Yahoo Attack ?

[Amethyst]

I was downloading the ChainReaction Cart today...As it was downloading...My Sygate Firewall detacted that there is an Attack towards my Computer..

Somebody is scanning your computer.

Your computer's UDP ports:

2467, 2469, 2471, and 2525 have been scanned from 203.84.196.38..

Well i check at www.dnsstuff.com under the whois...And i discover that the Ip is from .Yahoo...This is the reports..

Any Idea what is this all about ??? Seems weird why does Yahoo wants to scan or attack my Computer ?

inetnum: 203.84.192.0 - 203.84.223.255

netname: YAHOO-ASIA-3

descr: Internet Content Provider

country: US

admin-c: YI12-AP

tech-c: YI12-AP

mnt-by: APNIC-HM

mnt-lower: MAINT-AP-YAHOO-INC

status: ASSIGNED PORTABLE

remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+

remarks: This object can only be updated by APNIC hostmasters.

remarks: To update this object, please contact APNIC

remarks: hostmasters and include your organisation's account

remarks: name in the subject line.

remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+

changed: **********@apnic.net 20050121

changed: **********@apnic.net 20050121

changed: **********@apnic.net 20050311

source: APNIC

route: 203.84.192.0/21

descr: Yahoo TPE

country: TW

origin: AS10229

mnt-by: MAINT-AP-YAHOO-INC

changed: *****@yahoo-inc.com 20050417

source: APNIC

role: YAHOO INC

address: 701 First Avenue

address: Sunnyvale, CA 94089

country: US

phone: +1 408 349 3300

fax-no: +1 408 349 3301

e-mail: *************@yahoo-inc.com

trouble: send spam and abuse reports to *****@yahoo.com

trouble: or visit http://abuse.yahoo.com

admin-c: KW133-AP

tech-c: KW133-AP

nic-hdl: YI12-AP

notify: ******@yahoo-inc.com

mnt-by: MAINT-AP-YAHOO-INC

changed: *****@yahoo-inc.com 20050225

source: APNIC

[coldcrush]

I was downloading the ChainReaction Cart today...As it was downloading...My Sygate Firewall detacted that there is an Attack towards my Computer..

Somebody is scanning your computer.

Your computer's UDP ports:

2467, 2469, 2471,  and 2525 have been scanned from 203.84.196.38..

Well i check at www.dnsstuff.com under the whois...And i discover that the Ip is from .Yahoo...This is the reports..

Any Idea what is this all about ??? Seems weird why does Yahoo wants to scan or attack my Computer  ?

inetnum:      203.84.192.0 - 203.84.223.255

netname:      YAHOO-ASIA-3

descr:        Internet Content Provider

country:      US

admin-c:      YI12-AP

tech-c:      YI12-AP

mnt-by:      APNIC-HM

mnt-lower:    MAINT-AP-YAHOO-INC

status:      ASSIGNED PORTABLE

remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+

remarks:      This object can only be updated by APNIC hostmasters.

remarks:      To update this object, please contact APNIC

remarks:      hostmasters and include your organisation's account

remarks:      name in the subject line.

remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+

changed:      **********@apnic.net 20050121

changed:      **********@apnic.net 20050121

changed:      **********@apnic.net 20050311

source:      APNIC

route:        203.84.192.0/21

descr:        Yahoo TPE

country:      TW

origin:      AS10229

mnt-by:      MAINT-AP-YAHOO-INC

changed:      *****@yahoo-inc.com 20050417

source:      APNIC

role:        YAHOO INC

address:      701 First Avenue

address:      Sunnyvale, CA 94089

country:      US

phone:        +1 408 349 3300

fax-no:      +1 408 349 3301

e-mail:      *************@yahoo-inc.com

trouble:      send spam and abuse reports to *****@yahoo.com

trouble:      or visit http://abuse.yahoo.com

admin-c:      KW133-AP

tech-c:      KW133-AP

nic-hdl:      YI12-AP

notify:      ******@yahoo-inc.com

mnt-by:      MAINT-AP-YAHOO-INC

changed:      *****@yahoo-inc.com 20050225

source:      APNIC

<{POST_SNAPBACK}>

Port Scans are common, however maybe install a different firewall if it puts your mind at ease. Look Here.

http://www.annoyances.org/exec/forum/winxp/t1083077931

Try this: http://www.tamos.com/products/nettools/

[Amethyst]

Thanx for the Link..Yeah i think many people is having the same problem...I think its normall

[Tywais]

Thanx for the Link..Yeah i think many people is having the same problem...I think its normall  

It's only normal because many hackers out their try to find an opening in a weak firewall otherwise it generally is not common practice. Also, the computer running the scanner was not Yahoo per say but a client using Yahoo as their ISP and independant of their web services.

The other reason to run a portscanner is an admin testing his own firewall security. Since I manage a firewall server at the university I test to see how well the firewall is locked down due to many attempts by others to find openings.

http://www.auditmypc.com/freescan/scanoptions.asp

http://www.portsense.com/prescan.cfm

[Amethyst]

wow thanx for the great info....And yes No wonder before i get to know what is firewall my computer is always having problems....Such as files being deleted...I was using the XP interneal Firewall but its not that reliable.....Always theres a problem with my CPU....

But when i try the Sygate Firewall it shows me the result of being attack...Well this is really good as i can now keep track of my Cpu...

[francois]

hi'

if you could see that someone was scanning your com, this means for me that your com is not stealth!

it was a port scan not an attempt! , surely closed but not stealth!

use ZA instead

and for tools, make a search on cyberkit, free

it's a standalone app, and give you a lot of tools including port scanner and else.

francois