Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Question of topic of BT

  1. #1
    Just burned his ISO
    Join Date
    Mar 2008
    Posts
    24

    Default Question of topic of BT

    Ok I have a little problem. (dont know much about securtys). I have Kaspersky Internet securty. (yes windows ) I keep on getting someone attacking me. Which my firewall seem to be working great. Blocking every atempt. (so far only 5) Now its alittle worry some. (What if it fail's) But for now everything is ok. Just alittle annoying. Is there any outher precautions i should take or something I should do? Exe..... change my ip (dynamic), better firewall, block ports.........

    This is what I keep on getting, just different ip's. I have done a tracert and found that they are comeing from differ places everytime no consistsy
    got one on a sprint card one in london couple outhers i dont rember


    3/13/2008 8:47:28 PM Intrusion.Win.MSSQL.worm.Helkern (sorce ip goes here) (protocol) UDP (port#) 1434


    If you dont mind just give me some ideas ill figure out the rest
    tks

  2. #2
    Just burned his ISO
    Join Date
    Mar 2008
    Posts
    6

    Default

    these happen a lot if your on the go and using wireless card at airports and things. otherwise just keep your firewall up and it should be ok.

  3. #3
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    More than likely this is random garbage from somehwhere like China or Korea that is seeking to infect a vulnerable system. I would bet that you have a high speed connection with a commercial ISP.

    Try looking up the IP on http://whois.sc/<IP Address> and see if it is from overseas. If it's from your own country or a 'developed' nation, report it to the abuse email address that appears in the WHOIS query.
    dd if=/dev/swc666 of=/dev/wyze

  4. #4
    Just burned his ISO
    Join Date
    Mar 2008
    Posts
    24

    Default

    Ok thats cool. I kinda find it funny, that I start looking to a good sorce of info about securty. (working on my CCNA ) That this starts to happen. But its cool just as long as my fire wall is working good and theres nothing else is should do. Then im happy
    Thanks for the info and I will do some query
    i apreacate it guys...

  5. #5
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default hey

    i totally agree with swc666 but if i were you for now i would go to tools in your web browser presuming your using ie then to internet options click on the security tab make sure you internet sucurity level zone is set to atleast medium then apply the go to privacy tb and if i were youi would personally set this to high just for a week or two after the attackers see your are not vulnerable it should stop if it hasent stopped in 2 weeks contact me and i will personally help you
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  6. #6
    Just burned his ISO
    Join Date
    Mar 2008
    Posts
    24

    Default

    Thank you. I will try that and see what happends
    and SWC666 I tryed what you said (reporting them). All emails were returend undeliverable......... Bla......
    @#$#@ Atackers picking on someone that dont know how to stop them. (yet)


    ohhh and the count is up to 20 blocked attemps some ip's are repeating now

  7. #7
    Junior Member unix_r00ter's Avatar
    Join Date
    Feb 2007
    Posts
    64

    Default

    It sounds like a Vulnerabilty scanner, or some kind of bot, i wouldnt worry too much, as long as you :

    1. Keep firewall on (up 2 date)
    2. Have realtime antivirus (up 2 date)
    3. Windows updates
    4. stay away from dodgy download sites

  8. #8
    Member imported_anubis2k7's Avatar
    Join Date
    Jun 2006
    Posts
    115

    Default

    Quote Originally Posted by swc666 View Post
    More than likely this is random garbage from somehwhere like China or Korea that is seeking to infect a vulnerable system. I would bet that you have a high speed connection with a commercial ISP.
    Right on the money swc. Any person can setup an intrusion detection system and see that those %$#%# broadcast their junk virtually once every 15 min.

    Quote Originally Posted by swc666 View Post
    Try looking up the IP on http://whois.sc/<IP Address> and see if it is from overseas. If it's from your own country or a 'developed' nation, report it to the abuse email address that appears in the WHOIS query.
    Quote Originally Posted by Mclovin View Post
    Thank you. I will try that and see what happends
    and SWC666 I tryed what you said (reporting them). All emails were returend undeliverable......... Bla......
    @#$#@ Atackers picking on someone that dont know how to stop them. (yet)


    ohhh and the count is up to 20 blocked attemps some ip's are repeating now
    My experience is, unless the attack comes from US, Canada and certain western European countries, any complaints are used as toilet paper.

    How detailed are the logs of your firewall? Can you do a packet analysis? If so, you will probably only see packets from these attackers with only the SYN flag set…and if this is all, then you are ok. If you see any outbound traffic from your machine, then you could have a problem.

    Otherwise, simply set your firewall to drop packets from these offensive addresses.
    "Sure is for people with nothing on the line.....you and me? We just get on with it."

    -Garabaldi

  9. #9
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by anubis2k7 View Post
    Right on the money swc. Any person can setup an intrusion detection system and see that those %$#%# broadcast their junk virtually once every 15 min.
    About every 20 secs on my line..



    Quote Originally Posted by anubis2k7 View Post

    If you see any outbound traffic from your machine, then you could have a problem.

    Otherwise, simply set your firewall to drop packets from these offensive addresses.
    Yes.. outbound traffic would be an inherently BAD thing: just as I heard hdm say the other day, there's nothing good. More of a reason to setup a transparent firewall with, as aniubis2k7 instructs, to drop packets from these offenders.

    BTW, if anyone needs a decent list of IP's to block, PM me and I'll send you a few.
    dd if=/dev/swc666 of=/dev/wyze

  10. #10
    Just burned his ISO
    Join Date
    Mar 2008
    Posts
    24

    Default

    Quote Originally Posted by swc666 View Post
    Yes.. outbound traffic would be an inherently BAD thing

    Normaly it is.....
    But ya there still coming in, still being blocked
    and I will do some research on packet analysis and get back to yea on that
    but so far from what I have found is that there all coming from over sea's so thats out of the question
    and no out bound trafic that i can see. all open ports are being used by the system

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •