• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Computer under attack? How to stop it?

Ok the basics  I use windows Vista heome premium with the Vista service pack 1   I run NAV2008 ( I will be upgrading soon to NIS2009) on a DSL connection on 24/7

In the activity logs I notice MANY entries as follows

Unused port blocking has blocked communications.
Inbound TCP connection.
Remote address,local service is 125.211.***.5*, *78*.  (I * out some of the numbers)

Now this "address" seems to be attempting to connect to my PC over and over again, trying different ports and often the same port multiple times. Also seem to get the same activity from this other address 218.10.*1*.**6 and 88.152.***.***

I checked them out on webyield, but can get no handle on what they are. I think they come out of China though

Just concerning because there are several of these addresses that seem to try to connect to me every day, many times a day.

Some days very heavy  others not.

  Looks like my NAV 2008 inbound firewall is blocking it which is GREAT. My questions:

1.My concern is what if it reaches a port that is used such as port 80? Would it  be able to connect then? Or would other Norton NAV2008 features block it?

2. Are others getting activity from the same addresses?

Replies

Kudos0

Re: Computer under attack? How to stop it?

Ok the basics  I use windows Vista heome premium with the Vista service pack 1   I run NAV2008 ( I will be upgrading soon to NIS2009) on a DSL connection on 24/7

In the activity logs I notice MANY entries as follows

Unused port blocking has blocked communications.
Inbound TCP connection.
Remote address,local service is 125.211.***.5*, *78*.  (I * out some of the numbers)

Now this "address" seems to be attempting to connect to my PC over and over again, trying different ports and often the same port multiple times. Also seem to get the same activity from this other address 218.10.*1*.**6 and 88.152.***.***

I checked them out on webyield, but can get no handle on what they are. I think they come out of China though

Just concerning because there are several of these addresses that seem to try to connect to me every day, many times a day.

Some days very heavy  others not.

  Looks like my NAV 2008 inbound firewall is blocking it which is GREAT. My questions:

1.My concern is what if it reaches a port that is used such as port 80? Would it  be able to connect then? Or would other Norton NAV2008 features block it?

2. Are others getting activity from the same addresses?

Kudos0

Re: Computer under attack? How to stop it?

I don't know these adresses but it could be lot's of things from a zombie to a application which you have installed. If you have a firewall installed than you are safe. Especially when you have NAV as well. If it would reach any port that might be open NAV will block it as well
"All that we are is the result of what we have thought"
Kudos0

Re: Computer under attack? How to stop it?


Stu wrote:
I don't know these adresses but it could be lot's of things from a zombie to a application which you have installed. If you have a firewall installed than you are safe. Especially when you have NAV as well. If it would reach any port that might be open NAV will block it as well

If the computer attempts to connect to your computer with which you are not using, then the Firewall will Block it; if it tries to Attack your computer, Intrusion Prevention should Block it. 

The only way this computer could connect to your computer would be to try to get through with a Port you are using, and, even then, Auto-Protect and/or a Full System Scan should pick this up.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Computer under attack? How to stop it?

so does this all appear to be a common type of occurance?
Kudos0

Re: Computer under attack? How to stop it?


NY1986 wrote:
so does this all appear to be a common type of occurance?

Yep.

If you are concerned, you could always Create a Rule to Block the Port(s) it is trying to use or place the computer in Restricted.  If you are not sure how to Create a Rule or place the Computers under "Restricted", please let us know before doing anything and we will let you know how to do it.

Message Edited by Floating_Red on 09-24-2008 11:53 PM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Computer under attack? How to stop it?

If its common for this to happen and my Norton will protect nme as is, then I need to trust in my Norton. Like I said, it sometimes is heavy and sometimes light activity. But if its showing as blocked then all is cool. Now lets say that the same address keeps punding away at a specific port, it won't "break" due to repeated attempts will it?
Kudos0

Re: Computer under attack? How to stop it?


NY1986 wrote:
If its common for this to happen and my Norton will protect nme as is, then I need to trust in my Norton. Like I said, it sometimes is heavy and sometimes light activity. But if its showing as blocked then all is cool. Now lets say that the same address keeps punding away at a specific port, it won't "break" due to repeated attempts will it?
It shouldn't.
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Computer under attack? How to stop it?

Red:

Red Wroter: If the computer attempts to connect to your computer with which you are not using, then the Firewall will Block it; if it tries to Attack your computer, Intrusion Prevention should Block it. 

The only way this computer could connect to your computer would be to try to get through with a Port you are using, and, even then, Auto-Protect and/or a Full System Scan should pick this up.

Red what did you mean by  with which you are not using?

Kudos0

Re: Computer under attack? How to stop it?

Stu- Could it just be random dialing Or maybe systematic dialing where it several IPs being checked today (such as mine) and they are just zipping away at them to see if one is open? Kind of like the old phone soliciting dialing machines?

Kudos0

Re: Computer under attack? How to stop it?


NY1986 wrote:

Red:

Red Wroter: If the computer attempts to connect to your computer with which you are not using, then the Firewall will Block it; if it tries to Attack your computer, Intrusion Prevention should Block it. 

The only way this computer could connect to your computer would be to try to get through with a Port you are using, and, even then, Auto-Protect and/or a Full System Scan should pick this up.

Red what did you mean by  with which you are not using?


"...with which Port(s) you are not using.".
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Computer under attack? How to stop it?

so either way, its showing the Norton is doing its job and I'm safe.

So it could be that these other computers are attacking all the computers with IP addresses in my IP range (for my city and ISP) and if perhaps I were able to check with others in my area with teh same ISP, they might be showing the same thing?

Kudos0

Re: Computer under attack? How to stop it?


NY1986 wrote:

So it could be that these other computers are attacking all the computers with IP addresses in my IP range (for my city and ISP) and if perhaps I were able to check with others in my area with teh same ISP, they might be showing the same thing?


Maybe; it is possible.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Computer under attack? How to stop it?

I must be the only idiot who worries about the logs and all. I think about people I know, they can'y even tell you what AV they use. they zip around and download this and that and never worry
Kudos0

Re: Computer under attack? How to stop it?


NY1986 wrote:
I must be the only idiot who worries about the logs and all. I think about people I know, they can'y even tell you what AV they use. they zip around and download this and that and never worry

You're not an idiot.

I am sure stu, Phil_D and myself check logs to make sure everything is okay; it is good Security to check logs.  :)

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Computer under attack? How to stop it?

Hi NY1986

You are not alone!!!,You ask the questons that I'm to scared to ask for the same reason("novice" computer user!!)

Cheers Mo

Cheers Mo Windows 7 64 bit, NIS2013
Kudos0

Re: Computer under attack? How to stop it?

yes, but it really makes me not enjoy using the computer. And Lord knows that I would prefer not to do any financial stuff like paying bills, banking, etc. My wife says  that we can get rid of the computer and go back to the stone age  if it freaks me out so much. I darn near said yes. For some reason, I just can't stop checking the logs. I really just need to trust in my Norton and ONLY if there is something wrong, check the logs.

I mean think about it, if I don't check tyhe logs, I have no paranoid questions. I don't think that the Norton products are set up so non-techies like me have to llok at it. I think the whole purpose of these great Norton products is so the average Joe like me can set it and forget it.  Sorry for the whinning

Message Edited by NY1986 on 09-24-2008 05:07 PM
Kudos0

Re: Computer under attack? How to stop it?

Relax.  Slow your breathing.  Easy now.

As long as you keep your Norton Product up-to-date, then there is no reason for you to worry.  Just make sure you do Full System Scan at least three-times-a-week (Norton 2007) twice-a-week (Norton 2008) and at least once-a-week (Norton 2009, N.I.S.).

Message Edited by Floating_Red on 09-25-2008 01:22 AM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Computer under attack? How to stop it?

:)  I'm sure it would shock anyone to know I run nightly full system scan

Kudos0

Re: Computer under attack? How to stop it?


NY1986 wrote:

:)  I'm sure it would shock anyone to know I run nightly full system scan


I knew that.

There is nothing wrong with that; you decide when to run Scans; what I gave was just a Guideline.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Computer under attack? How to stop it?

Hi NY1986,

Just a thought.. Have you ever run a P2P client like BitComent, EMule etc on that machine ? In the past I've noticed that even long after I stopped running the client, I would receive these inbound connection requests from what appeared to be random addresses. And then it would stop. I found out that those computers still thought I was serving up some file that they wanted and hence would attempt to contact my PC.

Shane.

Kudos0

Re: Computer under attack? How to stop it?

I don't think I have. I'm not that computer savvy. I just have a desk top. I don't run a website. Once I did remote service by Microsoft

But the Norton does appear to be blocking and keeping me safe

Kudos0

Re: Computer under attack? How to stop it?

Shane, Not sure about those items you mentioned.
Kudos0

Re: Computer under attack? How to stop it?

anyone know what "P2P client like BitComent, EMule " are?
Kudos0

Re: Computer under attack? How to stop it?

"P2P" is a Peer (person)  to Peer (person) file sharing program.

It allows users of the program to share and download files, primarily music and videos from each other's computers through a P2P network across the internet.

See this link for more details.

Message Edited by Phil_D on 09-26-2008 10:06 AM
"Anyone who isn't confused really doesn't understand the situation."   Edward R. Murrow
Kudos0

Re: Computer under attack? How to stop it?

thanks Phil. I've not done any file sharing, IMing, or anything like that. I think once I had microsoft remote tech support
Kudos0

Re: Computer under attack? How to stop it?

I'm thinking that these constant attempts by the IP Addresses to connect to my computer are coming from infected computers and not malaice on the computer's owners part. Most of these come from China. Anyone know how to contct that IP service to alert them of the attacks? I assume they are attacks because I'm not soliciting connection from them.
Kudos0

Re: Computer under attack? How to stop it?

As long as your Norton Product Blocks these, you are fine.

These are Attacks, whereby, Hackers are trying to connect to your computer through Ports which you are not using to, obviously, place some Internet Threat on your computer.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Computer under attack? How to stop it?

I've seen a number of users try to contact ISPs to let them know about attacking systems and have never seen anyone have good success. The ISPs generally don't seem to care whether their users are infected or not and don't want to give away their customers' information for confidentiality reasons.
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation

This thread is closed from further comment. Please visit the forum to start a new thread.