I am new to the board, so I am not sure if this is the right section to be posting this topic in. I apologize if it isn't in advance.
I have a few questions about intrusion prevention. I am wondering why my computer keeps being attacked randomly by the same IP addy almost every time? It is always blocked when they try. I traced the IP addy and got an address from the same city in which I live. It is coming from a business building, but the suite number that it is attacking from as far as I know is not an actual business like many others in the building. Is it possible that this may be a hacker? I find it weird that it is almost always from the same IP. Should I change my IP? Will this deter this "person" from trying to attack my computer if I do? Also, why is this happening so often? I am very computer savvy so any help anyone can give me would be great. Thanks in advance!
I am new to the board, so I am not sure if this is the right section to be posting this topic in. I apologize if it isn't in advance.
I have a few questions about intrusion prevention. I am wondering why my computer keeps being attacked randomly by the same IP addy almost every time? It is always blocked when they try. I traced the IP addy and got an address from the same city in which I live. It is coming from a business building, but the suite number that it is attacking from as far as I know is not an actual business like many others in the building. Is it possible that this may be a hacker? I find it weird that it is almost always from the same IP. Should I change my IP? Will this deter this "person" from trying to attack my computer if I do? Also, why is this happening so often? I am very computer savvy so any help anyone can give me would be great. Thanks in advance!
Ok where do you think I would find one that is inexpensive in Canada? Also the question about my ISP provider was not answered. Why would they be pinging my computer?
I only said it maybe your ISP. It can also be your modem just pinging out a signal and that signal coming back. Is there a Bestbuy near you? Also you can go on Newegg.con for some great deals.
If you have N.I.S., a Hard Firewall is not really required since you have symantec's excellent Two-Way Firewall. Then you've got I.P. [Intrusion Prevention] and finally Auto-Protect and on-demand Scanners. You also have Phishing Protection which Scans Web Pages.
Could you Post a Screen Shot of the Details of the I.P. [Intrusion Prevention] you are getting. Remember to block out the I.P. Addresses. Also, what Version of N.I.S. are you using? Thanks!
Message Edited by Floating_Red on 12-22-2008 02:09 PM
Hardware router is the best line of defense… not perfect, they can be hacked but not as easy as software firewalls. You only need software firewalls for blocking any nasty sending outgoing, if you use a router. Much as I like NIS I would not trust it 100% without a router that does stateful packet inspection. Yeah you could be getting false positive hits from your isp, with all the traffic shaping/deep packet tech they are using, it’s showing up in IDS logs from AV vendors (on my test machine, my ESET logs are filled with supposed intrusions of dns posioning from my isp’s dns servers).
I am new to the board, so I am not sure if this is the right section to be posting this topic in. I apologize if it isn't in advance.
I have a few questions about intrusion prevention. I am wondering why my computer keeps being attacked randomly by the same IP addy almost every time? It is always blocked when they try. I traced the IP addy and got an address from the same city in which I live. It is coming from a business building, but the suite number that it is attacking from as far as I know is not an actual business like many others in the building. Is it possible that this may be a hacker? I find it weird that it is almost always from the same IP. Should I change my IP? Will this deter this "person" from trying to attack my computer if I do? Also, why is this happening so often? I am very computer savvy so any help anyone can give me would be great. Thanks in advance!
Changing the IP might as well do the trick and you can check block all stealthed ports.
The source IP from which the attack originates, might be a zombie and I won't be surprised if it is. Anyways, the reasons for such attacks that are attempted are countless. For who knows the IP from where the attack originates might as well would have been compromised.
Nonetheless, you can be rest assured that you're protected. NIS has a feature called Auto-Block, which automatically blocks the computer from which the intrusion attempts originate. If the same IP attempts to intrude into your computer more than twice in a row, Auto-block feature blocks all traffic from the computer. However, if you are continuosly stalked by the IP that you mentioned, create a firewall rule to block all traffic from that IP or set the Auto-Block feature to block it for 48 hours (just to be extra safe).
Auto-Block is a Feature whereby, if an Intrusion is Blocked, the Auto-Block Feature, if Turn On which it should be, will Block the Attacking computer from accessing your computer for a limited amount of time.
When an attack from the network is detected by Intrusion Prevention, it places the attacking computer’s IP address in the “AutoBlock” list so that the firewall will automatically reject. While a computer’s IP address is in the AutoBlock zone, it cannot establish a connection. By default, the attacking computer will be placed in the AutoBlock zone for 30 minutes. After that time AutoBlock removes it from the list and Norton program will allow traffic from that IP again.
Message Edited by yogesh_mohan on 12-23-2008 09:11 PM
Sorry for late reply to your post. This alert indicates that your Intrusion prevention component in your Norton 2009 product has successfully detected and blocked an attempt to access your computer. The attempt can come from a legitimate source such as a web enabled program that you use. It can also come from an unwanted intrusion attempt. Confirm whether the attacking IP address is really attempting to hack into your computer(may be some malicious program in that computer attempts without the knowledge of the user), your ISP can help you better in that. This alert is on by default. If you do not want to be alerted, then you can turn off the Intrusion Prevention notifications: 1. Start your Norton 2009 program. 2. In the Internet section, click Settings. 3. Under Intrusion Prevention, if Notification Alerts shows On, click the status indicator to turn it Off.
Thanks so much for all of your replies. I appreciate you all taking the time to help me. I will look into all of these things you all have mentioned. Thanks again everyone and happy holidays’s to you all! Be safe
