Computer under attack?

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.

Often just shutting the machine off and rebooting will not cause your IP to change.  This is due to the fact that the DHCP server that you get your IP address from usually leases for a period of time.  If you bring the machine back up before the lease expires, it will just pick up the same IP address since it is already leased to you.  If you bring it up after the lease expires, you may get a new address, but you also could end up with the same one again.  Not knowing anything about your ISP has you set up, it is hard to give method that would always work.  You might want to talk with your ISP about how they would suggest you go about changing your IP.  You might also have to change your machine name in the process.

That's why it's important that your firewall log both blocked connection attempts as well as connections allowed.

My firewall will keep a log of 20 pages with 10 entries per page. I am always being scanned.

If I clear the log file it will fill back up to 20 pages in a matter of minutes, not hours or days. It doesn't matter the time or day of the week. I don't think I'm in any different situation than anyone else. It's a jungle out there!

As you can probably tell already, your computer is under Attack with Hackers trying to use un-used Ports, i.e. Ports that you are not using.  As long as Norton is Blocking these, then you are Secure; however, if you wish for your Firewall to Block these Port(s), you can set-up a Rule for your Firewall to keep that Port(s) Blocked.  If you require information on how to do this, please ask.

great. thansk for the feedback. It just feels creepy knowing people you don't want, are "touching" your computer. So I guess as long as it shows

"unused port blocking has blocked TCP connection.................."

Than all is cool

Sorry for the many questions, I just find this an excellent source to alleviate my worry.

I have noticed on my activity logs NUMEROUS of the following activity

 

Unused Port blocking has blocked communications

InBound TCP connection, remote address, local service

 

and then numerous from IP address 221.68.XX.XX

221.130.XX.XX

and more

now they also not that they are attempting to connect to various unused ports.

I know the NAV inbound firewall is blocking them GREAT!!!!

 

But my worry is what if they reach a port that is open such as 80 or 443? Is that where my other NAV defenses come in to stop these

putzs? I notice the addresses are mostly from China, a known place of badware

 

anyone else seeing this on their logs? It stoping it, but as someone once said

"Its nice I have strong locks, but its annoying someone keeps kicking at my door"

Is there anything I can do about it?

 

 

 

[edit: broke IP's in accordance with forum policy, orginals still available to staff.]

Message Edited by Allen_K on 08-25-2008 02:24 PM

I read somewhere that if you have a large number of attempts at your comp, and you are using DSL, that you should just shut off and then re-boot. That it will give you another cover IP address. That make sense?