Firestarter is blocking so many connection attempts. How to analyse?
Since yesterday Firestarter has been prompting me that it is blocking external connection attempts as shown in the picture below:
I'm not even going to bother covering the IP addresses because I personally don't see why I should care but as you can see, there has been loads of them attempting to connect to ports 3674 - 3675. I ran nmap 127.0.0.1 and it came back as 631 being the only one open. So then I thought maybe lsof -i would mention much more but all it shown was:
...and nothing about the ports in the Firestarter window. As you can probably guess, I'm not so familiar with the terminal commands, especially when it comes to networking.
@boris:~$ cat meh
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
cupsd 1644 root 5u IPv6 14329 0t0 TCP localhost:ipp (LISTEN)
cupsd 1644 root 6u IPv4 14330 0t0 TCP localhost:ipp (LISTEN)
kmess 2430 garry 25u IPv4 90196 0t0 TCP Henry.home:60020->by2msg4020412.phx.gbl:msnp (ESTABLISHED)
dhclient 2628 root 5u IPv4 11084 0t0 UDP *:bootpc
perl 7951 garry 3u IPv4 86223 0t0 TCP Henry.home:58891->bartol.freenode.net:ircd (ESTABLISHED)
perl 8248 garry 3u IPv4 86221 0t0 TCP Henry.home:53212->anthony.freenode.net:ircd (ESTABLISHED)
flock-bin 9150 garry 22u IPv4 93424 0t0 TCP Henry.home:53250->188.8.131.52:www (ESTABLISHED)
flock-bin 9150 garry 61u IPv4 97114 0t0 TCP Henry.home:35590->ww-in-f17.1e100.net:https (ESTABLISHED)
flock-bin 9150 garry 62u IPv4 93390 0t0 TCP Henry.home:45306->184.108.40.206:www (ESTABLISHED)
flock-bin 9150 garry 65u IPv4 92998 0t0 TCP Henry.home:53187->220.127.116.11:www (ESTABLISHED)
flock-bin 9150 garry 74u IPv4 92999 0t0 TCP Henry.home:53188->18.104.22.168:www (ESTABLISHED)
flock-bin 9150 garry 78u IPv4 93038 0t0 TCP Henry.home:53191->22.214.171.124:www (ESTABLISHED)
flock-bin 9150 garry 81u IPv4 93069 0t0 TCP Henry.home:54010->126.96.36.199:www (ESTABLISHED)
flock-bin 9150 garry 82u IPv4 93048 0t0 TCP Henry.home:53193->188.8.131.52:www (ESTABLISHED)
flock-bin 9150 garry 83u IPv4 93049 0t0 TCP Henry.home:53194->184.108.40.206:www (ESTABLISHED)
flock-bin 9150 garry 84u IPv4 93050 0t0 TCP Henry.home:53195->220.127.116.11:www (ESTABLISHED)
irssi 11383 garry 3u IPv4 89811 0t0 TCP Henry.home:57920->leguin.acc.umu.se:ircd (ESTABLISHED)
But also, the last two external connection blocks in the Firestarter window. I checked my router's DHCP and it says that I'm the only one connected and that is the IP the router has assigned to me for my internal network IP so I was wondering if somebody could suggest what that may be?
But in total, is there anything I can do which can help me analyse these attacks and exactly what is happening a little bit more in-depth rather than it blocked an attack from IP=*, Protocol=*, Service=*?