Computer under attack? How to stop it?

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.


Stu wrote:
I don't know these adresses but it could be lot's of things from a zombie to a application which you have installed. If you have a firewall installed than you are safe. Especially when you have NAV as well. If it would reach any port that might be open NAV will block it as well

 

If the computer attempts to connect to your computer with which you are not using, then the Firewall will Block it; if it tries to Attack your computer, Intrusion Prevention should Block it. 

 

The only way this computer could connect to your computer would be to try to get through with a Port you are using, and, even then, Auto-Protect and/or a Full System Scan should pick this up.

so does this all appear to be a common type of occurance?


NY1986 wrote:
so does this all appear to be a common type of occurance?

 

Yep.

 

If you are concerned, you could always Create a Rule to Block the Port(s) it is trying to use or place the computer in Restricted.  If you are not sure how to Create a Rule or place the Computers under "Restricted", please let us know before doing anything and we will let you know how to do it.

Message Edited by Floating_Red on 09-24-2008 11:53 PM

If its common for this to happen and my Norton will protect nme as is, then I need to trust in my Norton. Like I said, it sometimes is heavy and sometimes light activity. But if its showing as blocked then all is cool. Now lets say that the same address keeps punding away at a specific port, it won’t “break” due to repeated attempts will it?


NY1986 wrote:
If its common for this to happen and my Norton will protect nme as is, then I need to trust in my Norton. Like I said, it sometimes is heavy and sometimes light activity. But if its showing as blocked then all is cool. Now lets say that the same address keeps punding away at a specific port, it won't "break" due to repeated attempts will it?

 

It shouldn't.

Red:

 

Red Wroter: If the computer attempts to connect to your computer with which you are not using, then the Firewall will Block it; if it tries to Attack your computer, Intrusion Prevention should Block it. 

 

The only way this computer could connect to your computer would be to try to get through with a Port you are using, and, even then, Auto-Protect and/or a Full System Scan should pick this up.

 

Red what did you mean by  with which you are not using?

Stu- Could it just be random dialing Or maybe systematic dialing where it several IPs being checked today (such as mine) and they are just zipping away at them to see if one is open? Kind of like the old phone soliciting dialing machines?


NY1986 wrote:

Red:

 

Red Wroter: If the computer attempts to connect to your computer with which you are not using, then the Firewall will Block it; if it tries to Attack your computer, Intrusion Prevention should Block it. 

 

The only way this computer could connect to your computer would be to try to get through with a Port you are using, and, even then, Auto-Protect and/or a Full System Scan should pick this up.

 

Red what did you mean by  with which you are not using?


 

"...with which Port(s) you are not using.".

so either way, its showing the Norton is doing its job and I'm safe.

So it could be that these other computers are attacking all the computers with IP addresses in my IP range (for my city and ISP) and if perhaps I were able to check with others in my area with teh same ISP, they might be showing the same thing?

1 Like

NY1986 wrote:

So it could be that these other computers are attacking all the computers with IP addresses in my IP range (for my city and ISP) and if perhaps I were able to check with others in my area with teh same ISP, they might be showing the same thing?


Maybe; it is possible.

I must be the only idiot who worries about the logs and all. I think about people I know, they can’y even tell you what AV they use. they zip around and download this and that and never worry


NY1986 wrote:
I must be the only idiot who worries about the logs and all. I think about people I know, they can'y even tell you what AV they use. they zip around and download this and that and never worry

 

You're not an idiot.

 

I am sure stu, Phil_D and myself check logs to make sure everything is okay; it is good Security to check logs.  :)

Ok the basics  I use windows Vista heome premium with the Vista service pack 1   I run NAV2008 ( I will be upgrading soon to NIS2009) on a DSL connection on 24/7

 

In the activity logs I notice MANY entries as follows

 

Unused port blocking has blocked communications.
Inbound TCP connection.
Remote address,local service is 125.211.***.5*, *78*.  (I * out some of the numbers)

 

Now this "address" seems to be attempting to connect to my PC over and over again, trying different ports and often the same port multiple times. Also seem to get the same activity from this other address 218.10.*1*.**6 and 88.152.***.***

I checked them out on webyield, but can get no handle on what they are. I think they come out of China though

Just concerning because there are several of these addresses that seem to try to connect to me every day, many times a day.

Some days very heavy  others not.

 

  Looks like my NAV 2008 inbound firewall is blocking it which is GREAT. My questions:

 

1.My concern is what if it reaches a port that is used such as port 80? Would it  be able to connect then? Or would other Norton NAV2008 features block it?

2. Are others getting activity from the same addresses?

Hi NY1986

You are not alone!!!:smileyvery-happy:,You ask the questons that I'm to scared to ask for the same reason("novice" computer user!!)

Cheers Mo

 

yes, but it really makes me not enjoy using the computer. And Lord knows that I would prefer not to do any financial stuff like paying bills, banking, etc. My wife says  that we can get rid of the computer and go back to the stone age  if it freaks me out so much. I darn near said yes. For some reason, I just can't stop checking the logs. I really just need to trust in my Norton and ONLY if there is something wrong, check the logs.

I mean think about it, if I don't check tyhe logs, I have no paranoid questions. I don't think that the Norton products are set up so non-techies like me have to llok at it. I think the whole purpose of these great Norton products is so the average Joe like me can set it and forget it.  Sorry for the whinning

Message Edited by NY1986 on 09-24-2008 05:07 PM

Relax.  Slow your breathing.  Easy now.

 

As long as you keep your Norton Product up-to-date, then there is no reason for you to worry.  Just make sure you do Full System Scan at least three-times-a-week (Norton 2007) twice-a-week (Norton 2008) and at least once-a-week (Norton 2009, N.I.S.).

Message Edited by Floating_Red on 09-25-2008 01:22 AM

:)  I'm sure it would shock anyone to know I run nightly full system scan


NY1986 wrote:

:)  I'm sure it would shock anyone to know I run nightly full system scan


 

I knew that.

 

There is nothing wrong with that; you decide when to run Scans; what I gave was just a Guideline.

Hi NY1986,

 

Just a thought.. Have you ever run a P2P client like BitComent, EMule etc on that machine ? In the past I've noticed that even long after I stopped running the client, I would receive these inbound connection requests from what appeared to be random addresses. And then it would stop. I found out that those computers still thought I was serving up some file that they wanted and hence would attempt to contact my PC.

 

Shane.