Ok, Ive gotten the usual "A recent attempt to attack your computer was blocked" warnings like everyone else probably has especially when I first bought my computer and signed on everyday. But just in the last week or so Ive been getting this warning a minimum of 20 / 25 times a day from the same I.P addresss. The person is from China and is trying to do a portscan. Thank God for Nortons they're not succeeding obviously but they're so relentless Im afraid they'll figure out a way. My questions are 1. Can I report the continuos attempts to somebody , is there anyplace online where you can report someone trying to hack into your computer? 2. Am I completely safe with Nortons or will this person ever have a chance to break through? and 3. I went into my Nortons security today to try and see if it logged the I.P address anywhere so I could report them but instead found something that allows you to enter I.P addresses of computers you want to restrict any access to your computer, which I'll definitely use after I find out what his I.P is again. After I add this persons I.P address to that list what exactly if anything EXTRA will this do to keep this person from breaking through?
Also, since this started I have been having alot of problems with my computer like it not connecting to the internet. I'll be connected and can play downloaded programs but if I try and search the internet it will say Im not connected. Also the poker programs I use have been acting funny. I've been having a hard time logging into most of them when I never had problems before. I'll usually get some kind of warning saying im not connected and not until after numerous attempts Ill finally get in. And the weirdest thing thats happened since this started was I walked away from my computer to come back and see an Internet Explorer warning box that had popped up on its own saying something like " You have been logged off of chat because you logged on from another computer". I have no idea where this warning came from or what it was talking about because I dont chat online at all on any sites or servers. So something is definitely going on.
I wish I had the guys I.P address now so I could put it up in this post but I didnt write it down and save it, I just wrote it down yesterday to check it on a I.P locator but forgot to save it. The guy does it atleast 10 or 20 times a day so Im just waiting today for it to happen again so I can get his I.P address and write it down save it and add it to the restricted compter list in Nortons. When I get it Ill come back and post it here so maybe you guys can tell me something about the user.
If anybody has the answers to my 3 main questions .. Please HELP
I've recently (last few days) experienced persistent Portscans from the same IP in China...may be the same IP as with your experience. Do you wish to compare IP's ... your History logs should have the IP info and record of Intrusion Attempt. I have not noticed any issues with my box.
Sure I wish I could get the exact I.P and post it but I actually didnt get a warning today like I have been every single day. I wonder if he somehow knows Im posting about it, its a lil weird that the only day I didnt get an attack was the day I started posting about it online. I remember there was a 166 in it. Where are these history logs? I couldnt find anything like that in the Norton Security.
Ive got NIS 2005 version I didnt see anything that said history but I found the logs under a link that said statistics. The I.P of the guy who was doing it is
125.45.109.166 (122000) and he attacked ports 9000 9090 6588 if that means something (Im not tech savvy at all) protocol TCB
He started on the 27th and since the day I posted this on here on the 4th I had 3 more attacks with the last one ending at 1:13 p.m 2 hours before I posted this, since then I havent gotten any more attacks and my computers been acting normal again. I just added his I.P to the restricted zone in my personal firewall, I guess that will stop all portscans from him permanently. Thnx bjm let me know if thats the same I.P
If you put that IP into Google, you will find many listings for that ip. I didn't look at any of the listings since the sites were unfamiliar to me, but they didn't sound too good. Here is just one of the names of the topics that came up.
NIS 2005? I think that might be a little outdated? I think you need to upgrade to the current version NIS 2010, I’m not sure that version will still be protected.
reactivate wrote: NIS 2005? I think that might be a little outdated? I think you need to upgrade to the current version NIS 2010, I'm not sure that version will still be protected.
Good advice to update to NIS 2010 as it is much improved over 2005. This would normally require a purchase of NIS2010 as there is not a free upgrade path from 2005. However, may get some assistance by contacting Customer Support here and asking if they can upgrade.
Also Note: If you decide to update, use the Norton removal tool to remove your Norton Product properly from your computer, as Norton 2010 will use a different engine. You should run it two or three times, restarting your computer after each run, then it will be o.k to install NIS 2010, or if you prefer Norton 360 v4
For infor, some online games persistently try to reconnect after you have signed off. TCP is a directed communication attempt rather than a UDP general broadcast. It could be that prior infections have used those ports, or that they have been used for self-generated forms of communication. That should be checked for your own piece of mind.
re > It could be that prior infections have used those ports, or that they have been used for self-generated forms of communication. That should be checked for your own piece of mind.
What is / are self-generated forms of communication.
How may I check (as you suggest) if the ports were used by prior infections or for self-generated forms of communication. What might I do now to satify my own piece of mind with regard to Intrusion Attempts that Norton reports as Blocked and with no hint that manual intervention is required?
Checked on Whois, I quickly browsed over what everyone had posted here and didn't see anyone mentioning this. I have attached the info as a text document. there is a bit more info - you can put that IP address into http://cqcounter.com/whois/ if you want it.
A quick google search of "UNICOM-HA" (check attachment) brings up quite a few "shady" links - spam, malware and pharmaceutical.
Anyway, just some infor for you :-) However, Norton is protecting you from the attacks:-) Might be that all the guys being probed have some software in common? maybe try uploading and comparing HiJackThis reports? Maybe we can find something in common :-)
I did use 'whois' ... so, I knew as much as whois offered...
delphinium offered that TCP traffic suggests something more than just UDP traffic ...unsure what to do with that info.
I don't know if my activity or my apps are in any way causal to these intrusion attempts & Norton's Recommended Action is always No Action Required...so, the OP has / had concerns as I do...?
thnx everybody... since i added that I.P to my Nortons firewall block list i havent been having any problems at all with it plus i changed my block time afterwards from when i get attacked from anyone from 30 mins where it was at to 48 hours... i didnt have any problems at all with my internet connections or log ons to poker programs for about a day or 2 after i blocked that I.P but now im still have problems logging on to 2 of them and sometimes still have problems with websites saying im not connected.... the warning is always something about either not being connected to the internet when i obvioulsy am or it'll say something about checking my firewall... this is a new problem that only started on the same day the hacking problem started from that I.P... i do eventually get into the poker sites or end up on the webpage but not until after clearing my cache minutes after minutes... so i dont know if theres just something wrong with my computer or if something else thats related to my firewall is going on... because everything was fine until the hacking attempts
im not tech savvy at all as you can tell i havent even updated my nortons since i bought the computer 5 years ago and i didnt know until i went looking around in my security options in my Windows control panel that the defualt setting for the Windows firewall was turned OFF with the word (recommended) next to it... that doesnt make any sense why OFF would be the default setting and they actually had that as recommended... i guess i always thoughtt the Nortons Security firewall was enough but i turned the Windows firewall on anyway just in case... is that ok to have 2 firewalls running at the same time?... one wont cancel the other one out will it or effect it?
iitsLexiis wrote: i guess i always thoughtt the Nortons Security firewall was enough but i turned the Windows firewall on anyway just in case... is that ok to have 2 firewalls running at the same time?... one wont cancel the other one out will it or effect it?{/b]
Hi iitsLexiis
You cannot run both firewalls together as it will give problems. You should turn the Windows Firewall off.