Is my computer under attack or something?

[Zyph]

ok.....for the past few days I have been getting hits left and right of people who are trying to access my system. My Firewall software stops them, but records when an attempt is made, and I'm getting attempts from every 4-5 min to sometimes attempts as often as every 30 seconds. (from different IPs almost everytime too!)

Can anyone explain this one? How have I suddenly gone from 3-4 every hour (at most) to as much as 30-45 in an hour? The Firewall software sends back no answer, so to them it appears that my system is off-line, but this is getting annoying. There can't be THAT many people running port scan software now checking on who they can hack. does anyone know if I could be targeted by someone? (I'm even getting "ping"s [my software tells me what type of attempt was made] too.)

FYI: I do have a cable modem in case I didn't portray it as such.

For anyone that wants to check out this many IPs, I can send you the Firewall Log.

[Stacy]

Zyph....send it to me....I love this stuff.

[Fu Manchu]

sorry zyph i will stop doin it now ... j/k it ws not me

[sethpa]

Can you say code red?


sethpa

[betenoire]

From what I've gleaned seth pegged it. ZA had ~90 taps on it yesterday...3-4 is normal.

[b-man1]

excellent info in this thread


i asked the same question yesterday.

[Kakarot]

I'm having the same problem... Zonealarm is going nuts with the amount of port 80 scans. I even got like 100 from the same IP addres.. I think it was 24.0.0.103 or something like that. I did a whois on it and its @homes security server! oh well.

[Stacy]

Kak, 24.0.0.203 (last #'s may differ) is NOTHING to worry about..it's only @home snooping to see if you are using newsgroups.

(and I still say ZA sucks....but that's just my opinion)

[Zyph]

It's surprising how many people need firewalls and yet don't use 'em....leaves their systems open and they don't realize what's happenning. But a small observation....I've done a whois on some of these IPs and many are foreign based systems.

I would say some people really need this patch or should update their virus software.....When I went to bed at 3:45am and woke up at 11am, ZA had said I had gotten 500 attempts.....and 500 is ZAs Max! I cleared out the temp list and in less than 3 min got another 7 attempts.

[Stacy]

Zyph, if you want to you can send your log to my email on here.....I can tell ya what you may need to worry about and what you don't. It would give me something to do today. I'm BORED to tears, been up all nite, and NEED something to do...hehe.

[Stacy]

Zyph, YHM.

[Kakarot]

Kak, 24.0.0.203 (last #'s may differ) is NOTHING to worry about..it's only @home snooping to see if you are using newsgroups.

how much snooping do they need to do? I dumped my ZA log into an access table. I then proceeded to sort it and I counted around 300 attempts by that @home IP... all from different ports. Whats that all about? Pretty soon I'm gonna email them and tell em if they keep it up I'll start scanning their ports and consume their bandwidth(which is mine too I guess)....

Actually, my guess was that their server got nailed by this virus and was doing that and then they finally cleaned it up. I mean I can see an occasional scan by them just to make sure you're not running a server, but not 300 of them coming from different ports on their end. But hey, what do I know, I'm only a lowly network admin.

[Stacy]

Sure wish you guys would give up ZA....and after seeing Zyph's log (and seeing that the new version is NO better at logging) I am even more convinced of just what kind of piece of sh!t firewall it is. If you can't take my word for it....do some personal research...hit a few newsgroups and you will see that I'm not the only one out there with the knowledge that it sucks ass.

[tunis5000]

Which one do you recommend Stacy?

[Stacy]

Personally I use ConSeal.....it logs EVERY single connection attempt (I blew a friend away with my log, cuz he thought that it wouldn't show ME trying to connect to HIM on a particular port). It also has a 'learning' mode in which it makes rules as you block or accept, which you can then modify to suit your needs.....

After my reformat I was going to try out @Guard (since EVERYONE I talk to loves it---it does have some features that I would like to try, but are UNNECESSARY for a firewall) and I have just recently heard that the Norton 2001 is also fantastic.....I ended up putting ConSeal back in since I haven't the time to test/configure the others.

Many people DO NOT like ConSeal, and the reason they always give, is that they think it's TOO complicated....well, I started using it when I was a COMPLETE idiot with computers (about 7 months ago) and got the hang of it by actually 'watching' what it was doing and learning about it. A lot of people don't wanna take the time. I find it too damn simple actually and when I hear what people say about configuring @Guard, well to me that sounds like it's A LOT more difficult....(which actually made me wanna try it--and I still intend to once my life settles down a bit)

Anyone interested in any of them, I can hook you up. Just e-mail me. (Not sure the size of Norton, I just dl'd it and can't remember, but if it's too big I can use DC or IRC....I'm NOT installing any other 'chat' type client)

Oh, one other thing I used ConSeal for, was a paging system in combination with UDP Flooder..hehe...a friend and I configured ConSeal to BLOCK IN AND OUT...BUT TO WARN ALWAYS, so as we sent packets it would send out a signal much like a pager...it was soooooooooo cool)