Question of topic of BT

[Mclovin]

Ok I have a little problem. (dont know much about securtys). I have Kaspersky Internet securty. (yes windows ) I keep on getting someone attacking me. Which my firewall seem to be working great. Blocking every atempt. (so far only 5) Now its alittle worry some. (What if it fail's) But for now everything is ok. Just alittle annoying. Is there any outher precautions i should take or something I should do? Exe..... change my ip (dynamic), better firewall, block ports.........

This is what I keep on getting, just different ip's. I have done a tracert and found that they are comeing from differ places everytime no consistsy
got one on a sprint card one in london couple outhers i dont rember


3/13/2008 8:47:28 PM Intrusion.Win.MSSQL.worm.Helkern (sorce ip goes here) (protocol) UDP (port#) 1434


If you dont mind just give me some ideas ill figure out the rest
tks

[L0stF8]

these happen a lot if your on the go and using wireless card at airports and things. otherwise just keep your firewall up and it should be ok.

[imported_wyze]

More than likely this is random garbage from somehwhere like China or Korea that is seeking to infect a vulnerable system. I would bet that you have a high speed connection with a commercial ISP.

Try looking up the IP on http://whois.sc/<IP Address> and see if it is from overseas. If it's from your own country or a 'developed' nation, report it to the abuse email address that appears in the WHOIS query.

[Mclovin]

Ok thats cool. I kinda find it funny, that I start looking to a good sorce of info about securty. (working on my CCNA ) That this starts to happen. But its cool just as long as my fire wall is working good and theres nothing else is should do. Then im happy
Thanks for the info and I will do some query
i apreacate it guys...

[killadaninja]

i totally agree with swc666 but if i were you for now i would go to tools in your web browser presuming your using ie then to internet options click on the security tab make sure you internet sucurity level zone is set to atleast medium then apply the go to privacy tb and if i were youi would personally set this to high just for a week or two after the attackers see your are not vulnerable it should stop if it hasent stopped in 2 weeks contact me and i will personally help you

[Mclovin]

Thank you. I will try that and see what happends
and SWC666 I tryed what you said (reporting them). All emails were returend undeliverable......... Bla......
@#$#@ Atackers picking on someone that dont know how to stop them. (yet)


ohhh and the count is up to 20 blocked attemps some ip's are repeating now

[unix_r00ter]

It sounds like a Vulnerabilty scanner, or some kind of bot, i wouldnt worry too much, as long as you :

1. Keep firewall on (up 2 date)
2. Have realtime antivirus (up 2 date)
3. Windows updates
4. stay away from dodgy download sites

[imported_anubis2k7]

More than likely this is random garbage from somehwhere like China or Korea that is seeking to infect a vulnerable system. I would bet that you have a high speed connection with a commercial ISP.

Right on the money swc. Any person can setup an intrusion detection system and see that those %$#%# broadcast their junk virtually once every 15 min.

Try looking up the IP on http://whois.sc/<IP Address> and see if it is from overseas. If it's from your own country or a 'developed' nation, report it to the abuse email address that appears in the WHOIS query.

Thank you. I will try that and see what happends
and SWC666 I tryed what you said (reporting them). All emails were returend undeliverable......... Bla......
@#$#@ Atackers picking on someone that dont know how to stop them. (yet)


ohhh and the count is up to 20 blocked attemps some ip's are repeating now

My experience is, unless the attack comes from US, Canada and certain western European countries, any complaints are used as toilet paper.

How detailed are the logs of your firewall? Can you do a packet analysis? If so, you will probably only see packets from these attackers with only the SYN flag set…and if this is all, then you are ok. If you see any outbound traffic from your machine, then you could have a problem.

Otherwise, simply set your firewall to drop packets from these offensive addresses.

[imported_wyze]

Right on the money swc. Any person can setup an intrusion detection system and see that those %$#%# broadcast their junk virtually once every 15 min.

About every 20 secs on my line..

If you see any outbound traffic from your machine, then you could have a problem.

Otherwise, simply set your firewall to drop packets from these offensive addresses.

Yes.. outbound traffic would be an inherently BAD thing: just as I heard hdm say the other day, there's nothing good. More of a reason to setup a transparent firewall with, as aniubis2k7 instructs, to drop packets from these offenders.

BTW, if anyone needs a decent list of IP's to block, PM me and I'll send you a few.

[Mclovin]

Yes.. outbound traffic would be an inherently BAD thing

Normaly it is.....
But ya there still coming in, still being blocked
and I will do some research on packet analysis and get back to yea on that
but so far from what I have found is that there all coming from over sea's so thats out of the question
and no out bound trafic that i can see. all open ports are being used by the system