... They can inject packets in real time to dynamic tcp portnumbers, intercepting sequence numbers etc, via man in the middle upstream connections.

____

"Take hold of the future or the future will take hold of you." -- Patrick Dixon

ChristianAnarchist's picture

Tried netstat and there were

Tried netstat and there were a lot of ports listening but not that port.

Beware the cult of "government"...

most pc's do have a lot of open ports

And it gets more difficult to close them with each version of windows OS.

If the same IP address, or something in the same ip range hits you again see if they're trying the same port number. I've seen portscans to my server, that were deliberately slowed down over time, from the same source, spread over days. Also seen distributed port scans so they would not attract attention. some of the tools those hackers use, allow them to spoof IP's on some port scanning methods to thwart showing the real source.

If its the same port number then its probably someone that just typed the wrong ip.... that's my guess.

not sure if zone alarm is a HIPS based firewall nowdays, but if not, I'd recommend you find out and install one that is.

____

"Take hold of the future or the future will take hold of you." -- Patrick Dixon

egapele's picture

Searched and found this on Wikipedia

"The Diplomatic Telecommunications Service (DTS) is a system of integrated telecommunications networks that supports foreign affairs agencies in Washington, D.C., and U.S. diplomatic missions abroad. It is administered by the United States Department of State Diplomatic Telecommunications Service Program Office (DTSPO).[1] DTS is a global network of network of telecommunications sites that is charged with providing a global, reliable, and cost-effective communications network for the U.S. foreign affairs community.[2]"

link: http://en.wikipedia.org/wiki/Diplomatic_Telecommunications_S...

ChristianAnarchist's picture

Perhaps another government

Perhaps another government organization could be using these ip's as a cover??

Beware the cult of "government"...