Hacker Attack?

[PowerYoga]

in the past minute this ip address scanned my computer over 200 times...

216.17.89.86

and my firewall sait it blocked the port scan.

here's some of the text

FWIN,2002/03/09,00:36:56 -6:00 GMT,12.230.74.36:18373,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:37:56 -6:00 GMT,12.230.74.36:18434,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:38:34 -6:00 GMT,151.30.197.201:3484,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:41:34 -6:00 GMT,158.152.155.250:3054,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:42:51 -6:00 GMT,12.252.125.19:19411,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:42:56 -6:00 GMT,12.230.74.36:18712,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:43:17 -6:00 GMT,12.230.74.36:18740,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:47:56 -6:00 GMT,12.230.74.36:19009,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:48:37 -6:00 GMT,12.230.74.36:19042,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:50:01 -6:00 GMT,158.152.155.250:3197,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:50:21 -6:00 GMT,12.252.125.19:19649,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:51:31 -6:00 GMT,151.30.197.201:3568,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:52:05 -6:00 GMT,24.141.171.185:1035,216.17.89.86:137,UDP
FWIN,2002/03/09,00:52:56 -6:00 GMT,12.230.74.36:19301,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:53:56 -6:00 GMT,12.230.74.36:19356,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:57:53 -6:00 GMT,12.252.125.19:20007,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:57:56 -6:00 GMT,12.230.74.36:19595,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:58:15 -6:00 GMT,151.30.197.201:3603,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:58:47 -6:00 GMT,158.152.155.250:3361,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,00:59:20 -6:00 GMT,12.230.74.36:19667,216.17.89.86:1214,TCP (flags:S)
FWOUT,2002/03/09,01:00:59 -6:00 GMT,216.17.89.86:2207,216.17.3.121:53,UDP
FWIN,2002/03/09,01:02:56 -6:00 GMT,12.230.74.36:19880,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:04:44 -6:00 GMT,12.230.74.36:19967,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:05:05 -6:00 GMT,151.30.197.201:3645,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:05:25 -6:00 GMT,12.252.125.19:20322,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:07:29 -6:00 GMT,158.152.155.250:3627,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:07:56 -6:00 GMT,12.230.74.36:20157,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:10:04 -6:00 GMT,12.230.74.36:20269,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:10:44 -6:00 GMT,210.23.235.202:1901,216.17.89.86:21,TCP (flags:S)
FWIN,2002/03/09,01:12:56 -6:00 GMT,12.252.125.19:20450,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:12:56 -6:00 GMT,12.230.74.36:20430,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:14:44 -6:00 GMT,151.30.197.201:3691,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:15:10 -6:00 GMT,12.230.74.36:20537,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:15:38 -6:00 GMT,12.230.74.36:20560,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:15:56 -6:00 GMT,158.152.155.250:3840,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:20:26 -6:00 GMT,12.252.125.19:20564,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:21:03 -6:00 GMT,12.230.74.36:20860,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:22:08 -6:00 GMT,12.230.74.36:20916,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:22:38 -6:00 GMT,12.230.74.36:20962,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:23:08 -6:00 GMT,12.230.74.36:20994,216.17.89.86:1214,TCP (flags:S)
FWIN,2002/03/09,01:24:42 -6:00 GMT,158.152.155.250:4003,216.17.89.86:1214,TCP (flags:S)

 

[Bglad]

Why don't you try posting this in every forum to see if you get an answer.

 

[Staver]

abuse@usinternet.com = 216.17.89.86 = uv86.usinternet.com

I didn't see any Trojans or Viruses listed that use that port, so be sure it was not a game server or something you were connected to.

 

[PowerYoga]

it can't be a game server because i JUST logged on to my computer and immediately got 10 attacks. Then within the next minute or so i hit about 300+... its not normal i know. I posted this in technical support forum and somebody gave me the trace to US Internet services, which i also traced myself but didn't find too useful. however, the attack stops when i sign on to Kazaa. I removed spyware (cydoor) from kazaa already. Could it just be someone who is desperate to download some movies from my computer? (and uses a port scanner continiously so he/she can download as soon as i got on)?

 

[Comp625]

A security risk? Possibly. Here's a possible scenerio on why you're being scanned a billion times though. I once had over 500+ alerts from ZoneAlarm all from 1 IP. ZA kept telling me the guy was pinging each of my ports (kinda like a port scan). But thankfully, I found out it wasn't a hacker attack. I found out that if I was running a P2P program (Limewire for example) and I quitted while someone was downloading from me... the guy's Limewire would ping my IP and search for other open ports to see whether they can still download from you or not.

The pinging would continue even after reboots and uninstalling and reinstalling everything (even Win98). Safe to say, all you had to do was go back on Limewire and cancel the transfer or let the transfer finish.

 

[PowerYoga]

thanks... at least i know that its not really the person's fault. (or is it? ) Would they stop pinging ports after THEY restart their computer? Or does it resume after they reboot up?