Continuous intrusion attempts

G

Guest

XP/Home/SP2/NIS/NAV-As I type this, I am experiencing continuous intrusion
attempts from a Korean IP address (as in 800 attempts in 20 minutes). After
logging off for a few minutes, the same address is attacking again (with the
same frequency). I am going to report this to the administrative and
technical contacts of the network involved ; but in the meantime, does anyone
know whether this indicates a breach of security, or is my NIS simply doing
its job and simply reporting ? Thanks in advance.
 
D

David H. Lipman

From: "drive55" <[email protected]>

| XP/Home/SP2/NIS/NAV-As I type this, I am experiencing continuous intrusion
| attempts from a Korean IP address (as in 800 attempts in 20 minutes). After
| logging off for a few minutes, the same address is attacking again (with the
| same frequency). I am going to report this to the administrative and
| technical contacts of the network involved ; but in the meantime, does anyone
| know whether this indicates a breach of security, or is my NIS simply doing
| its job and simply reporting ? Thanks in advance.

It is doing its job !

If you are using Cable or DSL Internet access, I suggest getting a Cable/DSL Router such as
the Linksys BEFSR41. It will act as a simplistic FireWall and shift the Korean IP Host from
seeing the WinXP PC to seeing the Router. There are *many* other benefits to using such a
device as well.
 
M

Mike Hall \(MS-MVP\)

As David pointed out, the firewall is doing its job.. however, I would
recommend that you go to your firewall settings and turn off all but the
most important alerts.. you will be driven insane by them..
 
G

Guest

David H. Lipman said:
From: "drive55" <[email protected]>

| XP/Home/SP2/NIS/NAV-As I type this, I am experiencing continuous intrusion
| attempts from a Korean IP address (as in 800 attempts in 20 minutes). After
| logging off for a few minutes, the same address is attacking again (with the
| same frequency). I am going to report this to the administrative and
| technical contacts of the network involved ; but in the meantime, does anyone
| know whether this indicates a breach of security, or is my NIS simply doing
| its job and simply reporting ? Thanks in advance.

It is doing its job !

If you are using Cable or DSL Internet access, I suggest getting a Cable/DSL Router such as
the Linksys BEFSR41. It will act as a simplistic FireWall and shift the Korean IP Host from
seeing the WinXP PC to seeing the Router. There are *many* other benefits to using such a
device as well.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

I'm a relative newbie (7 mos.) and know nothing about a Router. Three questions: Will my Norton firewall not do as well as the Router's simplistic firewall ? Did your links at the end of your reply indicate that a Trojan Horse may already be in place ? My firewall log shows a 48 hr. block of the Unused Windows Services Block Trojan Horse for the offending address (218.152.186.93) . Lastly, at this rate (2500 and counting within the last 45 min.) can a security system be simply overwhelmed ? If any of these questions are naive, please accept my apologies. TIA.
Click to expand...
 
D

David H. Lipman

The idea of the Router is to not burden the PC with having to deal with multiple intrusions
and alerting. The PC is free to do the work you want it to perform. But most important,
and the reason it is called a Router is that it allows up to 253 nodes to share the one ISP
provided Internet address.

The URLs in my signature are just that. URLs in my signature. They are informative for
those who are infected. If I felt the Original Poster (OP) was infected I would have noted
it in the body.

At those numbers, no the PC will not be overwhelmed. However, it is doing work that is
stealing CPU cycles from you and the work you want to perform.
 
L

Leythos

drive55 said:
XP/Home/SP2/NIS/NAV-As I type this, I am experiencing continuous intrusion
attempts from a Korean IP address (as in 800 attempts in 20 minutes). After
logging off for a few minutes, the same address is attacking again (with the
same frequency). I am going to report this to the administrative and
technical contacts of the network involved ; but in the meantime, does anyone
know whether this indicates a breach of security, or is my NIS simply doing
its job and simply reporting ? Thanks in advance.
Click to expand...

I agree with the others in this thread - get a router that provides NAT
and you'll be a lot safer and not see those alerts.

Right now I block more than 50 foreign subnets, some in the /8 range due
to exactly what you are seeing (but my firewall lets me set that up).

If you get a router your PC will only see what YOU (your computer)
connects to, and not the background chatter that you are seeing. One
thing about the router, if you get a Linksys, there is a program called
WallWatcher that can tell you what is happening on your internet
connection with great detail (in/out, source, destination, ports...).

While a NAT Router is NOT A FIREWALL, it's nature (NAT) does limit
inbound connections to only those that YOU initiate.

You can keep your personal firewall application, but it will have little
work to do.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Reporting Hackers 5
Repeated attack attemps by Sokets de Trois v1 trojan 3
need help with system recovery 2
services.exe attempts to connect to 218.87.86.104 3
IE6 can't connect to Google but can connect to many other URLs 2
Checkbox on continuous forms 2
IE6 breaks internet connection 5
Goto Next Record on Continuous Form controlled from another form 1

Top