Re: Attack Detected




"Al" <albertr@xxxxxxxxxxx> wrote in message
news:cnXhh.1288$X72.515@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
My firewall continually pops up with a little message saying that an
attack to some port was detected. It gives me some numbers (like that's
supposed to mean something to me) that I don't understand. There's a log
with long lists of these "attacks."

Yes, even a personal FW running on a computer will log events. Those events
being logged do not mean your machine is being singled out and attacked in
most cases. The events are unsolicited traffic that is reaching the PFW and
are being blocked by the PFW, which most likely are everyday events that
will happen to a computer that's connected to the Internet. This is
particularly true that events are logged by the PFW on a computer that has a
direct connection to the modem, and therefore, the machine has a direct
connection to the Internet. The personal FW will start going off and
alarming you and most of the time. It's really nothing that's happening,
other than, the PFW is blocking the traffic and popping messages that it's
doing that.


Am I supposed to do something with this stuff? How do I find out who the
attacker is?

Why even worry about it? The PFW is doing its job of blocking traffic that
it's not suppose to let through. If you want to check who it is, then take
the IP and enter it into the Arin WhoIs Search Box
http://www.arin.net/index.shtml. Most likely, it's someone's machine on some
ISP's or even your own ISP's network network that has been infected by a
virus. The virus running on the machine is trying to reach out and find
other machines that are open to attack and infect them.

You are small, small, small potatoes and no one is really coming after small
potatoes.

As you can see, I'm not very experienced with firewalls (except for
shutting them off).

If you don't want to be alarmed by the PFW, then what you should do is put a
cheap NAT router between the modem and the computer, which cost about as
much as that PFW you have running on the machine.

The router is going to block all the traffic/attacks in front of the machine
so that the PFW doesn't start popping messages and events at you, as they
will never reach the computer or the PFW running on it, because the router
is sitting there.

You can even get router that uses Wallwatcher (free). You can watch the
traffic in real time that's not reaching your computer and feel free as a
bird, as you watch the traffic being blocked by the NAT router. You can even
use Arin WhoIs.

http://www.homenethelp.com/web/explain/about-NAT.asp
http://www.sonic.net/wallwatcher/

Duane :)
..


.



Relevant Pages

  • Re: At what point is Sygate too old?
    ... You can get a FW router that ICSA certified and dump the PFW. ... Not if you have more than one computer connected to the FW router. ... And if the machines are sharing resources with a PFW solution enabled ... Just because you have ports open on the firewall it doesn't mean your ...
    (comp.security.firewalls)
  • Re: Software Firewall
    ... It's obviously not wireless and, ... If you're not doing the high risks things with the router like port ... stopping inbound and outbound traffic between LAN to LAN, ... You don't need a PFW period. ...
    (comp.security.firewalls)
  • Re: to PFW or not to PFW
    ... I have a PFW that doesn't have the snake-oil crap in it and turn off the one snake-oil crap that it does have in it -- Application Control. ... While at home and the machines are sitting behind the FW appliance, I don't use any PFWon the machines, which would be the same if I was using a packet filtering FW router that could stop inbound and outbound. ...
    (comp.security.firewalls)
  • Re: At what point is Sygate too old?
    ... You can get a FW router that ICSA certified and dump the PFW. ... Not if you have more than one computer connected to the FW router. ... I don't have any PFW running on any MS machine or FW running on the Linux machine behind the FW appliance. ... And if the machines are sharing resources with a PFW solution enabled with the Networking ports opened on the machines, ...
    (comp.security.firewalls)
  • Re: Block MSN Messenger by router rules (Netgear DG834)
    ... I am using Sygate PFW free on the main machine ... >>was just hoping I could get a solution via the NAT router. ... MSN Messenger ...
    (comp.security.firewalls)