Aces High Bulletin Board

General Forums => Hardware and Software => Topic started by: ygsmilo on March 01, 2003, 09:23:25 PM

Title: Firewall alerts.
Post by: ygsmilo on March 01, 2003, 09:23:25 PM

Recently my Norton firewall has been picking up more probes of my system. It logs the IP of the attacker.

My question is should I report the attacker to my ISP ?

I have no filesharing programs on my PC that I know of.

Title: Firewall alerts.
Post by: Siaf__csf on March 02, 2003, 03:46:45 AM

If the probes you see are Netbios queries (trying to access shared resources on your computer) then you should report it. Not because someone might try to hack in your box, it's because this person sending the queries probably has a nimda virus or similar in his computer and needs it to be cleaned up.

ISP:s are fairly active in these matters (at least here) so send them a mail with a screenshot of the firewall logs or alert screens.

Title: Firewall alerts.
Post by: Vladd on March 02, 2003, 06:37:49 AM

Norton makes me wonder.

I get attacks logged by the Backdoor / Subseven trojan almost every day.

I have a hard time believing that the intenet is so dangerous to my PC - in fact I'd almost suspect Norton is trying to convince me of it's own importance.


Vladd

Title: Firewall alerts.
Post by: Siaf__csf on March 02, 2003, 06:48:01 AM

Vladd those probes are people who use automatic scanners to scan the ip ranges. They scan your computer for backdoors and if it responds, you'll become a loveslave for a dos network. Or filesharing.. :)

Title: Firewall alerts.
Post by: Vladd on March 02, 2003, 07:09:34 AM

So is that someone checking to see if I have the trojan on my system already -  and if I don't, it's no threat? Or is it someone trying to plant the trojan software onto my PC?

I'm only curious as I used my present PC on the net for almost a month before I set up the firewall. Norton's alerts are so frequent they make me wonder how I survived ;)


Vladd

Title: Firewall alerts.
Post by: Siaf__csf on March 02, 2003, 08:04:03 AM

Yeah those are just probes. No need to worry unless you got yourself a backdoor.. The firewall will catch that too however.

The average user is not interesting enough for the real hackers to work on them, they only get harassed by script kiddies who use programs someone smarter wrote for them.

They think playing with network security is cool, up untill the day they get caught.

Title: Firewall alerts.
Post by: Skuzzy on March 02, 2003, 08:24:57 AM

Actually, NetBIOS probes may be completely innocent.  It depends on how your ISP has setup the network.

If you are on an IP subnet that has someone else running with "File and Printer Sharing" enabled, it is normal to see NetBIOS (ports 13x) probes, unless your ISP has taken the time to block those in the router.
These are easily identified as they will contain the same base IP address of the subnet as yours.

If your ISP is competent, they would be blocking ports 13x from accessing thier clients from the Internet.  However, I fond many ISP's don't bother with that type of security precaution.
Complain to your ISP about 13x probes.

Title: Firewall alerts.
Post by: CavemanJ on March 02, 2003, 09:20:19 AM

You can go to grc.com (http://grc.com)  and go to the Shields Up area and check to see where your box is vulnerable.  Click a button and they'll probe ya and give a read out of what's open.