attack on my ip?

[Dist]

can some1 please explain what this is, wether it is an attack on my ip or something. these are some of my router logs(im only posting a couple random lines from the log as theres so much):

11| <SPI: non-existing connection> <TCP>Source=85.116.31.2, Destination=82.45.102.15:29992
12| <SPI: non-existing connection> <TCP>Source=85.116.31.2, Destination=82.45.102.15:559
13| <SPI: non-existing connection> <TCP>Source=85.116.31.2, Destination=82.45.102.15:63000
11| <SPI: non-existing connection> <TCP>Source=85.116.31.2, Destination=82.45.102.15:29992
12| <SPI: non-existing connection> <TCP>Source=85.116.31.2, Destination=82.45.102.15:559
13| <SPI: non-existing connection> <TCP>Source=85.116.31.2, Destination=82.45.102.15:63000
32| <SPI: non-existing connection> <TCP>Source=85.116.31.2, Destination=82.45.102.15:3332
33| <SPI: non-existing connection> <TCP>Source=85.116.31.2, Destination=82.45.102.15:808
34| <SPI: non-existing connection> <TCP>Source=85.116.31.2, Destination=82.45.102.15:7441
35| <SPI: non-existing connection> <TCP>Source=85.116.31.2, Destination=82.45.102.15:5490

its basicaly just goes on and on, all from the same source, to tons of different destination ports on my ip.

EDIT: looking through my logs ive also seen multiple attempts (although not too many) from different ips all trying port 135
50| <SPI: non-existing connection> <TCP>Source=82.243.159.171, Destination=82.45.102.15:135
51| <SPI: non-existing connection> <TCP>Source=82.243.159.171, Destination=82.45.102.15:135
52| <SPI: non-existing connection> <TCP>Source=82.227.171.161, Destination=82.45.102.15:135
53| <SPI: non-existing connection> <TCP>Source=82.227.171.161, Destination=82.45.102.15:135

is there something special about this port why ppl keep trying to access it, as i understand the high range ports can be used for anything but low ports are designed for specific things, whats port 135 for?

 

[bitslice]

this was on the notes section for that IP
---------------------------------------
85.116.31.0 - 85.116.31.3 = QuakeNet IRC Network.
It will only scan you if you connect to the IRC network.
If you were scanned by that IP and believe you do not connect to QuakeNet - We suggest you get your system checked by a Virus/Trojan Scanner
---------------------------------------

...try turning off IRC and see if it goes away ?

---

the other on is probably just some random hacker scan from a French ISP

Port 135 is Microsoft's DCOM Service Control Manager, and is not something you want left open to the net.
If you are running a firewall/router and have configured this port to be blocked (usually it's a default setting) then you are OK


(...then again, I could be wrong)

.

 

[OllyM]

They're being blocked... what's the problem?!

 

[Dist]

ok now that i realize the main port scan is from quakenet that doenst worry me, but the problem still remains that some person on a french ISP keeps changing his ip then trying to connect on port 135. i know its not doing anything since its a non excisting connection as that port isnt open, but my point is why is he doing it? surely if hes a hacker trying to get into that port on random ppls pcs he would try, if its not open, give up and try a different person, not repeatadly try.

 

[bitslice]

If it's just a program he's got running to find open ports, then it looks broken, maybe he'll give up in a day or so.

Sometimes these things happen when there was an existing link, the IP's get reallocated for some reason, yet the connection keeps trying to reconnect.

If it goes on for a few days, then send the logs to [email protected].
(Ask them v.nicely in French or it'll get binned.)

apologies for only half reading your 1st post