Not what you were looking for? Ask our experts!
Reply
Visitor
NAVUser
Posts: 7
Registered: ‎12-21-2008

Intrusion Blocked

I am new to the board, so I am not sure if this is the right section to be posting this topic in. I apologize if it isn't in advance.

 

I have a few questions about intrusion prevention. I am wondering why my computer keeps being attacked randomly by the same IP addy almost every time? It is always blocked when they try. I traced the IP addy and got an address from the same city in which I live. It is coming from a business building, but the suite number that it is attacking from as far as I know is not an actual business like many others in the building. Is it possible that this may be a hacker? I find it weird that it is almost always from the same IP. Should I change my IP? Will this deter this "person" from trying to attack my computer if I do? Also, why is this happening so often? I am very computer savvy so any help anyone can give me would be great. Thanks in advance!

Regular Contributor
Dieselman743
Posts: 1,909
Registered: ‎09-11-2008

Re: Intrusion Blocked

You cannot change you IP. Do you have a hardware firewall such as a router?
Real Time Protection = NIS 2009 + NAT
Behavior Analysis = Threatfire
On Demand = MBAM
Regular Contributor
Dieselman743
Posts: 1,909
Registered: ‎09-11-2008

Re: Intrusion Blocked

Its not necessarily somebody hacking you. Your pc gets pinged for a lot of various reasons. It could even be your ISP pinging out to you.
Real Time Protection = NIS 2009 + NAT
Behavior Analysis = Threatfire
On Demand = MBAM
Visitor
NAVUser
Posts: 7
Registered: ‎12-21-2008

Re: Intrusion Blocked

No I do not have a router. Would that help do you think?

 

So you are saying my ISP is ping & tracerouting my computer? What would be the reason behind that?

Regular Contributor
Dieselman743
Posts: 1,909
Registered: ‎09-11-2008

Re: Intrusion Blocked

Having a hardware firewall is a very good step in the right direction.
Real Time Protection = NIS 2009 + NAT
Behavior Analysis = Threatfire
On Demand = MBAM
Visitor
NAVUser
Posts: 7
Registered: ‎12-21-2008

Re: Intrusion Blocked

Ok where do you think I would find one that is inexpensive in Canada? Also the question about my ISP provider was not answered. Why would they be pinging my computer?
Regular Contributor
Dieselman743
Posts: 1,909
Registered: ‎09-11-2008

Re: Intrusion Blocked

I only said it maybe your ISP. It can also be your modem just pinging out a signal and that signal coming back. Is there a Bestbuy near you? Also you can go on Newegg.con for some great deals.
Real Time Protection = NIS 2009 + NAT
Behavior Analysis = Threatfire
On Demand = MBAM
Rootkit Eradicator
Posts: 5,357
Registered: ‎05-30-2008

Re: Intrusion Blocked

[ Edited ]

If you have N.I.S., a Hard Firewall is not really required since you have symantec's excellent Two-Way Firewall.  Then you've got I.P. [Intrusion Prevention] and finally Auto-Protect and on-demand Scanners.  You also have Phishing Protection which Scans Web Pages.

 

Could you Post a Screen Shot of the Details of the I.P. [Intrusion Prevention] you are getting.  Remember to block out the I.P. Addresses.  Also, what Version of N.I.S. are you using?  Thanks!

Message Edited by Floating_Red on 12-22-2008 02:09 PM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Newbie
LapTop
Posts: 6
Registered: ‎11-10-2008

Re: Intrusion Blocked

Is it like your DSL box (196.8.0) showing up on your connection log every 3-4 minutes?

or

are you getting messages in your activity log that says unsused port blocking has blocked.............?

Contributor
Myrdhinn
Posts: 68
Registered: ‎11-18-2008

Re: Intrusion Blocked

Hardware router is the best line of defense... not perfect, they can be hacked but not as easy as software firewalls. You only need software firewalls for blocking any nasty sending outgoing, if you use a router. Much as I like NIS I would not trust it 100% without a router that does stateful packet inspection.  Yeah you could be getting false positive hits from your isp, with all the traffic shaping/deep packet tech they are using, it's showing up in IDS logs from AV vendors (on my test machine, my ESET logs are filled with supposed intrusions of dns posioning from my isp's dns servers).