G
@eimaj2nz said:Looking at the data, it appears that a couple of the other posters were indeed correct. You're not being port scanned by the DoD. You're trying to DoS them!
In the DoD screen shot, you can see a couple of entries there that mention Palacky University. In these, you can see that the Source address is from somewhere on the internet, and the Destination is your PC. This shows that someone at that university is trying to connect to you.
With the other entries, it looks like your computer is trying to create TCP connections to the DoD. When you create a new TCP connection, your computer creates a new port. Often, the port numbers used are sequential, although after a while lower port numbers will be re-used.
As far as I can tell, you've either got a trojan infection, or your file sharing client believes that the DoD is a legitimate file source.
The best way to tell is to use a utility such as TCPView (http://www.microsoft.com/technet/sysinternals/Networking/TcpView.mspx), which will tell you which process created those ports. Let's just hope your computer's not pwned!
Yah, re: the email i locked the subnets on my router out, and now everything is all quiet on the western front. I realize it looks like i was infected, or that i was DoSing them, but there were at least 2 other people that were getting the same output from PG2 at the same time as me. The IP was spoofed, and i wasn't really trying to say anything by posting here, really, other than "WTF DOD OMG". i understand that, by nature, forums have flamers. :-) I still like this community a lot!
Also i use Knoppix:STD sometimes, and had i remembered where i put the disc i would have used ethercap or something similar to analyze it in real-time; however the attacks were long - but not long enough to dig out a disc and boot my laptop and get to work on packet sniffing. I was mostly posting it here as an aside; now i know that i shouldn't. Haha.
-the Gene Witch