Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
why do I keep getting netbios attacks every few minutes while I am connected to the internet?
its driving me crazy and I want to know how to stop it if possible. I have no open ports on my machine nor am I running any sort of service.
also they seem to be comming from the same general groups of IP's always starting with one of these three the most:
20x.xxx.xxx.xxx
6x.xxx.xxx.xxx
8x.xxx.xxx.xxxand most of them are trying to access ports
in the 1000's IE 1024 1029 1031 etc. but others try on higher port numbers in the 60,000's.can someone explain what is happening and why? this happens continusly while on the internet every couple of minutes, funny thing is, it hardly happens at all late at night or on the weekends.
I've watched it long enough to notice that i hardly get hit at all late fridays and all day saturday and sunday, but first thing monday morning its back again... like clockwork. any ideas anyone?
If they are not "Alerts" but just stuff you are reading in your firewall log then I wouldn't waste time on them. Thats what your firewall is for. I've long since stopped log watching.
I don't know these particular ones but if you look at firewall logs you get constant attempts which are often just pings. My log fills in no time, if I decide to look at it.
Run the checks at all of these websites:
You should get green ticks (stealth) on all of them, which means you cannot even be seen.
The Exploits tests on "one of them(?)" are more a check on how your Windows/IE updates are fairing. If it fails when selecting "all" then you go through them one at a time to see which one(s) are faulty.
If you type Qfecheck.exe in the Run box it will give an idication of the update state and show any that are invalid (in red).
Derek.W
0 
They are what Zone Alarm calls "alerts" but I have run the shields up check and nothing shows in red just lots of green.
Some of the others I cant use because I don't have IE on my machine. and my version of windows explorer is to old for alot of these types of tests, but I refuse to use IE! lol
Thanks for your help Derek, I am probably just worring too much about something I cant change.
0
Hey Odie. Hey Derek.
Derek, remember my port scan dilemma? Much similar to his, except mine were coming from IP addresses within my ISP. It was relentless. The problem was a worm infected PC within my ISP range looking for others to infect. Oh well, I finally decided to install a router. $49 D-Link at Office Max...easy to set up. (You can find all different types and prices). No more alarms from ZA whatsoever, except when my DHCP server wants a new IP (I need to configure that one so it'll stop asking).
Just a double layer of protection...plus calms the mind a bit, and reduces paranoia. LOL!
Sick computers don't ask for drugs or work excuses.
0
hey Janet thanx! that helps me understand it a little...
I woner if mine is the machine thats infected?
probably not.Im on a dialup (phone line), so a router wouldn't do me any good would it?
there are 3 computers tied to this internet connection thru netcards if that matters atall.
0
I doubt you are infected from what you say. As Janet said it might well be other infected machines looking for ways in. I'm a bit out of touch with ZA, haven't used it for years.
There is obviously no harm updating and running virus checker, Ad-Aware, and SpyBot Search & Destroy. The last two are good ones to have on board if you haven't already.
I don't want to lumber you up but this is a good free Trojan finder:
A2FREE - JUST DOWN PAGEI'm not a Networks type so can only say that is another possible way in.
Derek.W
0
OK...now I have to be honest. I do not know very much about networking. I just use the router as a firewall on a single PC. (DSL connection). I'm just in the beginning stages of learning networking.
If you're PC was infected, I'd be suspicious of outgoing data, rather than incoming port scans. As far as the "skipping weekend" goes, not sure, but read once where hackers will do slow port scans if they're scanning...say...a bank...LOL. They want to be inconspicuous, so they do it during working hours. Lots less noticible than on a Friday night or weekend if you catch my drift. Administrators catch this stuff quicker.
Not sure about dialup/router. However, there are many intelligent helpers on this board who will answer this one.
Good luck Odie!
:O)Sick computers don't ask for drugs or work excuses.
0
thank you both!
Janet:
Networking is a bit overwhelming at first, but after reading about it and messing with it in no time you'll have it down. Best to read as much about it BEFORE you set it up on your system, as there are alot of things that must be "just right" to work correctly. I'm by no means an expert at anything, I just take it one thing at a time as I need it.
Thanks again for your help! ;)
0
No problem. I try to help when I can. People here have helped me tremendously.
Have a nice day.
:O)Sick computers don't ask for drugs or work excuses.
0
I have Networking For Dummies all-in-one Desk Ref. The first few chapters have been kinda boring...talking about all the topologies, protocols and standards. UGH! I wanna understand TCP/IP better before I move on. It's starting to sink in *a little bit*.
I still wonder if you can use a router with a dialup? Wouldn't that be cool?
Even though I know there are vulnerabilities with any firewall if it's misconfigured, there's still a sense of peace with the ZA alerts disappearing after the router install. I guess the packets are getting dropped before they get to my PC.
Still, however, hackers/crackers are intelligent. With all the firewalls out there, they are now exploiting something we allow to connect to the internet...our browsers. Ppppppbbbbblpb! They tend to stay one step ahead. I mean DANG...You wanna reeeeally get paranoid? Read about rootkits. LOL
Regarding IE...I understand how you may feel. However, to get the good online scans, it's hard to use Firefox or Opera, as they are disallowed most of the time. I know being on a dialup, and having to download that "big fat file" for IE6-SP1...whew...might take some time. Get a copy from your ISP, install it, update it, and use it for some of these online scans as Derek referred to. I use all 3 browsers. There are vulnerabilities in all of them. As a matter of fact, the crackers/hackers are now looking for holes in Firefox. There's been a great deal of discussion recently on this board regarding this.
http://computing.net/security/wwwboard/forum/15431.htmlGood luck Odie.
Sick computers don't ask for drugs or work excuses.
0
well I do have IE6 on one computer in the rec room for other peeps to use that no nothing else, but for speed reasons and ad blocking I use Firefox on my main machine. Ive got the registry so tweaked on mine that most microsft stuff wont even run at all, the cookies and history, temp file index.dat files are all readonly and empty and several other things (dont ask why).
The jerks that hack will always chase the most used nomater what it is, its sad that they dont have anything constructive to do with their lives other than to make the rest of us stronger! :-)
I am only a little bit paranoid ;-) well I geuss more than a little! but I really have no reason to be because there isnt alot of crutial information on my machines but its always nice to watch and keep an eye out, and its fun. I used to use Opera about a year and a half ago and got sick of the giant ad on the top and non customizable buttons and such so Ive been kinda faithful to Firefox for the most part.
I think you pretty much nailed it when you said its other machines with junk looking for a bunny to infect.
I couldnt sleep (chronic insomneia) sp? and couldnt think of anything todo so I eplied to this one last time. thanx again, goodnight.
0
"there are 3 computers tied to this internet connection thru netcards if that matters atall."
Are all these machines connected and running from Friday night until Monday morning?
I think it matters.
Bryan
0
I have a reason to be paranoid. I was hacked in '95. I knew nothing about computers at that time. I work in healthcare. I accepted a game called Whackamole from somebody in a chatroom..hehe..that had the Netbus trojan embedded in it. I'm glad it happened, though, because that's when I became interested in computers. It's been fun, and challenging ever since. I do know that we are never 100% safe. I just try to take as many precautions possible.
Hey Bryce, what do you think's going on with odie's PC?
Sick computers don't ask for drugs or work excuses.
0
They are all running (turned on) all the time, but as far as conected to the internet there are two that are more than the other. The one in the rec room gets used alot more during the weekend, and mine is used more then also. During the week when any of them are connected there are more attacks nomater what machine(s) are running or connected.
I'm not sure but I think he is trying to weed out the possibilty of something on one of the other machines as the cause. I have tried shuting down all but this one and watching to see if theres a difference but there doesn't seem to be other than what time of the week it is, wich is really bizzare to me.
This machine is usually connected most of the time all day every day (but not always) and if it isn't the others use it and its modem to connect anyway as they are all tied to this one through old round style network cables and when they go online even if mine is not it dials using my machines modem through the ICS.
0
Hopefully, he will come back and let us know. The networking stuff's over my head.
Sick computers don't ask for drugs or work excuses.
0
well I think ive narrowed it down some...
during the week when I dial the internet I am assigned an ip addy of:
4.253.xxx.xxxand on the weekends for some reason they asign me an ip addy of:
4.227.xxx.xxxso it must be something at or in sbcglobal's 4.253.x.x group or something there or them. I know that makes no since, Im hoping one of you can explain it better with what little info I just posted.
when I am connected and assigned a addy of 4.227.xxx.xxx I hardly never get a attack.
can one of you tell me what they are doing or why this is? and also why they would assign different nubers to me on the weekends?
I could ask them but I wouldnt get a real person or a answer that would make any since out of them so its not worth calling them only to talk to someone from india that doesnt have the answer if its not on their sheet in front of them. lol!
any ideas?
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
