nuclear_pond

Hi all.

Ive just installed this firewall utility on my home pc, and have had four hack attempts like the one shown below in 15 mins!!

This programme is 1.7 Mb and I recomend it to anyone accessing the internet via modem etc.

I cant believe its so easy, and wonder how many peep have been on my pc before I got this.

Hanslow

You don't happen to use BT as your ISP do you?

Just that I checked out that IP address and it looks like the BT ISP.

Not that I'm knocking zone alarm, as it is a top product. Just that a lot of ISPs ping you or check to see who is on. I get one from NTL every time I log on.

mega_stream

I can't say I've ever heard of ISP's pinging you see to who's on...
Far more like someone "sniffing" a wide range of IP addresses. Commonly this method is used to check for trojans or backdoors on PC's on the net.

My PC gets hit loads of times, I'm on a permanent broadband connection, no way should any pc be on the net without some sort of personal firewall.

Hanslow

Oops Apologies if I mislead anyone then

I'll stick to watching TV

Agree with mega_stream though....get a firewall, it makes you so much more paranoid, but safe

Ga22ar

'tis certinary not a ping, that would be a ICMP packet - and they dont strictly have ports..

If your on BT Openworld then your probably NAT'ed which means the likelyhood of a scan is small.

Hanslow

Alright then helpful folk (you seem to know a lot more about this than me )

Why is it <I>every</I> time I log on, I get a warning from zone alarm...in this session, from 62.255.173.56 (TCP Port 1443) which when queried on RIPE, <I>always</I> comes back as NTL internet?

I'm confused

carl

If it was a ping, it would be an ICMP request much like the ones I keep receiving from NTL:

The firewall has blocked Internet access to your computer (ICMP Unreachable) from 62.253.128.3.

Occurred: 7 times between 11/10/01 20:15:46 and 11/10/01 21:03:38

The original poster is getting requests on port 80 (HTTP) -- it may be a host looking for a swiss-cheese IIS server or it may be a search engine looking to see if there are any pages. Nothing to worry about. When there's a major virus about like Code Red, expect to get hundreds of these an hour.

Hanslow, OTOH is getting a request on port 1443 which is listed on

Hanslow

Hmmm, all sounds gobble-de-gook to me

Think I'll leave all this to the professionals and just assume it's all doing it's job properly

Please disregard all my posts in this thread Thought I knew what I was saying but seems I was talking a crock of poo. Back to school for me

I'm glad <I>some</I> people know what they are talking about

dsmith

"ICMP unreachable"

is not a ping, that would be "ICMP Echo Request" or "ICMP Echo Reply". ICMP (Internet Control Message Protocol - er I think ) is all part of how wonderful TCP/IP works and contains some very useful and necessary messages controlling how your connection behaves. Unfortunatley some people have found ways to use this to your disadvantage which is why Personal Firewalls are selective about which "type" ICMP packets they block. ICMP unreacable messages occur (under normal circumstances) when you try to reach an IP address which is errm unreachable. The router will helpfully let your PC know that your packet can go no further. They can be used for Denial-of-service attacks, but I would doubt this was an actual attack on you. More like a genuine part of TCP/IP which a slightly paranoid Personal Firewall has decided to block.

Deano

dsmith

Port 1443 seems also to be the management port of "webstar" a web server.

Maybe someone scanning IP adresses for active Webstar servers because they know a backdoor in.

Or a genuine error on someones management configuration

Or there is someone who runs a webstar server on a dial-up link and they managem it from elsewhere and they had your address last time......

OK I don't know

howardb

Anybody running Zonealarm and wanting to know a little more about the warnings may want to look at

BarryK

That's .kheldar's IP address.

He scans the entire WWW every night trying to find a non-laggy Counter Strike server.

He never has though.

carl

<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:<HR>Originally posted by dsmith:
<B>"ICMP unreachable"

is not a ping, that would be "ICMP Echo Request" or "ICMP Echo Reply". ICMP (Internet Control Message Protocol - er I think [/quote]

Yes, I know pings (or PINGs) are ICMP Echos and Echo requests, but I took the firewall message as saying that it had received an echo request and because it is running in 'stealth' mode the remote end has got ICMP Unreachable because the IP address is, er, unreachable.

Mr Footlong

iTrader: (7)

I agree, good piece of software. Bought it a month or 2 ago. By the way, did you get my reply email with that 'special' proggie a while back?


Nick.

nuclear_pond

Thanks to all who relied. It seems that this zone alarm is deffinatley a good idea.

I am on BT internet. I may be imagining it, but seems like my connection is going a little faster too? Could this be possible or is it just fewer people on the net last night (because scooby net was bust )

johnfelstead

I have been using Zone Alarm for a year. I get on average 100 attacks a day. I have given up taking much notice and just let them get blocked.

You should also be looking into these things. I use housecall, it works well.

Online Virus Scanners:
http://www.symantec.com/securitycheck/
http://housecall.antivirus.com/


Ad-Aware:
http://download.cnet.com/downloads/0...0014..dl-63806

This nifty program scans your computer for ad-monitoring software and spyware. These nasty pieces of filth can cause crashes and slowdowns on your computer, and also report personal data back to the programmers. Kazaa and other ad-sponsored programs are well-known for this. Run Ad-Aware to detect and remove these security risks.

First time i ran this i found 156 trojens running on my PC sending my personal details out to web sites. It's scary what's going on in the background you havent a clue about!


[Edited by johnfelstead - 14/10/2001 20:09:09]