Norton Personal Firewall's recent intrusion attempt message... (1 Viewer)

[AllenD]

How do I verify if, what I think is the TCP IP# (12 digits), is a valid one or a hacker? NPF has reported I've had 8 intrusion attempts and it also shows the most frequent attacker's IP#. Is there a website I can go to or should my ISP help me out on this one? (I had 8 different viruses and had to do a clean install to get rid of them. )

 

[Kevin P]

Can you post the entire text of the message? There's more info in there than just the IP, such as the protocol and port, which tells you what attack was used (if it was an attack in the first place), and so forth.

You can find the info in NIS's activity log.

KJP

 

[Kimmo Jaskari]

Anyone with a permanent connection to the internet will get portscanned as a matter of course, these days. Your ISP will most likely a; be able to do nothing and b; be inclined to not even try.
Even if you provide them with rock solid data that allows them (or you) to backtrack it, they then have to convince the ISP at the other end to take action.
Basically, it's a losing battle. Don't even start tilting at these windmills, is my opinion; you'll get no satisfaction but you will waste hours you could be doing something better with... like watching a movie.
The threat to your machine these days isn't so much from without as it is from within (once you have a decent firewall in place) - if you read mail and accept mail attachments, you are at risk from trojans and viruses. If you don't patch security holes religously as soon as they come out, you are again at (greater) risk - some risk is unavoidable since the "crackers" find the holes before the companies can patch them in many cases.
Basically, my advice is - have firewall software (you do), have updated antivirus software (I assume you do) and go about your life as normal and accept having lowlives "knocking at your door" on a daily basis and let your "butler" - ie your firewall software - tell them to stay the heck out.

 

[AllenD]

Kimmo,
I'm already experiencing what you're talking about. I emailed Earthlink support w/the problem. They in turn suggested I email [email protected]. One second after I sent them the email, I get an automated response stating I sent the email to the wrong address since the subject matter was not in their realm of expertise. Great customer support for the money I pay! I'll try one more time. I'm just glad my firewall and antivirus program are updated and are operating properly. Time to change ISP!

 

[Kevin P]

Allen, I don't think your ISP's going to care, unless someone's attacks are disrupting ISP services themselves (pelt another user to death, they won't care, but bring their website/email server down, and they'll be breathing down your neck!)
If you post the relevant details of your attack, I can at least attempt to explain what happened, and that it's most likely something harmless and annoying. Well, harmless because you have a firewall and no one's gettin' through it!
KJP

 

[Kimmo Jaskari]

Allen, having worked support at an ISP (a small one), I can tell you that it's virtually impossible for even a small local ISP to support users who have problems with port scans and the like. At any given time, there are dozens of users being portscanned by someone or other, or in fact even being attacked by some script kiddie. The latter might be serious enough to try to help curtail, but mere scans are just not "bad enough" to focus tons of energy and time on.

It's also hard to curtail these attacks since, as an ISP, you are selling unfiltered access to the Internet (or as near to unfiltered as you can get, ie the ISP can't unilaterally decide to stop certain forms of traffic on certain ports).

I don't even want to think about the amount of crud floating around at a huge ISP like Earthlink, and the size of their staff if they could help track down scans and other basically non-damaging activities; at least, non-damaging in that they are not direct attacks, more like probes to see if an attack can take place.

Voting with ones wallet is always an option, but I doubt if the vast majority of ISP's will be much more helpful; you may get a more personal response from a smaller one but it will amount to about the same thing, IMHO.