Invelos Forums->General: General Discussion |
Page:
1  Previous Next
|
|
question on internet security, firewall. |
|
|
|
|
|
| Author |
Message |
| Registered: March 13, 2007 |  Posts: 1,380 |
| | Posted: | | | | Wondering if anybody could tell me if this is something i should care about. My firewall has reported about 400 alerts in the past few hours. Most were something like "Inbound TCP connection attempt" (small threat so only shows on the log), then there were some serious threats: "Fin Scan" and "nmap TCP scan". Should i like, care, about that? The firewall has blocked them, but if it didnt, i woudnt really know. Just got 50 more alerts while typing this message  The reason why i'm asking, is cause i've never had so many. | | | | Last edited: by whispering |
| | Registered: March 13, 2007 |  Posts: 315 |
| | Posted: | | | | Some user (probabaly a customer of your ISP, but not necessarily) is doing a port scan to your computer, either to all ports or some selected ones only. 99% sure it's what is called a range scan, i.e., the guy responsible fo it just selects a range of IP addresses (in this case, belonging to your ISP) and lets the scanning software do port scans to all computers inside that address range trying to find one that's vulnerable/unprotected. They were quite popular a few years ago, but nowadays ISPs usually have software running in their network that detects that kind of behaviour from a costumer and he'll probably get a "friendly" email warning. If your firewall detected it, it's a good thing, it means it's working and protecting you against it  Edit: If it's getting annoying, just take your connection down and then back up after a few minutes in order to to try to get a different IP address (hopefully outside the range the guy is scanning) | | | | With every passing hour our solar system comes forty-three thousand miles closer to globular cluster M13 in the constellation Hercules, and still there are some misfits who continue to insist that there is no such thing as progress. | | | | Last edited: by Skywatcher |
| | Registered: March 13, 2007 | | Posts: 1,380 |
| | Posted: | | | | ^^ Thank you very much for the info  ...so far 1000 alerts. I tryed closing my router for 20 seconds, ill try to close it again for few minutes. |
| | Registered: March 15, 2007 | Reputation:  |  Posts: 5,459 |
| | Posted: | | | | Remember to completely close your connection down. In order to get a new IP address I have to actually unplug my cable modem from the mains and wait a minute or two before plugging it back in. Obviously your connection may be different |
| | Registered: March 13, 2007 |  Posts: 93 |
| | Posted: | | | | Skywatcher has pretty much explained whats happening already... There are some software firewalls that let you see what IP address the scan is coming from. If you can check on it, see if its the same address over and over, you can then either block it or even try to contact your ISP and make them aware of this, I am sure if its one of their customers they'll take care of it real quick! You also mentioned using a router, you can block either certain IPs or check on the ports that are open and you might be vulnerable to. Close all the ones you dont need  If you have DSL or need to sign in to access the internet, just restart the connection or shutdown modem and router. Certain cable connections might be more tricky (if you dont have a static ip address) sometimes just shutting off the modem or resetting it, doesnt do the trick, because your ISP will take care of it automatically, if its getting to annoying you can call them up and ask for an IP change as well. | | | | - Life is just a form of animated death. |
|
|
|
Invelos Forums->General: General Discussion |
Page:
1 Previous Next
|
|
|