Techie help (again)

[mitchy]

Saw something weird this morning, makes me think someone's trying to hack my internet connection in some fashion. The following is a log from Turnpike, which is my email and news collection programme.

Sat, 5 May 2007 13:40:37 Collecting mail from POP3 server pop3.demon.co.uk
Sat, 5 May 2007 13:40:37 Finished collecting mail from POP3 server pop3.demon.co.uk, 0 messages accepted, 0 rejected
Sat, 5 May 2007 13:40:37 0 messages deleted from POP3 server, 0 messages remain
Sat, 5 May 2007 13:40:39 Collecting Usenet News from news.individual.net
Sat, 5 May 2007 13:40:39 News connection to news.individual.net closed - filing continues
Sat, 5 May 2007 13:40:39 News from news.individual.net completed, 0 articles fetched, 0 posted
Sat, 5 May 2007 13:42:23 Servicing a POP3 connection from [66.131.181.57]
Sat, 5 May 2007 13:42:33 Servicing a POP3 connection from [66.131.181.57]
Sat, 5 May 2007 13:42:34 Servicing a POP3 connection from [66.131.181.57]
Sat, 5 May 2007 13:42:34 Servicing a POP3 connection from [66.131.181.57]
Sat, 5 May 2007 13:42:34 Servicing a POP3 connection from [66.131.181.57]
Sat, 5 May 2007 13:42:34 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:34 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:34 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:34 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:35 Servicing a POP3 connection from [66.131.181.57]
Sat, 5 May 2007 13:42:35 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:35 Servicing a POP3 connection from [66.131.181.57]
Sat, 5 May 2007 13:42:36 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:37 Servicing a POP3 connection from [66.131.181.57]
Sat, 5 May 2007 13:42:37 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:40 Servicing a POP3 connection from [66.131.181.57]
Write error
-- Winsock ERROR : Connection reset
Write error
-- Winsock ERROR : Connection reset
Sat, 5 May 2007 13:42:40 Error on closing
-- Winsock ERROR : Connection aborted
Sat, 5 May 2007 13:42:40 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:40 Servicing a POP3 connection from [66.131.181.57]
Write error
-- Winsock ERROR : Connection reset
Write error
-- Winsock ERROR : Connection reset
Sat, 5 May 2007 13:42:40 Error on closing
-- Winsock ERROR : Connection aborted
Sat, 5 May 2007 13:42:40 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:42 Servicing a POP3 connection from [66.131.181.57]
Write error
-- Winsock ERROR : Connection reset
Write error
-- Winsock ERROR : Connection reset
Sat, 5 May 2007 13:42:42 Error on closing
-- Winsock ERROR : Connection aborted
Sat, 5 May 2007 13:42:42 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:43 Servicing a POP3 connection from [66.131.181.57]
Write error
-- Winsock ERROR : Connection reset
Sat, 5 May 2007 13:42:43 POP3 connection from [66.131.181.57] is now closed
Write error
-- Winsock ERROR : Connection reset
Sat, 5 May 2007 13:42:43 Error on closing
-- Winsock ERROR : Connection aborted
Sat, 5 May 2007 13:42:43 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:43 Servicing a POP3 connection from [66.131.181.57]
Sat, 5 May 2007 13:42:43 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:44 Servicing a POP3 connection from [66.131.181.57]
Write error
-- Winsock ERROR : Connection reset
Write error
-- Winsock ERROR : Connection reset
Sat, 5 May 2007 13:42:44 Error on closing
-- Winsock ERROR : Connection aborted
Sat, 5 May 2007 13:42:44 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:44 Servicing a POP3 connection from [66.131.181.57]
Write error
-- Winsock ERROR : Connection reset
Write error
-- Winsock ERROR : Connection reset
Sat, 5 May 2007 13:42:44 Error on closing
-- Winsock ERROR : Connection aborted
Sat, 5 May 2007 13:42:44 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:45 Servicing a POP3 connection from [66.131.181.57]
Write error
-- Winsock ERROR : Connection reset
Write error
-- Winsock ERROR : Connection reset
Sat, 5 May 2007 13:42:45 Error on closing
-- Winsock ERROR : Connection aborted
Sat, 5 May 2007 13:42:45 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:45 Servicing a POP3 connection from [66.131.181.57]
Sat, 5 May 2007 13:42:45 Servicing a POP3 connection from [66.131.181.57]
Write error
-- Winsock ERROR : Connection reset
Sat, 5 May 2007 13:42:45 Servicing a POP3 connection from [66.131.181.57]
Write error
-- Winsock ERROR : Connection reset
Write error
-- Winsock ERROR : Connection reset
Sat, 5 May 2007 13:42:45 Error on closing
-- Winsock ERROR : Connection aborted
Write error
-- Winsock ERROR : Connection reset
Write error
-- Winsock ERROR : Connection reset
Sat, 5 May 2007 13:42:45 Error on closing
-- Winsock ERROR : Connection aborted
Write error
-- Winsock ERROR : Connection reset
Sat, 5 May 2007 13:42:45 Error on closing
-- Winsock ERROR : Connection aborted
Sat, 5 May 2007 13:42:45 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:45 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:45 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:45 Servicing a POP3 connection from [66.131.181.57]
Sat, 5 May 2007 13:42:45 Servicing a POP3 connection from [66.131.181.57]
Sat, 5 May 2007 13:42:45 Servicing a POP3 connection from [66.131.181.57]
Sat, 5 May 2007 13:42:45 Servicing a POP3 connection from [66.131.181.57]
Sat, 5 May 2007 13:42:46 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:46 Servicing a POP3 connection from [66.131.181.57]
Write error
-- Winsock ERROR : Connection reset
Write error
-- Winsock ERROR : Connection reset
Sat, 5 May 2007 13:42:46 Error on closing
-- Winsock ERROR : Connection aborted
Sat, 5 May 2007 13:42:46 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:46 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:46 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:46 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:47 Servicing a POP3 connection from [66.131.181.57]
Sat, 5 May 2007 13:42:47 Servicing a POP3 connection from [66.131.181.57]
Sat, 5 May 2007 13:42:47 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:47 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:48 Servicing a POP3 connection from [66.131.181.57]
Sat, 5 May 2007 13:42:48 Servicing a POP3 connection from [66.131.181.57]
Sat, 5 May 2007 13:42:48 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:49 Servicing a POP3 connection from [66.131.181.57]
Sat, 5 May 2007 13:42:49 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:49 Servicing a POP3 connection from [66.131.181.57]
Sat, 5 May 2007 13:42:49 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:49 POP3 connection from [66.131.181.57] is now closed
Sat, 5 May 2007 13:42:52 Disconnected!


I shut Turnpike down immediately I spotted this, and then noticed my internet connection was still very, very active so shut that down too. Can anyone advise if I'm right to be worried and, if yes, what I should do about it?

Thanks folks!

Comments

[bibliogirl.livejournal.com]

Hm. Yes, I think possibly you were right to be worried; that IP address looks as though it comes from a cable modem in Canada, i.e. not necessarily someone you'd expect to be running a POP3 server. Though it doesn't look like they actually managed to _do_ anything, just that they were attempting to connect to your machine on that port.

[mitchy.livejournal.com]

Ah-hah! Thanks! Well good to know they didn't do anything. I've checked my Windows Firewall, which was (and is) enabled, and made sure only programs I know about are on the exceptions list. Is there anything else I could/should do to improve my security?

Thanks :)

[jebbypal]

window's firewall isn't very good necessarily. zone alarm offers a very good free one:
http://www.zonealarm.com/store/content/catalog/products/sku_list_zaav.jsp?dc=12bms&ctry=US&lang=en&lid=dbtopnav_pro&ovchn=GGL&ovcpn=US_Branded&ovcrn=sr2zl4go1042go209pi5ai20+zonealarm+free&ovtac=PPC&SR=sr2zl4go1042go209pi5ai20

However, it didn't play well w/ my hardware firewall that is on my wireless internet modem so I had to abandon it (fortunately: hardware firewall = good). I also use a squared anti-malware which has a intrusion detection system with it.

[mitchy.livejournal.com]

I've heard good things about Zone Alarm, 's true. However, that link doesn't mention anything about it being free, just that you can try it for 15 days before buying. Which I may well consider but I can't afford it right now. Hopefully, turning off the POP3 server option I mentioned in my reply to bibliogirl down there *points* will solve the problem for now :)

What's a "squared anti-malware" program when it's at home? Anti-malware I get but...squared? :)

[jebbypal]

Heh... no "a-squared" is the company name.

http://www.emsisoft.com/en/software/free/

It's basically an anti-virus, anti-malware program. It scans for problematic file traces as well as possibly malicious browser cookies and all.

I upped to the paid version when I got rid of asquared due to the firewall incompatibility. I forget the exact difference of the free versus paid versions, but the free one did flag several "key stroke grabbing" programs that had gotten inserted onto my computer back when I was using macafee.

I believe if you look around through the zone alarm multitude of google links you'll find a fully free firewall. that or you can keep a certain level of the firewall even after the expiration --- I have several friends that run the free version only as their firewalls.

[adelpha.livejournal.com]

There's a free version, and a Pro version. I think the Pro gives you a few other bits and bobs, but the freebie does the whole firewall thing well.

[bibliogirl.livejournal.com]

Is there any particular reason why you'd be running a POP3 _server_ locally, as opposed to a client? It might possibly be worth seeing if you can turn off that port (110) in your firewall. (If you stop getting mail then you may need to turn it back on again ;))

[mitchy.livejournal.com]

*lightbulb appears over Mitchy's head*

*goes to beat up Turnpike*

AH-HAH!! There's an option on the email configuring to enable a POP3 server and it was ticked for some strange reason. So that's been turned off now :) Soon as you said that, I knew where to look. Thanks!