Re: Attack Detected
- From: "Duane Arnold" <Yeah-Don't-bother-@that's-right.BET>
- Date: Wed, 20 Dec 2006 00:57:22 GMT
"Al" <albertr@xxxxxxxxxxx> wrote in message
My firewall continually pops up with a little message saying that an
attack to some port was detected. It gives me some numbers (like that's
supposed to mean something to me) that I don't understand. There's a log
with long lists of these "attacks."
Yes, even a personal FW running on a computer will log events. Those events
being logged do not mean your machine is being singled out and attacked in
most cases. The events are unsolicited traffic that is reaching the PFW and
are being blocked by the PFW, which most likely are everyday events that
will happen to a computer that's connected to the Internet. This is
particularly true that events are logged by the PFW on a computer that has a
direct connection to the modem, and therefore, the machine has a direct
connection to the Internet. The personal FW will start going off and
alarming you and most of the time. It's really nothing that's happening,
other than, the PFW is blocking the traffic and popping messages that it's
Am I supposed to do something with this stuff? How do I find out who the
Why even worry about it? The PFW is doing its job of blocking traffic that
it's not suppose to let through. If you want to check who it is, then take
the IP and enter it into the Arin WhoIs Search Box
http://www.arin.net/index.shtml. Most likely, it's someone's machine on some
ISP's or even your own ISP's network network that has been infected by a
virus. The virus running on the machine is trying to reach out and find
other machines that are open to attack and infect them.
You are small, small, small potatoes and no one is really coming after small
As you can see, I'm not very experienced with firewalls (except for
shutting them off).
If you don't want to be alarmed by the PFW, then what you should do is put a
cheap NAT router between the modem and the computer, which cost about as
much as that PFW you have running on the machine.
The router is going to block all the traffic/attacks in front of the machine
so that the PFW doesn't start popping messages and events at you, as they
will never reach the computer or the PFW running on it, because the router
is sitting there.
You can even get router that uses Wallwatcher (free). You can watch the
traffic in real time that's not reaching your computer and feel free as a
bird, as you watch the traffic being blocked by the NAT router. You can even
use Arin WhoIs.
- Attack Detected
- From: Al
- Attack Detected
- Prev by Date: Re: Sonicwall newbie question...
- Next by Date: Re: Sonicwall newbie question...
- Previous by thread: Re: Attack Detected
- Next by thread: Re: Attack Detected