Results 1 to 9 of 9

Thread: McAfee internet security suite

  1. #1

    McAfee internet security suite

    hello,

    as you can see im new here as well as the world of firewalls. i have some questions. first off i just switched firewalls i went from sygate to this McAfee internet kit that came with virus scan and firewall plus and some other things. now i switched because a few days ago i noticed my system was working slow internet wise when i surf the net the pages open like i was on dial up!. very annoying, also i play multiplayer games online and i noticed much lag and higher pings also i notice much more scans of my ports and attempts to connect. so being new to security i thought sygate was not doing that well of a job cause im one to believe you get what you pay for and since it was free well.....so i have this new software and i feel it does a better job than sygate but after i installed it sunday afternoon around 4pm for i left and returned around 11 and had about 75 attempts or scans to my ports. now my question is, is this a normal amount of "attacks" and if so do these scans have an effect on my internet and gaming being so laggy? how could i set up my computer so it doesnt respond to these attempts or maybe i can hide my IP? so i wont get these "scans". also i was looking at router firewalls? is this method of security any better?

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi, welcome to AO,

    I would say that your 75 hits is not abnormal. I assume that you are referring to "connection attempts" rather than actual port scans. I have just looked at mine and I had 11 hits in the last 6 minutes, but only one was a port scan. The rest were typical internet "noise" If you are getting repeatedly hit from the same address then you may have some cause for concern.

    The internet is still inhabited by a lot of unpatched and infected machines that have network aware trojans that are scanning the ISP subnet. I suspect that if you look at the details you will see a lot of them are harmless "pings" and that most of the other stuff has originated from within your own ISP subnet. At least that is how things are here.

    I am no expert on routers, but they are physical devices and potentially more flexible than a standard home software firewall. I would certainly want one if I had a fixed IP address.

    Hope that helps a bit

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    Broadband connections justify owning a hard firewall, such as a linksys router, or if you want a better one for home use thats not TOO expensive, look at the netopia r910.
    good good little router, fairly easy to setup, not as easy as a linksys tho.
    I just have had experiences with both, the linksys is ok unless you start serving out pages or other services... it bogs and hangs. the Netopia does not...
    least hasnt for me...

    But I digress...

    Software routers are only as good as the software its running on, remember that.
    they are prone to crashes etc. hardware are too, but its much less likely, as long as you set it up right. If you do go with linksys, dont do like my neighbor.

    she set up a wireless access point, and let it go default. Also left administrator no password on her machine.
    I did her a favor, logged into the router, changed default password, and secured it... least now she has a firewall that isnt turned on and off like a switch.

    MAKE SURE YOU CHANGE DEFAULT LOGIN PASSWORD AND DISABLE REMOTE MANAGEMENT.
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  4. #4
    hey thanks for the response, i guess i will look into the router also here are some examples of some of the attempts i get

    A computer at adsl-68-122-208-97.dsl.irvnca.pacbell.net has attempted an unsolicited connection to TCP port 1025 on your computer.
    TCP port 1025 is commonly used by the "network blackjack" service or program. The "Black Jack" port is used by many services -- it is the first high port available on your system.

    A computer at adsl-68-122-208-97.dsl.irvnca.pacbell.net has attempted an unsolicited connection to TCP port 3127 on your computer.

    A computer at adsl-68-122-208-97.dsl.irvnca.pacbell.net has attempted an unsolicited connection to TCP port 6129 on your computer.

    A computer at d150-24-172.home.cgocable.net has attempted an unsolicited connection to UDP port 1026 on your computer.

    A computer at d150-24-172.home.cgocable.net has attempted an unsolicited connection to UDP port 1026 on your computer.

    A computer at adsl-68-126-104-222.dsl.sndg02.pacbell.net has attempted an unsolicited connection to TCP port 2745 on your computer.
    TCP port 2745 is commonly used by the "URBISNET" service or program.

    and thats what i constantly get usually from the same ip it attempts 3 to 4 times.

    so do you think these scans affect my internet connection?

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Not really,

    That would take a denial of service attack (direct assault on you) this is more like robotic trojans and kids fooling around?

    As I mentioned, looks like a lot are coming through your subnet.........have you got a cable service that hooks into Bell Pacific for its service?..........as I said I am over here

    Cheers

  6. #6

    Post

    well i have cable internet, supplied by cox media.

    well thanks alot for your help now i dont want to drag this thread with my redundant newbie questions so whats your final diagnosis and suggestion for my plan of attack? is my traffic of people exploring normal and i shouldnt worry about it? and if its not whats the next step of security the firewall router? also can i just like hide my ip so i wont even get attempts?

    thanks for your help.

  7. #7
    well i just installed the mcafee firewall also. i have a dsl connection and am amazed at how much traffic i get tring to access my poor little system. i've been at this for a week. and what i've found out, is through your firewall you can put internet sites in an area that is 'always allowed, and of course can ban others". and also check your cookies settings on your system. you can also specifiy sites to override cookie settings and always allow/ and to ban cookies from others. leaning alot here.

    mcafee beef: is since i'm poor and only have the aol version i can't automatically send them info on who's accessing my system. and i get ALOT of access from a road runner system(s) in florida (tampabay). i wish i knew where i could send this into to...that is one of the reasons i came to this board. so anyone have any ideas?
    everything you say to me takes me one step closer to the edge:
    AND I\'M ABOUT TO BREAK...LP

  8. #8
    Originally posted here by empireapparel
    well i have cable internet, supplied by cox media.

    well thanks alot for your help now i dont want to drag this thread with my redundant newbie questions so whats your final diagnosis and suggestion for my plan of attack? is my traffic of people exploring normal and i shouldnt worry about it? and if its not whats the next step of security the firewall router? also can i just like hide my ip so i wont even get attempts?

    thanks for your help.
    well i'm like you and new and amazed at the amount of traffic around my ports. increase the security to high...then you can go underthe internet sections denies access to sites, if you can get the addresses (go to the web and search ip addresses, there are free searches you can do to track an ip address to a site or host), then you can block access. but with a high security level at first you will get alot of windows from your wall about new sites you're going to gaining access. just bear with this and give them access if you trust them. now i have also increase my cookie security though my control panel/internet options/privacy. but again, there is a place to override these setting and you can ban cookies from site, or always allow cookies from the sites you know. its a bit of a pain at first, but my as-aware checks are now neg and virus scans are none. and i think as i work with it and get my sites acknowledged it won't be such a problem. its not your ip that is the problem its your ports, and usually your ip will change with each log on. try what i said....if you need some extra help ( us newbies gotta stick together, pm me ok?)
    everything you say to me takes me one step closer to the edge:
    AND I\'M ABOUT TO BREAK...LP

  9. #9
    Senior Member
    Join Date
    Mar 2004
    Posts
    139

    traffic...


    Hi empireapparel,

    I think what nihil said about wild traffic on the net is the issue. You will now see a fair amount of it, and you'd be waisting quite a bit of time trying to track all of it down, especially in light of all the compromised hosts with "network aware" bots on them. This is the nature of having a firewall installed that blocks and logs all this traffic. Also, I have come to understand that when you access a website, it will often try to initiate a connection on a different port. Some of this is for functionality, other times, who knows. Firewalls are generally designed to block unsolicited traffic, and when you see this in your logs, your firewall is doing its job. In addition, there will also be a fair amount of ICMP traffic, such as "ping". This could be from your service provider or somebody(thing) scanning.
    "Ping" is generally a tool to test connectivity, but can be used for malicious purposes.

    What is great about this Forum and you being here, is that you are learning about TCP/IP, the protocol that is used on the Internet to send and receive data. I am certainly learning here. Keep reading and searching for relevant posts.

    I have calmed down a bit. It is good to have a sense of paranoia, but it has to have perspective. You'll get that here. So, don't ignore your logs, play with them, use 'tracert' and 'ping' from the "command line" to start with. Get to know what TCP/IP is all about. There is tons of info on the net. Before you know it, you'll unleash the real power of your "poor little system", LOL.
    Last but not least, your firewall will do what you tell it to(hopefully). So if you download binary indiscriminately, you'll get what you ask for. Some software has "call home" functionality built into it, at times for good, at times for worse. McAfee will block outgoing traffic as you tell it to, warn you of it, but you'll have to understand what is warranted and what is not. That is often the part of the learning experience, understanding the traffic. I still have a hard time sorting it all out, but am getting better at recognizing it.
    Thoughts of a newb...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •