Results 1 to 8 of 8

Thread: nortonfirewall question?

  1. #1

    nortonfirewall question?

    I was curious about my firewall.Everytime I am on line my firewall goes apecrap telling me theres a high level risk of attack. Whether its from sub7 or asapi extension its about every 8 to ten minutes sometimes from the same ip over and over. My Q is how would I know whether its someone searching with hacking tools, or just some scriptcrap running on somebodys computer?

    Is there a simple way to find out or would I have to go and learn everything I can find about those types of attacks?

    For the most part ive had no problems with my computer, But I was just curious if I should turn down the settings to medium security so I dont get as many alerts. Thanks guys ...pZargs

  2. #2
    Senior Member
    Join Date
    May 2003
    Posts
    407
    Well, if it is from the same IP, the proper thing to do would be to find out which ISP that IP belongs to and report it to them. Chances are it is some script kiddie doing a portscan or Sub7 scan or whatever.



    slick
    \"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller

  3. #3
    Senior Member Raion's Avatar
    Join Date
    Dec 2003
    Location
    New York, New York
    Posts
    1,299
    To my understanding Norton is telling you that someone is trying to connect to your computer through a port a trojan uses so maybe you should do a trojan scan?
    WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!

  4. #4
    yea slick is right, if its coming from subseven you can be almost positive its a script kiddie. yea id do what he said, just do a trace and find out the ISP and report the IP adress to them...
    Red Hot Chili Peppers

  5. #5
    thanks yea ive done that it took a week for the isp to call me back and all they said was they would look into it.But I know now I wont change my settings...thanks again

  6. #6
    Senior Member Wazz's Avatar
    Join Date
    Apr 2003
    Posts
    288
    I would definately update your antivirus defs and do a full scan. Your machine could be initiating this by pinging the malicious host everytime you get online. I would look into your end of things just to be safe. Good Luck.
    "It is a shame that stupidity is not painful" - Anton LaVey

  7. #7
    yea that sounds good.Ive been using hijackthis for getting rid of trojans and other hijackers ,Allthough I havent tried adware Im going to look into it.thanks all....

  8. #8
    You should be doing regular virus/malware scans, but don't be too worried about frequent trojan scans, basically what skiddies will do is take a trojan's port and scan millions of addresses trying to find infected computers. Pretty lame, can't even install a trojan, they need a pre-hacked pc with pre-hacked tools. Don't waste your time reporting them, there's thousands of them out their all the time.

    Norton PF, has an auto block feature I believe, so it won't except any traffic from the scanning ip for 30min, which keeps down repeated attempts. Also you can keep your blocking level at high and your reporting level at low, that way you'll get the same safety level, without being alerted with endless useless info. You can always review the logs later all at once.
    [gloworange]
    find /home/$newbie -name *? | www.google.com 2>/dev/null
    [/gloworange]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •