Should I be worried?
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Should I be worried?

  1. #1
    Junior Member
    Join Date
    Jul 2004
    Posts
    5

    Angry Should I be worried?

    I'm using Sygate Personal Firewall and every day, I get a Security Log a mile long... I'm just gonna post a few:
    Should I be worried? Or the firewall can handle theese on it's own? I mean... are any attacks that can get past the firewall (in the ideea that theese guyz alwayz do the same things... as far as i can see)?

    1) 07/12/2004 18:48:18 Port Scan Minor Incoming TCP 207.33.111.36 00-50-DA-26-BA-E4 x.x.x.x 00-E0-4C-9E-20-22 A AS Normal 1 07/12/2004 18:48:18 07/12/2004 18:48:18
    2) 07/12/2004 18:48:19 Active Response Major Incoming None 207.33.111.36 00-50-DA-26-BA-E4 x.x.x.x 00-E0-4C-9E-20-22 A AS Normal 1 07/12/2004 18:48:19 07/12/2004 18:48:19
    3) 07/12/2004 20:14:11 Intrusion Detection System Critical Incoming TCP 82.77.136.13 00-50-DA-26-BA-E4 x.x.x.x 00-E0-4C-9E-20-22 ndisuio.sys A AS Normal 1 07/12/2004 20:14:11 07/12/2004 20:14:11
    4) 07/12/2004 20:14:11 Intrusion Detection System Critical Incoming TCP y.y.y.y 00-50-DA-26-BA-E4 x.x.x.x 00-E0-4C-9E-20-22 svchost.exe A AS Normal 1 07/12/2004 20:14:11 07/12/2004 20:14:11
    5) 07/12/2004 20:14:13 Active Response Major Incoming None x.x.x.x 00-50-DA-26-BA-E4 82.77.19.110 00-E0-4C-9E-20-22 A AS Normal 1 07/12/2004 20:14:13 07/12/2004 20:14:13
    6) 07/12/2004 20:24:12 Active Response Disengaged Information None None x.x.x.x 00-00-00-00-00-00 0.0.0.0 00-00-00-00-00-00 A AS Normal 1 07/12/2004 20:24:12 07/12/2004 20:24:12
    7) 07/12/2004 20:26:02 Intrusion Detection System Critical Incoming TCP 82.77.98.205 00-50-DA-26-BA-E4 x.x.x.x 00-E0-4C-9E-20-22 ndisuio.sys A AS Normal 1 07/12/2004 20:26:02 07/12/2004 20:26:02
    8) 07/12/2004 20:26:02 Intrusion Detection System Critical Incoming TCP 82.77.98.205 00-50-DA-26-BA-E4 x.x.x.x 00-E0-4C-9E-20-22 svchost.exe A AS Normal 1 07/12/2004 20:26:02 07/12/2004 20:26:02
    9) 07/12/2004 20:26:02 Active Response Major Incoming None 82.77.98.205 00-50-DA-26-BA-E4 x.x.x.x 00-E0-4C-9E-20-22 A AS Normal 1 07/12/2004 20:26:02 07/12/2004 20:26:02
    10) 07/12/2004 20:36:02 Active Response Disengaged Information None None 82.77.98.205 00-00-00-00-00-00 0.0.0.0 00-00-00-00-00-00 A AS Normal 1 07/12/2004 20:36:02 07/12/2004 20:36:02
    11) 07/12/2004 21:41:37 Intrusion Detection System Critical Incoming TCP 82.77.164.111 00-50-DA-26-BA-E4 x.x.x.x 00-E0-4C-9E-20-22 ndisuio.sys A AS Normal 1 07/12/2004 21:41:37 07/12/2004 21:41:37
    12) 07/12/2004 21:41:37 Intrusion Detection System Critical Incoming TCP 82.77.164.111 00-50-DA-26-BA-E4 x.x.x.x 00-E0-4C-9E-20-22 svchost.exe A AS Normal 1 07/12/2004 21:41:37 07/12/2004 21:41:37
    13) 07/12/2004 21:41:37 Active Response Major Incoming None 82.77.164.111 00-50-DA-26-BA-E4 x.x.x.x 00-E0-4C-9E-20-22 A AS Normal 1 07/12/2004 21:41:37 07/12/2004 21:41:37
    Never interrupt your enemy when he is making a mistake.

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    I suggest removing your IP and replace it with x.x.x.x (or something similar).
    If you don't I can assure you you'll get lots more logging ;-)
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member
    Join Date
    May 2003
    Location
    Area-51
    Posts
    148
    Unless Im missing something, Or Im reading it wrong, neither or the two IPs there are his.

    Nothing to be worried about though, theres always going to be people scanning and trying to get in. Just keep your AV up to date, your OS patched and monitor your internet connections,
    It is impossible to make anything foolproof because fools are so ingenious. - Murphy
    CooLL.Net

  4. #4
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    Try changing your firewall settings so it doesn't log EVERYTHING. I'm sure there's an option for your Alerting Level....if you have it on Medium or High, change it to LOW.

    I wouldn't be too worried, but if the logs continue to be this long even with a LOW setting, i'd keep an eye on it because someone is defenitely scanning you for a purpose...or maybe your network is filled with skiddies .

    BTW follow the given advice and hide your IP address next time.

    Welcome to AO.

  5. #5
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Plugging into a public network (Internet) will net you portscans and hack attempts all day long.
    I would start worrying when the logging stops...

  6. #6
    Junior Member
    Join Date
    Jul 2004
    Posts
    5
    I've edited it, removing my ip... thanx for the info... I guess there's nothing to worry about then... Thanx
    Never interrupt your enemy when he is making a mistake.

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Just noticed something. Do you have a wireless (linksys i.e.) router?

    http://www.iceteks.com/articles.php?...e=ndisuio&p=1&
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    Junior Member
    Join Date
    Jul 2004
    Posts
    5
    No, no wireless router... why? Oh... I can see now... not sure if I should disable the Wireless Zero Configuration as I am running XP.
    Never interrupt your enemy when he is making a mistake.

  9. #9
    Junior Member
    Join Date
    Jul 2004
    Posts
    15
    Well, the first thing I would do is run a whois search on those IP's... I like to know where its comming from, makes it more fun. Also, if you dont want to see logs of those IP's anymore i recommend setting an advanced rule in Sygate to block all incoming and outgoing traffic to the offending IP's. Hope my comment was of some assistance.

    -Shell_Coder

  10. #10
    Senior Member Info Tech Geek's Avatar
    Join Date
    Jan 2003
    Location
    Vernon, CT
    Posts
    828
    I don't see a real need to do that unless the attacks are going anywhere. I know my friends firewall fills up with mysterious hits and he had no clue why until I pointed out his freaking LimeWire activities. I say this is common among most high speed systems and the only reason to worry is if the attacks stop being traced or if you start seeing weird activity on your system.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •