Re: Prevent determined intrusion attacks ?

From: Carl Holtje (cwh0803_at_cs.rit.edu)
Date: 11/18/03


Date: Tue, 18 Nov 2003 08:09:51 -0500

The *first* thing I would do is put myself behind a hardware firewall..
the Linksys (blatant product endorsement here) routers are the best I've
used...

You need something that blocks connection attempts, not just
connections... the hardware device will take care of this for you, and
then you *almost* don't even need to run anything on your computer...

Additionally, it will be the firewall that gets your ADSL IP address;
your computer will have an IP address like 192.168.1.2 or something...
this further prevents connections as they will not be able to connect to
192.168......, only your ADSL IP...

If you ensure all ports are closed (ie, not forwarding any connections
from the router), you're pretty safe...

FYI, the linksys boxes are router/switch/firewall all in one, so you can
later add systems or whatnot... Look around; these devices are pretty
common so they're not terribly pricey any more...

As for your 5 minute delay; that's about right.. more than likely,
you're part of a net-wide scan and not being targeted directly...
they're just looking for someplace to get in...

Hope it helps..

Carl

Sidhe wrote:
> Hi, bit of a newbie question, but I've had a good search on the groups
> and can't find anything directly on point.
>
> I run a personal computer, Windows XP, use Windows Update
> (reluctantly) with Norton Internet Security 2003 installed and
> updated. I have a broadband ADSL connection. As you will know, NIS
> detects and records instrusion attempts and provides a record of the
> IP address which probed your system.
>
> In the last four or five days I been getting very frequent attacks
> from one source. It's a dynamic IP, based in Israel (although the
> address could be "borrowed") and keeps changing (to get around the
> fact that NIS blocks any particular IP address which triggers an
> alert). I believe it's actually targetting me, rather than being a
> random sweep, because I get my first alert within 30 seconds of
> logging on, and then consistent alerts every 5 minutes or so - similar
> but not identical IP address.
>
> NIS tells me it's blocking the attempts, but, of course, no system is
> perfect. I also noticed when I logged onto my e:mail this morning,
> that Outlook appeared to send an e:mail when I hadn't drafted one, and
> when I checked Sent Items there was nothing there. I'm guessing this
> means I may have already been hacked. There's nothing special on my
> computer, just the usual amount of personal information which I would
> prefer to keep to myself !
>
> Does anyone have any ideas what a reasonably computer literate (but no
> specialist) person can do to deal with this kind of determined attack
> ? I've resorted to unplugging my modem, but wondered if there is a
> better way.

-- 
"There are 10 types of people in the world: Those who understand binary
and those that don't."
$>whoami: Carl Holtje
$>mail holtje: cwh0803@cs.rit.edu
$>cu: http://www.cs.rit.edu/~cwh0803
$>whois holtje:
   System Administrator Group
   Computer Science Department
   Rochester Institute of Technology
$>


Relevant Pages

  • RE: FreeBSD router two DSL connections
    ... >Subject: RE: FreeBSD router two DSL connections ... suppose I'm a small ISP and I go get a ... and blocked by ATT or Sprint, or my peer routers, in the ... >> letsseenow, these are full duplex 'pipes', can ...
    (freebsd-questions)
  • Re: Advanced Linksys routing question...
    ... Will RIP ... to the internet when one of my ISP's goes down? ... >> Linksys BEFSR41 routers handy. ... >> high-speed connections are working) and if one of the connections goes ...
    (comp.security.firewalls)
  • RE: FreeBSD router two DSL connections
    ... >>> connections ... >>Routers route based on dest ... > I source traffic from 192.168.1.x, Sprint ... > then ATT adjusts their ingress filters so I can ...
    (freebsd-questions)
  • Re: Ping FrozenNorth
    ... Irvine Health Affairs Night with the Ducks" on Sunday, ... I think netgear uses admin and linksys uses 1234 or something like that. ... Linksys EtherFast Cable/DSL Ethernet routers: ...
    (alt.2600)
  • Re: Wireless networking for my home xp900
    ... wire very inconvenient for network connectivity. ... Does this give you more robust router capabilities on a Linksys? ... If you are used to a *real* router, the Linksys is pretty lame. ... The static addresses allow me to make telnet or ftp connections without having to go to the console to find out what the machine's address is today. ...
    (comp.os.vms)