January 20th, 2004, 12:28 AM
I was curious about my firewall.Everytime I am on line my firewall goes apecrap telling me theres a high level risk of attack. Whether its from sub7 or asapi extension its about every 8 to ten minutes sometimes from the same ip over and over. My Q is how would I know whether its someone searching with hacking tools, or just some scriptcrap running on somebodys computer?
Is there a simple way to find out or would I have to go and learn everything I can find about those types of attacks?
For the most part ive had no problems with my computer, But I was just curious if I should turn down the settings to medium security so I dont get as many alerts. Thanks guys ...pZargs
January 20th, 2004, 12:34 AM
Well, if it is from the same IP, the proper thing to do would be to find out which ISP that IP belongs to and report it to them. Chances are it is some script kiddie doing a portscan or Sub7 scan or whatever.
\"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller
January 20th, 2004, 12:36 AM
To my understanding Norton is telling you that someone is trying to connect to your computer through a port a trojan uses so maybe you should do a trojan scan?
WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!
January 20th, 2004, 12:39 AM
yea slick is right, if its coming from subseven you can be almost positive its a script kiddie. yea id do what he said, just do a trace and find out the ISP and report the IP adress to them...
January 20th, 2004, 01:13 AM
thanks yea ive done that it took a week for the isp to call me back and all they said was they would look into it.But I know now I wont change my settings...thanks again
January 20th, 2004, 08:42 AM
I would definately update your antivirus defs and do a full scan. Your machine could be initiating this by pinging the malicious host everytime you get online. I would look into your end of things just to be safe. Good Luck.
"It is a shame that stupidity is not painful" - Anton LaVey
January 20th, 2004, 08:45 PM
yea that sounds good.Ive been using hijackthis for getting rid of trojans and other hijackers ,Allthough I havent tried adware Im going to look into it.thanks all....
January 20th, 2004, 09:14 PM
You should be doing regular virus/malware scans, but don't be too worried about frequent trojan scans, basically what skiddies will do is take a trojan's port and scan millions of addresses trying to find infected computers. Pretty lame, can't even install a trojan, they need a pre-hacked pc with pre-hacked tools. Don't waste your time reporting them, there's thousands of them out their all the time.
Norton PF, has an auto block feature I believe, so it won't except any traffic from the scanning ip for 30min, which keeps down repeated attempts. Also you can keep your blocking level at high and your reporting level at low, that way you'll get the same safety level, without being alerted with endless useless info. You can always review the logs later all at once.
find /home/$newbie -name *? | www.google.com 2>/dev/null