XP home edition behind firewall
Joel Hammer
Joel
Mon May 17 11:31:38 PDT 2004
I have an XP home edition on my home network behind my firewall. I know
nothing about XP.
This morning at localtime 5:45 am I noticed a connection with a lot of data
being send to this address from my XP machine:
217.84.15.157.1214 > 192.168.1.9.1632
The XP machine of course is the 192 address.
nslookup gave some typical appearing DHCP type name, which I didn't write
down!
I looked at the XP box. It had been left on, with a user logged in. IE was
running but I couldn't enlarge the icon at the bottom of the screen. I shut
down the XP box, the connection stopped, and nslookup no longer resolved the
ip address above. I know that XP has vulnerabilities, but I thought the
firewall would protect it (foolish dreamer).
SO, the question is, is this a hack? Is there some port I need to block on my firewall to
prevent this sort of access?
Joel
More information about the Linux-users
mailing list