Your Ad Here Your Ad Here
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Firewall Question

  1. #1
    For the past week someone as been attempting to access my comp.
    My firewall states these attempts are Critical.

    At first i just increased the time to block the ips.
    This hasn't deterred who ever is doing this,
    no sooner is the block finished there is another attempt.

    So earlier today i switched of active response there
    was a further 8 attempts, now i get 2/3 port scans every hour.

    There is about 6 different ip addresses,
    but the same remote mac number.

    I did an whois on the ips and they are all from the same ip company,
    no further information was available.

    Any help on what i can do will be much appreciated.

  2. Software & Hardware   -   #2
    Chewie's Avatar Chew E. Bakke
    Join Date
    Feb 2004
    Posts
    4,883
    What type of attack is it?
    There isn't a bargepole long enough for me to work on [a Sony Viao] - clocker 2008

  3. Software & Hardware   -   #3
    Poster
    Join Date
    Aug 2003
    Location
    Burmoda triangle, right behind you!
    Posts
    571
    + what kind of firewall do you have?
    Click the longhorn icon to visit my website.
    <span style='color:blue'><span style='font-size:8pt;line-height:100%'> You try Everything in my/our post(s) at YOUR own risk. I/we do not take responsibily for damages, caused by the post(s). Clicking on/or modifying anything in here is not permitted. Whoever edits my sig is a pussy.</span></span>

    ::::::::::::::::::::::::::::::::::::::::

  4. Software & Hardware   -   #4
    Protocol says its a TCP

    Thanks for the quick response Chewie UK

  5. Software & Hardware   -   #5
    Originally posted by supersonic@5 August 2004 - 00:07
    + what kind of firewall do you have?

    sygate up to date

  6. Software & Hardware   -   #6
    Chewie's Avatar Chew E. Bakke
    Join Date
    Feb 2004
    Posts
    4,883
    Originally posted by Sudden@4 August 2004 - 23:09
    Protocol says its a TCP

    Thanks for the quick response Chewie UK
    TCP? That is a protocol alright, but what attack is being perpetrated using TCP?
    There isn't a bargepole long enough for me to work on [a Sony Viao] - clocker 2008

  7. Software & Hardware   -   #7
    Poster
    Join Date
    Aug 2003
    Location
    Burmoda triangle, right behind you!
    Posts
    571
    make a sygate advanced rules to block the whole IP range.
    e.g 64.0.0.0-64.225.225.225
    All applications should be affected by this rule, highest periority (put it on top of other rules) on all ports and all protocols.
    Click the longhorn icon to visit my website.
    <span style='color:blue'><span style='font-size:8pt;line-height:100%'> You try Everything in my/our post(s) at YOUR own risk. I/we do not take responsibily for damages, caused by the post(s). Clicking on/or modifying anything in here is not permitted. Whoever edits my sig is a pussy.</span></span>

    ::::::::::::::::::::::::::::::::::::::::

  8. Software & Hardware   -   #8
    Chewie UK,5 August 2004 - 00:17
    but what attack is being perpetrated using TCP?

    Inbound DCE BIND



    supersonic Posted on 5 August 2004 - 00:17
    make a sygate advanced rules to block the whole IP range.
    e.g 64.0.0.0-64.225.225.225
    All applications should be affected by this rule, highest periority (put it on top of other rules) on all ports and all proto
    If idid that i would block my own ip

  9. Software & Hardware   -   #9
    shn's Avatar 3μ|\|(7
    Join Date
    May 2003
    Posts
    3,585
    I wouldn&#39;t bother with it. Just save the logs and if it continues then contact their isp&#39;s abuse dept.

    Or get a fresh ip.

  10. Software & Hardware   -   #10
    Poster
    Join Date
    Aug 2003
    Location
    Burmoda triangle, right behind you!
    Posts
    571
    You don&#39;t need to contact your own comp., so you can safely block the range.
    If you have a static IP, you can block all the IPs of that ISP, except for yours.

    And make sure you do either of the following:
    1. Block SVHOST, if it caused problems
    then
    2.

    In the SPF GUI, click on Applications, scroll to SVCHOST.EXE, click the Advanced button, and uncheck the "act as server" box.
    Cam


    source



    As shn mentioned, your firewall is doing its job, so you shouldn&#39;t worry anyway.
    Click the longhorn icon to visit my website.
    <span style='color:blue'><span style='font-size:8pt;line-height:100%'> You try Everything in my/our post(s) at YOUR own risk. I/we do not take responsibily for damages, caused by the post(s). Clicking on/or modifying anything in here is not permitted. Whoever edits my sig is a pussy.</span></span>

    ::::::::::::::::::::::::::::::::::::::::

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •