• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Computer under attack?

Sorry for the many questions, I just find this an excellent source to alleviate my worry.

I have noticed on my activity logs NUMEROUS of the following activity

Unused Port blocking has blocked communications

InBound TCP connection, remote address, local service

and then numerous from IP address 221.68.XX.XX

221.130.XX.XX

and more

now they also not that they are attempting to connect to various unused ports.

I know the NAV inbound firewall is blocking them GREAT!!!!

But my worry is what if they reach a port that is open such as 80 or 443? Is that where my other NAV defenses come in to stop these

putzs? I notice the addresses are mostly from China, a known place of badware

anyone else seeing this on their logs? It stoping it, but as someone once said

"Its nice I have strong locks, but its annoying someone keeps kicking at my door"

Is there anything I can do about it?

[edit: broke IP's in accordance with forum policy, orginals still available to staff.]

Message Edited by Allen_K on 08-25-2008 02:24 PM

Replies

Kudos0

Re: Computer under attack?

Sorry for the many questions, I just find this an excellent source to alleviate my worry.

I have noticed on my activity logs NUMEROUS of the following activity

Unused Port blocking has blocked communications

InBound TCP connection, remote address, local service

and then numerous from IP address 221.68.XX.XX

221.130.XX.XX

and more

now they also not that they are attempting to connect to various unused ports.

I know the NAV inbound firewall is blocking them GREAT!!!!

But my worry is what if they reach a port that is open such as 80 or 443? Is that where my other NAV defenses come in to stop these

putzs? I notice the addresses are mostly from China, a known place of badware

anyone else seeing this on their logs? It stoping it, but as someone once said

"Its nice I have strong locks, but its annoying someone keeps kicking at my door"

Is there anything I can do about it?

[edit: broke IP's in accordance with forum policy, orginals still available to staff.]

Message Edited by Allen_K on 08-25-2008 02:24 PM
Kudos0

Re: Computer under attack?

I read somewhere that if you have a large number of attempts at your comp, and you are using DSL, that you should just shut off and then re-boot. That it will give you another cover IP address. That make sense?
Kudos0

Re: Computer under attack?

Often just shutting the machine off and rebooting will not cause your IP to change.  This is due to the fact that the DHCP server that you get your IP address from usually leases for a period of time.  If you bring the machine back up before the lease expires, it will just pick up the same IP address since it is already leased to you.  If you bring it up after the lease expires, you may get a new address, but you also could end up with the same one again.  Not knowing anything about your ISP has you set up, it is hard to give method that would always work.  You might want to talk with your ISP about how they would suggest you go about changing your IP.  You might also have to change your machine name in the process.
Kudos0

Re: Computer under attack?

That's why it's important that your firewall log both blocked connection attempts as well as connections allowed.

My firewall will keep a log of 20 pages with 10 entries per page. I am always being scanned.

If I clear the log file it will fill back up to 20 pages in a matter of minutes, not hours or days. It doesn't matter the time or day of the week. I don't think I'm in any different situation than anyone else. It's a jungle out there!

Kudos0

Re: Computer under attack?

As you can probably tell already, your computer is under Attack with Hackers trying to use un-used Ports, i.e. Ports that you are not using.  As long as Norton is Blocking these, then you are Secure; however, if you wish for your Firewall to Block these Port(s), you can set-up a Rule for your Firewall to keep that Port(s) Blocked.  If you require information on how to do this, please ask.
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Computer under attack?

great. thansk for the feedback. It just feels creepy knowing people you don't want, are "touching" your computer. So I guess as long as it shows

"unused port blocking has blocked TCP connection.................."

Than all is cool

This thread is closed from further comment. Please visit the forum to start a new thread.