For all you computer gurus

[psyktek]

Installed the 2004 version of Norton Personal Firewall a couple of days ago. Since then, it has announced an average of 10-12 attempts/day of other computers trying to access mine, including one trojan searching for an empty port.

The first day there must have been at least 10 or more, now it's quieted down as more computers are being added to the blocked list, but it's still really annoying to keep seeing that notice window popping up.

Wish these folks would find something more productive to do, like beat their heads against a brick wall or something!! :angry:

 

[rknicker]

That's not uncommon. I have comcast internet, when I was logging attempts, it was normal to see around a 1000 scans a day. Hardware firewalls are the way to go.

 

[Rod]

Hardware firewalls are the way to go.

Very true.

 

[Lee]

Get a Linksys router and run static......The only way to go!

Haven't had any problems over here!

 

[CigarGuy]

Personal broadband is a beautiful thing... but it's also a beautiful thing for the bored teenage hacker types.

Hardware firewalls can be pricey, but it is a good solution.
Another good option is to keep your software version, but put a Cable/DSL router between you and your internet connection.

That will make your computer's IP address the "internal" variety and at the very least make the computer harder for the bad guys to see.

That WITH your software firewall should keep you pretty safe.

 

[mdman]

With norton, you can tell the software you dont want to see the alerts..
for instance.. if you have a "Backdoor trojan" alert.. you can set the software to block, but not alert you of the event.

it will be recorded in the logs, but it wont give you a pop up for the error.

Scans are common.. and blocked..
but if you have a trojan on your pc trying to communicate, you should remove it.

but it will still be blocked by the software.

 

[psyktek]

I run virusscan every night, and scan all emails, so nothing on the system yet. (fingers crossed) That DSL router sounds like a good idea, even tho I can't get DSL access yet.

 

[Shadow]

Better to get the pop-ups than having no protection at all.

 

[boeman]

I know what you mean...

Here's a sample of one of my router's security logs...

Wed, 10/29/2003 23:26:10 - ICMP packet dropped - Source:65.30.103.0, 0, WAN - Destination:65.28.67.67, 0, LAN - 'Smurf Attack'
Wed, 10/29/2003 23:30:15 - TCP connection dropped - Source:65.66.23.157, 4632, WAN - Destination:65.28.67.67, 27347, LAN - 'Suspicious TCP Data'
Wed, 10/29/2003 23:31:43 - UDP packet dropped - Source:61.31.53.97, 3613, WAN - Destination:65.28.67.67, 1434, LAN - 'Suspicious UDP Data'
Thur, 10/30/2003 00:04:01 - ICMP packet dropped - Source:65.28.255.0, 0, WAN - Destination:65.28.67.67, 0, LAN - 'Smurf Attack'
Thur, 10/30/2003 00:13:03 - ICMP packet dropped - Source:65.29.43.255, 0, WAN - Destination:65.28.67.67, 0, LAN - 'Smurf Attack'
Thur, 10/30/2003 00:14:35 - TCP connection dropped - Source:63.195.38.198, 3223, WAN - Destination:65.28.67.67, 1433, LAN - 'Suspicious TCP Data'
Thur, 10/30/2003 00:47:19 - ICMP packet dropped - Source:65.25.16.255, 0, WAN - Destination:65.28.67.67, 0, LAN - 'Smurf Attack'
Thur, 10/30/2003 01:20:41 - TCP connection dropped - Source:66.177.142.40, 3163, WAN - Destination:65.28.67.67, 27374, LAN - 'Suspicious TCP Data'
Thur, 10/30/2003 01:34:31 - ICMP packet dropped - Source:65.27.159.0, 0, WAN - Destination:65.28.67.67, 0, LAN - 'Smurf Attack'
Thur, 10/30/2003 01:48:10 - TCP connection dropped - Source:68.155.170.142, 4782, WAN - Destination:65.28.67.67, 27374, LAN - 'Suspicious TCP Data'
Thur, 10/30/2003 01:55:11 - UDP packet dropped - Source:24.159.210.65, 2085, WAN - Destination:65.28.67.67, 1434, LAN - 'Suspicious UDP Data'
Thur, 10/30/2003 01:59:14 - ICMP packet dropped - Source:65.28.255.0, 0, WAN - Destination:65.28.67.67, 0, LAN - 'Smurf Attack'
Thur, 10/30/2003 02:17:05 - UDP packet dropped - Source:209.178.129.63, 666, WAN - Destination:65.28.67.67, 1026, LAN - 'Suspicious UDP Data'
Thur, 10/30/2003 02:34:24 - UDP packet dropped - Source:61.236.39.3, 3861, WAN - Destination:65.28.67.67, 1434, LAN - 'Suspicious UDP Data'
Thur, 10/30/2003 03:12:03 - TCP connection dropped - Source:81.240.239.120, 4446, WAN - Destination:65.28.67.67, 21, LAN - 'FTP-ctrl'
Thur, 10/30/2003 03:18:20 - TCP connection dropped - Source:204.117.69.244, 1045, WAN - Destination:65.28.67.67, 4848, LAN - 'Suspicious TCP Data'
Thur, 10/30/2003 03:21:42 - TCP connection dropped - Source:24.3.7.254, 4389, WAN - Destination:65.28.67.67, 27374, LAN - 'Suspicious TCP Data'
Thur, 10/30/2003 03:29:20 - TCP connection dropped - Source:211.147.61.50, 1807, WAN - Destination:65.28.67.67, 33, LAN - 'Suspicious TCP Data'
Thur, 10/30/2003 03:32:12 - ICMP packet dropped - Source:65.27.159.0, 0, WAN - Destination:65.28.67.67, 0, LAN - 'Smurf Attack'
Thur, 10/30/2003 03:53:30 - ICMP packet dropped - Source:65.28.255.0, 0, WAN - Destination:65.28.67.67, 0, LAN - 'Smurf Attack'
Thur, 10/30/2003 03:53:34 - ICMP packet dropped - Source:65.29.43.255, 0, WAN - Destination:65.28.67.67, 0, LAN - 'Smurf Attack'
Thur, 10/30/2003 04:42:31 - TCP connection dropped - Source:68.73.64.109, 3647, WAN - Destination:65.28.67.67, 1243, LAN - 'Suspicious TCP Data'
Thur, 10/30/2003 05:08:48 - TCP connection dropped - Source:211.113.197.250, 1513, WAN - Destination:65.28.67.67, 443, LAN - 'HTTPS'
Thur, 10/30/2003 05:43:58 - ICMP packet dropped - Source:65.28.255.0, 0, WAN - Destination:65.28.67.67, 0, LAN - 'Smurf Attack'
Thur, 10/30/2003 05:47:59 - ICMP packet dropped - Source:65.25.16.255, 0, WAN - Destination:65.28.67.67, 0, LAN - 'Smurf Attack'
Thur, 10/30/2003 06:06:28 - TCP connection dropped - Source:24.147.41.170, 1643, WAN - Destination:65.28.67.67, 27347, LAN - 'Suspicious TCP Data'
Thur, 10/30/2003 06:24:11 - UDP packet dropped - Source:66.50.21.236, 3048, WAN - Destination:65.28.67.67, 1434, LAN - 'Suspicious UDP Data'
Thur, 10/30/2003 07:35:02 - ICMP packet dropped - Source:65.28.255.0, 0, WAN - Destination:65.28.67.67, 0, LAN - 'Smurf Attack'
Thur, 10/30/2003 07:36:48 - ICMP packet dropped - Source:65.29.43.255, 0, WAN - Destination:65.28.67.67, 0, LAN - 'Smurf Attack'
Thur, 10/30/2003 07:39:59 - ICMP packet dropped - Source:65.25.16.255, 0, WAN - Destination:65.28.67.67, 0, LAN - 'Smurf Attack'
Thur, 10/30/2003 08:03:55 - ICMP packet dropped - Source:65.28.243.0, 0, WAN - Destination:65.28.67.67, 0, LAN - 'Smurf Attack'
Thur, 10/30/2003 08:11:54 - TCP connection dropped - Source:68.1.44.164, 4211, WAN - Destination:65.28.67.67, 27347, LAN - 'Suspicious TCP Data'
Thur, 10/30/2003 08:44:34 - TCP connection dropped - Source:65.137.75.78, 2223, WAN - Destination:65.28.67.67, 27347, LAN - 'Suspicious TCP Data'
Thur, 10/30/2003 08:58:35 - TCP connection dropped - Source:68.112.100.51, 1742, WAN - Destination:65.28.67.67, 27347, LAN - 'Suspicious TCP Data'
Thur, 10/30/2003 09:02:21 - TCP connection dropped - Source:68.35.4.210, 3651, WAN - Destination:65.28.67.67, 27347, LAN - 'Suspicious TCP Data'
Thur, 10/30/2003 09:20:11 - TCP connection dropped - Source:66.168.161.254, 3974, WAN - Destination:65.28.67.67, 27374, LAN - 'Suspicious TCP Data'
Thur, 10/30/2003 09:29:02 - ICMP packet dropped - Source:65.28.255.0, 0, WAN - Destination:65.28.67.67, 0, LAN - 'Smurf Attack'
End of Log ----------

 

[DaveWF]

WTF is a "Smurf Attack"??

Does it give you the "BLUE Screen Of Death"?

LOL - just couldn't help myself

Dave

Proud user of Norton Internet Security, a Linksys Wireless Router & Linksys Cable Modem. Ain't nothing getting in here!

(No, that was NOT a challenge!!!)
Dave

 

[boeman]

A Smurf Attack is a denial-of-service network attack (DoS) that is directed towards some pre-determined target, usually a server. Usually the targets for these attacks are IRC servers, but any server that is plugged into a network and can receive IP packets is vulnerable. These attacks come very quickly and present themselves as very hard to trace.

One of the most visual uses of a Smurf Attack was when the Yahoo server was taken down for 3 hours by such an attack. Once the server was being flooded with request packets, others who wanted to connect to it were not able. This may not seem like a big deal, but then take into consideration how much money the Yahoo web site makes in an hour, multiply that figure by three, and that is how much money they lost due to this crime.

Performing a Smurf Attack involves creating an ICMP packet, usually an echo or a ping request packet, and placing the victim's address in the return field, thus forging the packet. This packet is then broadcasted onto the network, being received by several hosts who blindly reply to the victim with a response. The victim, now receiving several times its usual load, is overwhelmed with response packets.



-------------------------------------------------------------------------------------------------------------------------------------

The only thing I can gather is that my IP address was used by someone running servers from home before I got it...

 

[tschoon]

I use Norton firewall plus Pop-up Stoper and it is constantly blocking any popups. Problem is, it also blocks wanted popups. Oh well, better a little inconvienance than to be hit with a vius!!

What is a hard firewall anyway?

 

[Fast4Dr]

A hardware firewall is a router that does NAT (Network Address Translation) so basically your router is the only piece of equipment connected to the outside world

 

[Lee]

 

[ronman]

You may find this story interesting(long read, however!)

http://grc.com/dos/grcdos.htm