|
|
| Page 1 of 1 |
javlar
Posts: 1921
Location: Kalmar, Sweden
|
 Posted: Fri, 4th Nov 2005 03:59 Post subject: Intrusion problems |
|
 |
Ok first of all im not sure this should be in general but i dont know where else.
Here is the story.
First a little history: When i moved to my new appartment i got a new ISP called Bredbandsbolaget (BBB) and before that i had used Telia. When i started using BBB i noticed that my firewall was doing alot of work all of a sudden, blocking intrusion after intrusion. It didnt really bother me because nothing (as far as i know) got through.
Fastforward to today:
I havent formatted my computer in over a year and everything has been running great. Then i ordered a new motherboard and a new graphicscard and i thought what the hell, i cant keep my old version of XP with this so i formatted and reinstalled.
Before this my firewall had recorded 30.000 (yes 30k) intrusion-attempts.
So i get into my fresh windows and the first thing i do is start installing Norton. After the installation i reboot. A minute or so into the after-reboot config get suspicious cause Norton shuts itself down twice. I jack the tcp-cable and reboot, config goes through normally. I install my firewall. I reboot and reconnect to the internet, download the updates for both the firewall and Norton. All hell breaks loose. Both programs are warning me about high-level intrusions they are blocking and norton instantly finds a virus (msmnart32.exe) so i start looking at the logs. In the half hour of my fresh install with updated firewall/norton i got over a hundred intrusion-attempts. All blocked now thank god.
Ok so my question is quite simply: Why me?
Because seriously, that amount of attempts within minutes of a fresh install cant be normal can it? And the 30k attempts in just about a year before format seems a bit over the top as well.
My uneducated theory is that the IP i have previously belonged to a server or something alot more important than a poor students private PC.
I tracked the IPs of the most persitant culprits and emailed them to the appropriate ISP:s but that will probably do no good.
Done now i think, give some feedback and personal experiences 
Gaming - Intel Quad Q9450 @ 3.2GHZ | Radeon HD 4870 X2 2GB | SB X-Fi | PC6400 8GB | 300GB Velociraptor
HTPC - Antec Fusion Remote | AMD Athlon 7850 X2 | PC6400 2GB | 74GB Raptor
Server - Athlon 64 X2 4200+ | Radeon HD 3450 | SB X-Fi | PC5300 2GB | 4TB+ total space
XBOX360 Gamertag: javlarmate
|
|
| Back to top |
|
|
SycoShaman
VIP Master Jedi
Posts: 24468
Location: Toronto, Canada
|
| Posted: Fri, 4th Nov 2005 04:35 Post subject: |
|
|
Prolly some lame script kiddies fuckin around with Netbus and the like...
|
|
| Back to top |
|
|
|
|
| Posted: Fri, 4th Nov 2005 10:01 Post subject: |
|
|
to this very day i still get hit by that code red virus that went around a few years ago.
|
|
| Back to top |
|
|
ChinUp
Posts: 5503
Location: 51.7° N ' 1.1° W
|
| Posted: Fri, 4th Nov 2005 11:24 Post subject: |
|
|
NOD32 & a WYSIWYG wall ..
"Most of the change we think we see in life is due to truths being in & out of favor." ~ Frost
|
|
| Back to top |
|
|
|
|
| Posted: Fri, 4th Nov 2005 13:20 Post subject: |
|
|
yeah well BBB is a very well known ISP, everyone knows they provide a lot of ppl with 10mbit and 100mbit line.
That's why all lamers are scanning BBB IP range hoping to find an unprotected computer for exemple to use as a pub to distro warez.
It took me 30 sec and a search in goggle to know BBB IP range is 85.2xx.xx.xx, then you just need a scanner.
Anyway you should not be worried, i think it's just port scan any firewall will block that easily.
|
|
| Back to top |
|
|
[sYn]
[Moderator] Elitist
Posts: 8374
|
| Posted: Fri, 4th Nov 2005 15:06 Post subject: |
|
|
10, 000 people on your ISP.
10, 000 people sending information out to the internet.
10, 000 people you are more connected too than the rest of the net, as your sitting on the same router's they are.
A HUGE amount of that information is sent to your machine due to the nature of some IP protocols, so a lot of those "intrusions" are simply random bits of information from other users which your firewall assumes as an attack.
Another large amount of those attempts are keep alives from your ISP, or other various "ISP SNOOPING" rubish.. again.. nothing to worry about.
Yes, there will be people on your network scanning, probably about 10 out of those 10, 000. They will no doubt be scanning they're IP range, and that includes you. But they don't care about you, your a pleb on the map and you mean nothing.
Then there are the huge numbers of internet based viruses, most of which do scanning of they're own and attempt attacks, this is the rest of the intrusions.
Most firewalls suck, they're over protective, insecure rubish. If you want to be safe do 1 of 3 things.
Build a linux box, and use it as a proxy.
Add a router to your network and use a routing firewall.
Upgrade your OS's security patches and forget about it, because remember, no one cares  .
|
|
| Back to top |
|
|
nouseforaname
Über-VIP Member
Posts: 21306
Location: Toronto, Canada
|
|
| Back to top |
|
|
Phluxed
VIP Member
Posts: 4911
Location: Oakville, Ontario, Canada
|
| Posted: Fri, 4th Nov 2005 17:07 Post subject: |
|
|
I care about all my subjects, for I am god.
|
|
| Back to top |
|
|
|
|
| Posted: Fri, 4th Nov 2005 17:54 Post subject: |
|
|
| Phluxed wrote: | | I care about all my subjects, for I am god. |
you sure are , now come back to bed |
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
SycoShaman
VIP Master Jedi
Posts: 24468
Location: Toronto, Canada
|
| Posted: Fri, 4th Nov 2005 20:15 Post subject: |
|
|
| Phluxed wrote: | | I care about all my subjects, for I am god. |
So why the fuck am i not rich yet? |
|
| Back to top |
|
|
|
|
| Posted: Fri, 4th Nov 2005 20:18 Post subject: |
|
|
|
|
|
| Back to top |
|
|
[sYn]
[Moderator] Elitist
Posts: 8374
|
|
| Back to top |
|
|
| Page 1 of 1 |
All times are GMT + 1 Hour |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB 2.0.8 © 2001, 2002 phpBB Group
|
|
 |
|
