Norton Firewall alerts?
18 October 2003, 09:44 PM
#1
After recently installing Norton firewall (already have Norton AV) I keep getting intrusion alerts. The question is are they real or just benign programmes/updates that are being confused as dangerous?
I've looked at the visual tracking, some come from the US and some from Germany but they mean nothing to me. What puzzels me is that I've been active on the net without a firewall for years now, I haven't had any real problems with my data or viruses. So if trojan hourses are now being picked up so frequently now that I have a firewall, what happened before I had one?
F
I've looked at the visual tracking, some come from the US and some from Germany but they mean nothing to me. What puzzels me is that I've been active on the net without a firewall for years now, I haven't had any real problems with my data or viruses. So if trojan hourses are now being picked up so frequently now that I have a firewall, what happened before I had one?
F
19 October 2003, 08:07 AM
#2
Scooby Regular
Join Date: May 2000
Location: MY00,MY01,RX-8, Alfa 147 & Focus ST :-)
Posts: 10,371
Likes: 0
Received 0 Likes
on
0 Posts
Floyd - difficult to say without seeing the logs, but judging by the amount I pick up, I would say that you are seeing random attacks such as port scans and attempts to expolit known Trojan back door virus attacks. Scary isn't it? 
Most of this stuff is run by script kiddies or people who have downloaded one of the many programs available to do port scans etc.
Just as with Av software, you can now get good free firewall protection (Sygate is my personal favourite), so there is no excuse for not having one now.
Make sure you keep you PC patched aswell - there were a number of MS updates issued over the last few days.
Anyone like any IT security consultancy
Chris
Most of this stuff is run by script kiddies or people who have downloaded one of the many programs available to do port scans etc.Just as with Av software, you can now get good free firewall protection (Sygate is my personal favourite), so there is no excuse for not having one now.
Make sure you keep you PC patched aswell - there were a number of MS updates issued over the last few days.
Anyone like any IT security consultancy
Chris
19 October 2003, 06:19 PM
#4
Scooby Regular
Join Date: Sep 2001
Location: Suffolk
Posts: 1,822
Likes: 0
Received 0 Likes
on
0 Posts
I keep getting an alert in Norton Internet Security just about every time I log into MSN Messenger 6:-
A remote system is attempting to access your computer
Threat level = High Risk
Remote address - 64.4.12.201 : 7001
A remote computer is attempting to communicate with a service on your computer.
Even if I say block this action and also tick the box to say block in future I still get the same log when I log into MSN.
Anyone know what this means?
A remote system is attempting to access your computer
Threat level = High Risk
Remote address - 64.4.12.201 : 7001
A remote computer is attempting to communicate with a service on your computer.
Even if I say block this action and also tick the box to say block in future I still get the same log when I log into MSN.
Anyone know what this means?
19 October 2003, 08:39 PM
#5
Scooby Regular
Join Date: May 2000
Location: MY00,MY01,RX-8, Alfa 147 & Focus ST :-)
Posts: 10,371
Likes: 0
Received 0 Likes
on
0 Posts
Problem is Floyd - there are so many people launching these attacks, that it becomes a nightmare to trace. There is no guarantee that the source IP address would be legit anyway (certainly wouldn't be if they anywhere near a half decent hacker).
If you are seeing continuous attacks from a particular source address, you could find out who the ISP is (look up using 'WHOIS' or goto a site such as RIPE. You could then email the ISP to advise them of the abuse, but there is no way of telling whether this will work.
I would be glad that you firewall is doing its job and stopping this stuff. Not much more you can really do. I wouldn't advise launching return attacks, unless you really know what you are doing. I've worked with people who do this kind of stuff and it is pretty scary. There are some very clever/nasty people out there, who you really don't want to cross...
As regards port 7001. It could be a legitmate service called 'AFS' - this is a distributed filesystem, that allows the efficient sharing of filesystem resources. However, it could also be related to a known trojan program called 'Freak 88' - this also uses port 7001. This is why your Norton FW is flagging it. Unless you use AFS, I would consider it to be dodgy.
Right, that'll be 1 hours consultancy (min fee ) $300 please
Chris
[Edited by Chris L - 10/19/2003 8:43:22 PM]
If you are seeing continuous attacks from a particular source address, you could find out who the ISP is (look up using 'WHOIS' or goto a site such as RIPE. You could then email the ISP to advise them of the abuse, but there is no way of telling whether this will work.
I would be glad that you firewall is doing its job and stopping this stuff. Not much more you can really do. I wouldn't advise launching return attacks, unless you really know what you are doing. I've worked with people who do this kind of stuff and it is pretty scary. There are some very clever/nasty people out there, who you really don't want to cross...
As regards port 7001. It could be a legitmate service called 'AFS' - this is a distributed filesystem, that allows the efficient sharing of filesystem resources. However, it could also be related to a known trojan program called 'Freak 88' - this also uses port 7001. This is why your Norton FW is flagging it. Unless you use AFS, I would consider it to be dodgy.
Right, that'll be 1 hours consultancy (min fee
) $300 please Chris
[Edited by Chris L - 10/19/2003 8:43:22 PM]
Trending Topics
Thread
Thread Starter
Forum
Replies
Last Post
smunns
Dealer and Third Party Supplier Queries
5
14 September 2015 08:08 PM