Printable View
my firewall is insain, or just im odd
so almost every hour or so, i get a ATTACK ALERT from my firewall(its norten) sayin that i have been attacked and its been blocked, should i worry about this, or is it common, and it isn't always just a person, could it be a automatic computer doin it?
Personally, I think that it is a good thing. Your firewall is blocking incoming traffic, and doing what it is designed to do!
If the alerts are annpying you, there should be a function on your Firewall to stop the pop-up alters from happening, but I cannot say definitavely without knowing what firewall you are using.
Yeah I would be happy to see so many alerts, it's a good sign of your firewall doing exactly what it was meant to do. As SoggyBottom said there should be an option to disable the pop ups if they do tend to get annoying.
thanks, is every attack an attack by a hacker so to say? or just something else¿
Quote:
Originally posted here by theyortiscool
thanks, is every attack an attack by a hacker so to say? or just something else¿
umm, a Hacker, no, a cracker or script kiddie, maybe.
It depends on what kind of attack it says its blocking. if you paste some of the logs in and we can look then maybe we could tell what they are.
usually its not an attack at all or at least not by a person. your fw reports any attempt to connect as an attack even if its legit. does norton tell you the port and protocol? many attempts to connect are internet worms looking for servers to infect. sql iis or other. if you consider these 'attacks' i guess you could say your being attacked. if you can give more info im sure someone will tell you what it is
Dont be worried that your computer is saying its blocking attack, worry when it stops saying that it is blocking attacks. lol
I would say it is definitely an automatic attack, if indeed an attack at all. Either:Quote:
Originally posted here by theyortiscool
my firewall is insain, or just im odd
so almost every hour or so, i get a ATTACK ALERT from my firewall(its norten) sayin that i have been attacked and its been blocked, should i worry about this, or is it common, and it isn't always just a person, could it be a automatic computer doin it?
- You are genuinely being attacked, almost certainly by a worm. Almost certainly by either an IIS worm or SQL Slammer (which is dead now 99% of ISPs block it?)
or
- Your firewall is detecting legitimate traffic as an attack.
The second is fairly likely. Some of these Windoze application firewalls are amazingly paranoid by default and classify any connection as an attack unless it matches some rule for legitimate traffic. This is rediculous. A real IDS would probably not see these as attacks.
For example, a straightforward ping could be seen as an attack by your firewall, but many things legitimately ping client boxes (perhaps to determine latency)
One other thing:
Are you running P2P or have you been recently? If so then ignore *ANY* IDS. P2P vs IDS is a battle IDS cannot win.
Donn't your firewall gives you more details about the dropped flows.
Maybe it's simple scans - then you can't do a lot and pray that the scanner is not handled by a kid.
Maybe it is a real attack - & then you should worry, investigate and take counter measures.
If you don't know where to start I'm sure by publishing your logs (:!: hide your public addys) on AO, some folks will help thanx to their expertise.
yeah, it can tell me what the ip adress is of the person who is attackin me. when i click on more info it tells me that it is a inbound trojan horse. but i scan for virus's and none is detected. i did have THE CLEANER but my 30 day trial ran out. is there any other programs that can clean and delet any trjans that are on my pc.
and i do run the occasual P2P(kazaa)