|
| 
|
When to Report Suspicious Network Activity
If you're running firewall software, you may find that you regularly receive access attempts that you're unable to explain. Although you may be concerned that your system is under attack, or that someone is trying to break in to your computer, the average Internet user is typically not a target in port probes or scans.
Some of the access attempts that you see may indicate that the other system has been compromised, either by hackers, or by a virus infection. In cases that involve university computing resources, we wish to receive reports of these incidents so that we can identify the source of the problem and correct the problem.
Many access attempts you see may be "pings," or random scans of a network block attempting to locate computers to exploit. In these cases, there's no need to be alarmed, as your firewall software will protect your system from harm. (This is probably exactly the type of activity that led you to run firewall software in the first place!) If you're receiving persistent and ongoing access attempts (over the period of several hours or days), we will pursue an investigation and will take action with anyone found responsible, according to our Policy on the Acceptable Use of Information Technology Resources.
Luckily, one of the most common sources of access attempts is also one of the most harmless: file sharing activity.
The most common file sharing programs use standard port numbers and you can easily identify file sharing activity by looking at the logs in your firewall software. You may find that you're receiving persistent probes on these ports over a period of several minutes or even hours from an IP address associated with the university. Typically, this indicates that our user was linked up to some other customer of your ISP, using a particular dynamically-assigned IP address. After that other customer disconnected from the network, when you connected, you were assigned that same IP address. Meanwhile, our user's computer notices that its peer has disappeared and attempts to access that IP address. The file sharing program assumes that its peer is going to come back eventually and keeps attempting to connect. In these cases, the attempts generally cease after either you or our user have logged off the network. Unless this activity continues over several days, even after you have logged off and back on to your ISP, there is no need to report these incidents.
Finally, you should report to us any other suspicious activity that you may have detected using your firewall software.
|
| CONTACT US |
| If you're receiving suspicious, persistent access attempts from an IP address belonging to the University of Maryland, please contact us to File a Complaint. Be sure to include the relevant logs from your firewall software. |
| FIND OUT MORE |
The following are some common file sharing programs that, if found on your machine, should be disabled:
Ares/AresWarez
Gnutella
Audiogalaxy
Limewire
BitTorrent
DC++
For more information, check this list of Assigned Port Numbers.
|
|
