Am i beingh Hacked ?

[parth_scores]

Hi,
I use Norton Internet Security suit professional version 2004. today is the first time my IDS is showing me that a computer with ip 211.18.165.69 (detail's in the attached file). Although I have blocked the computer's IP still the number of times it has attacked me has gone up to 1726 times. In the attached file I have included DNS and other important information. I am new to Security please help me in what should be my next step. I feel its a scan mostly a Nmap because the connection on certain service ports were scanned with a SYN stealth scan signature but i am not sure at all like i said i am new to this field and my knowledge is near to nil.

[KorpDeath]

Contact the hosting ISP and complain. If that doesn't work and the "attacks" are truly affecting your internet connection then contact your ISP to get your IP changed. As far as the question, am I being hacked? Probably not, it's probably some lil' kid in Japan trying out a scanner. In all honesty if they were a real threat, they'd already have the script to crash Norton and they'd have already done it.

There is allot of noise on the internet and sometimes even good IDS's give false positives. (And I'm not saying Norton is a good IDS by any means.) So just be prepared for a whole lot of false positives.

If you are truly from India then you'll see quite allot of scans and such, people just feeling around and trying new toys. This is coming from someone who had to support a satellite office in India for 4 years, not fun.

[Spyder32]

As Korp stated, you probably aren't being hacked per se. Chance's are you're being probed by someone to see if you have a particular service running or particular port open (port probing). Or it could be some stupid kid who downloaded a proggie, ran it, and came up with your IP. You shouldn't have much to worry about as long as everything's secured, no services not needed are running, port's left open, and it seem's like you're paying attention to the logfile's and whatnot. So you should be fine.

[parth_scores]

Hey thanks to both of you. I agree that its not a big threat i checked my windows firewall log and found no entry for the IP. but norton log shows that it was a XMAS_null scan.

and KorpDeath please tell me which is a good firewall is BlackIce better then Norton. i also agree that no firewall is going to keep my system completly protected. but i would love to learn more. I am new to the field and i would love to have more information.

[Spyder32]

IMO neither. Kerio and Sygate (as well as Outpost) are more popular, better features, and tend to work better than both of those that you mentioned. But hey, you asked for Korp's opinion not mine .

[parth_scores]

Spyder32 sorry if you felt that way. please you should know that i am new to this field and very curious. would you mind tell me what KorpDeath ment by "In all honesty if they were a real threat, they'd already have the script to crash Norton and they'd have already done it." is if its not aginst the policy of the site please give me details. do all attacks have to be Zero day attack to work or even older ones work because of not updated servers. dont mind my curiosity.

[Spyder32]

I don't mind curiosity, and I was kidding my friend . I think what he meant was that if it was something serious or something to really be alarmed about, the person aleady would have used whatever program/script to crash your Norton and that they would have already done it. And to answer your second question, no. Doesn't alway's have to be in order to work. Some actually take time to execute (DoS attacks, etc).

[moxnix]

parth_scores, If I was a cracker and wanted your system, I would scan your IP just once or twice, determine what security you had including firewall. Then I would research the known exploits against your firewall and then try them. After I was through your firewall, I would use an exploit aimed at a service you are using.
Then you would be owned.

As in this picture some one else posted already (sorry, don't remember who)

Note following photo while not x-rated might not be for open office viewing

[parth_scores]

Okay my last question to all of you please suggest me a good site for information on exploits like www.k-otik,com but this one is in french laguage and i am not good in that. any good suggestions welcomed.

[Spyder32]

If you ever wanna research or lookup exploit's, then google. Sometime's I refer to Zone-H.org or Blackcode.com for some exploit information as well but like I said mostly google.