Re: I'm I being targeted?
From: Bill Robins (wmrobins_at_verizon.net)
Date: 08/08/03
- Next message: Wayne McGlinn: "Re: Check Point Firewall - Creating a DMZ"
- Previous message: Wayne McGlinn: "Re: PcAnywhere through Firewall?"
- In reply to: svek: "Re: I'm I being targeted?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 08 Aug 2003 00:37:37 GMT
Here's a little more detail... The IPs being blocked are from sites I've
been to. But the packets did not occur at the correct time, they were
usually a few hours off.
As far as IPv6... I just read a MS Knowledge Base Article (306203) that
says their basic
firewall and Internet Connection Firewall (ICF) can't block IP version 6
traffic. Is this is true for other firewalls/routers and software firewalls
then that update that came along a week or two ago is going to cause some
major problems! EXCEPT, I'm not sure that installing the update, installs
the update. When I do a ping6, it works. (There is IPv6 stuff on my
computer.) Other IPv6 commands tell me I do NOT have the stack installed
yet. So I'm not so sure IPv6 has anything to do with it.
So what I know now is that "something" happened or changed Monday, possibly
causing a lockup of my home DSL and/or router, and/or resulting in outside
traffic (possibly nefarious) getting through to Kerio for the first time.
I decided to get a new router firewall, went to best Buy and picked up a
Netgear FVS318 ProSafe VPN Firewall. So far, things are back to normal.
(But I still think IPv6 is going to make things interesting sooner than
later.)
Bill
"svek" <svek@gmx.net> wrote in message
news:716a970a.0308070609.254f5f22@posting.google.com...
> "Bill Robins" <wmrobins@verizon.net> wrote in message
news:<4P7Ya.11857$602.8516@nwrddc03.gnilink.net>...
> > If they had been occurring, the router stopped them and all the way back
> > into 2001. Why not now. This whole thing started Monday. Until then,
> > nothing ever got through for Kerio to stop. Nothing!
>
> Since they started after you did a reset on the router could the
> router have drop your current configuration and therefore stopped it's
> built in defense?
> You have a few points which actually make it sounds more like a
> network problem than an attack or scan.
> I assume your computers are using private network blocks as
> 192.168.x.x and packets to these adress ranges should not be routed on
> the internet.
> The ports specified are unassigned by IANA which means they are
> probably used as ports by the client side.
> Kerio isn't configured somehow to just accept packets from your
> gateways (router) IP adress? If so when you cycled the power on the
> router and the modem you might have switched gateway IP adress (if
> your ISP is using DHCP that is) and that would make kerio complain
> about the IP adress used.
>
> > Could this have anything to do with the Windows update for the IP stack,
> > (IPv6 ?).
>
> I'm not really familiar with Windows or IPV6 for that matter to be
> able to comment on that.
>
> Try to see if you get these log messages if you stay passive on the
> net or just if you use a web browser etc, this will give you an
> indication on why you get the ACK's nad you should be able to take it
> from there.
> Also take a look at what programs are running and using the net and
> the port ranges using netstat -na from a console.
>
> This should at least give you a bit more info about the problem.
>
> Cheers!
>
> /svek
- Next message: Wayne McGlinn: "Re: Check Point Firewall - Creating a DMZ"
- Previous message: Wayne McGlinn: "Re: PcAnywhere through Firewall?"
- In reply to: svek: "Re: I'm I being targeted?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
