Hamzah Abusamak 0 Posted March 24, 2014 Share Posted March 24, 2014 I am getting this from time to time, I dont know what is about plus I dont know what program is going to recieve the incoming connection. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted March 24, 2014 Share Posted March 24, 2014 Hello, A whois returns the following: inetnum: 82.221.105.0 - 82.221.105.255netname: IS-ORANGEWEBSITEdescr: OrangeWebsite.comcountry: ISorg: ORG-OFO1-RIPEadmin-c: OTD3-RIPEtech-c: OTD3-RIPEstatus: ASSIGNED PAmnt-by: MNT-ADVANIAsource: RIPE # Filteredorganisation: ORG-OFO1-RIPEorg-name: OrangeWebsite Finland Oyorg-type: OTHERaddress: Hannikaisenkatu 14abuse-c: OTD3-RIPEmnt-ref: MNT-ADVANIAmnt-by: MNT-ADVANIAsource: RIPE # Filteredrole: OrangeWebsite.com Technical Departmentaddress: OrangeWebsite.comaddress: Klapparstigur 7address: 101 Reykjavikaddress: Icelandabuse-mailbox: abuse@orangewebsite.comadmin-c: AK12182-RIPEtech-c: AK12182-RIPEmnt-by: MNT-ADVANIAnic-hdl: OTD3-RIPEsource: RIPE # Filtered Link to comment Share on other sites More sharing options...
Arakasi 549 Posted March 24, 2014 Share Posted March 24, 2014 It would appear they are a hosting company. Do you have dealings or service with OrangeWebsite ? Link to comment Share on other sites More sharing options...
Hamzah Abusamak 0 Posted March 24, 2014 Author Share Posted March 24, 2014 No OrangeWebsite I have no idea about it. the strange thing its an inbound traffic to nowhere. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted March 24, 2014 Share Posted March 24, 2014 (edited) Also take caution as port 5353 can be used for the following reasons: -iChat, Mac OS X Bonjour/Zeroconf port-Multicast DNS (MDNS) [iESG] (IANA official) Primarily on Mac OSX , possibly p2p ?-Backdoor.Optix (2004.02.10) - a backdoor trojan horse that gives an attacker unauthorized access to an infected computer by opening TCP port 5353 and listening for incoming connections.-Avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS IPv4 or IPv6 UDP packet to port 5353.References: [CVE-2011-1002], [BID-46446]-Remote attackers can perform a denial of service in WebRamp systems by sending a malicious UDP packet to port 5353, changing its IP address.References: [CVE-1999-0438] Also see this link: hxxp://www.pc-library.com/ports/tcp-udp-port/5353/ My recommendation is this: Run an In-depth scan on all local drives for your system. Edited March 24, 2014 by Arakasi Link to comment Share on other sites More sharing options...
Hamzah Abusamak 0 Posted March 24, 2014 Author Share Posted March 24, 2014 Okay, but why there is no application path? it says " a remote computer is attempting to communicate with an application on this computer" Where is that local application ? Link to comment Share on other sites More sharing options...
Hamzah Abusamak 0 Posted March 24, 2014 Author Share Posted March 24, 2014 (edited) Do you know that shodan.io for haxers somone trying to access the computer ? right ? Edited March 24, 2014 by Hamzah Abusamak Link to comment Share on other sites More sharing options...
Arakasi 549 Posted March 24, 2014 Share Posted March 24, 2014 The application in question could be a reclusive executable, or an obfuscated one. Thus, recommend running a full in-depth scan. I am unaware of shodan.io, where did you reference that ? For now, i would check Remember Action (create rule) and Deny. You can refer back if any of your applications begin to reveal issues, and delete the rule. Link to comment Share on other sites More sharing options...
Hamzah Abusamak 0 Posted March 24, 2014 Author Share Posted March 24, 2014 ok shodan.io is a website, type it on ur address bar Link to comment Share on other sites More sharing options...
Arakasi 549 Posted March 24, 2014 Share Posted March 24, 2014 (edited) ok shodan.io is a website, type it on ur address bar I see now, you are right. The domain must be behind the proxy orangewebsite or simply hosted there. Edited March 24, 2014 by Arakasi Link to comment Share on other sites More sharing options...
ESET Moderators Aryeh Goretsky 361 Posted March 25, 2014 ESET Moderators Share Posted March 25, 2014 Hello, Shodan is a company which scans the public Internet for accessible computers. In this case, it looks like they were scanning the IP range belonging to your ISP and attempted to connect to your computer. This is why it is a good idea to run a firewall, and to place a router between your modem and computer, in order to block direct connection attempts from the Internet to your computer(s). Regards, Aryeh Goretsky Link to comment Share on other sites More sharing options...
Arakasi 549 Posted March 25, 2014 Share Posted March 25, 2014 Thank you for the clarification Mr. Goretsky. Very nice indeed. Link to comment Share on other sites More sharing options...
Hamzah Abusamak 0 Posted March 25, 2014 Author Share Posted March 25, 2014 I see, by the way, how can I reset my Eset to the default values as it was first installed ? Link to comment Share on other sites More sharing options...
Arakasi 549 Posted March 25, 2014 Share Posted March 25, 2014 Hi, The best method is to uninstall and reinstall. Manually will have a few steps. To reset the firewall rules to default, follow the directions outlined here : hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN941 If you would like to reset to default settings and values of everything else you can open the Advanced setup and click the button labeled "Default" in the lower right corner. Link to comment Share on other sites More sharing options...
Hamzah Abusamak 0 Posted March 25, 2014 Author Share Posted March 25, 2014 ok if i opt to uninstall and reinstall. can i keep the updated signature ? I don't want to waste some megabytes downloading a new signature db Link to comment Share on other sites More sharing options...
Arakasi 549 Posted March 25, 2014 Share Posted March 25, 2014 (edited) No, database is removed as well, and license. Will have to use the later route of pressing default buttons and options etc. Edited March 25, 2014 by Arakasi Link to comment Share on other sites More sharing options...
Hamzah Abusamak 0 Posted March 25, 2014 Author Share Posted March 25, 2014 Why I can't delete or disable these things ? I want to have the full control over every single process. Link to comment Share on other sites More sharing options...
Hamzah Abusamak 0 Posted March 25, 2014 Author Share Posted March 25, 2014 I am getting crazy, what is this about ? what is that tracking and opencandy thing Link to comment Share on other sites More sharing options...
Arakasi 549 Posted March 25, 2014 Share Posted March 25, 2014 Why I can't delete or disable these things ? I want to have the full control over every single process. Click the Toggle Application Tree to delete your rules. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted March 25, 2014 Share Posted March 25, 2014 I am getting crazy, what is this about ? what is that tracking and opencandy thing Open Candy is malware. It is a classification of adware called win32/OpenCandy ESET detects this and i recommend running an In-depth scan on the system. What is OpenCandy and why does it trigger a threat warning? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,841 Posted March 27, 2014 Administrators Share Posted March 27, 2014 I'd suggest running a full disk scan with both potentially unwanted and unsafe applications enabled. They are not malicious but you may not want to have them on your computer. Link to comment Share on other sites More sharing options...
Recommended Posts