Dr Nick

Hi Everybody!

I have Norton Internet Security (firewall and virus software)

I got it when I got ADSL. This seemed like a good idea. Previously I had no antivirus stuff at all but common sense and possibly some luck had allowed me to never have a virus problem.

The firewall runs in the background all the time.

About twice a day I get a message saying someone tried to attack me with the sub7 trojan.

Is it possible that the software could be genrating false alarms or are these all genuine attacks?

If I did not have the firewall software would they always be successful attacks?

This is an area I know very little about.

However, I have read that there is little point tracing the IP address back to the provider and complaining becuse the IP address is probably faked and the provider will just ignore you. I'd appreciate your comments on this.

There is nothing important on my computer but I take this kind of thing quite personally. I feel that often the best form of defence is attack. I would like to find out who the culprits are and encourage them to stop.

MarkO

Don't take it personally. It's just script kiddies probing random IP addresses for vulnerabilities. It's not meant directly for you, any more than spam is.

Just make sure you've got a half-decent firewall running (Zonealarm does the job nicely) and ignore them.

V5

I have sometimes wondered if this is something I need worry about. I use a work laptop at home with a normal modem connection to freeserve. Should I run some sort of firewall?

MarkO

It's less important if you're on a dial-up connection like freeserve, since you'll be automatically disconnected every couple of hours and when you redial you'll get a new, different IP address.

Mind you, I still have the firewall turned on in XP, just in case.

If you're on a fixed/constant connection (e.g., ASDL) then a firewall is essential.

Dr Nick

Why do ADSL connections get a fixed IP address?

My ADSL behaves just like a dial up. If I leave it alone after 30 mins idle (as set by me) it disconnects.

When I reconnect, will it be the same IP or a different one?

Cheers

MarkO

ASDL should be 'always-on'. Otherwise how would you be able to run, say, a webserver from it?

The IP will be constant per-session, and may even be constant inter-session, depending on the contract you paid for. A permanent fixed IP will usually cost more though.

Who is your ADSL with? Considering one of the raisons d'etre for having ADSL is to have an always-on connection which doesn't drop, it sounds like you're getting a raw deal?

scooby nutter

When i get these buggers trying to probe my computer,as soon as it happens i use a little piece of software which sends something back to them."Ping"their ip addy with data and it slows their connection down

boomer

scooby nutter,

trubble is that if you ping 'em back, they know that your IP address is valid and may snoop some more.

You are better off being stealthy and ignoring it - that way they will get bored and go back to playing with themselves! Hopefully they will go blind before they actually cause any harm

mb

scooby nutter

LOL@boomer

hope the buggers go blind

Jeff Wiltshire

The object of the exercise when it comes to port scans is to pretend to be a black hole....don't give them any information, just drop the packet.....All of the Firewall's that I've seen that are configured to reject rather than drop are the ones that are continually probed/attacked.

As Bruce Schneier says in Secrets & Lies,

When being chased by a Grizzly Bear the object of the exercise is not to out run the Bear.......you just need to out run the person your with !

If you don't give anything away they'll move on it a more tempting target.



Jeff