Intrusion attempts from the internet.

  • Thread starter Thread starter Bill & Debbie
  • Start date Start date
B

Bill & Debbie

Recently there have been a lot of intrusion attempts on my computer.
Norton's firewall has prevented the intrusions. The same IP addresses keep
making the attempt over and over again. Is there something I can easily
change in my system that will change my identity so that the same intruder
will have to find me all over again.

I don't know if my question makes sense or not. But, thanks in advance for
any help,
Bill
 
Bill & Debbie said:
Recently there have been a lot of intrusion attempts on my computer.
Norton's firewall has prevented the intrusions. The same IP addresses
keep making the attempt over and over again. Is there something I can
easily change in my system that will change my identity so that the same
intruder will have to find me all over again.

I don't know if my question makes sense or not. But, thanks in advance
for any help,
Bill
Click to expand...


How do you connect to the internet?
 
Recently there have been a lot of intrusion attempts on my computer.
Click to expand...

What makes you come to that conclusion?
Norton's firewall has prevented the intrusions.
Click to expand...

Norton's firewall tell lots of nonsense.
The same IP addresses keep making the attempt over and over again.
Click to expand...

Possible, but not likely. You need to investigate further what it is
(what ports etc.) Could just as well be obsolete traffic related to
your own P2P apps like Skype or something like that.
 
Straight Talk said:
What makes you come to that conclusion?
Click to expand...

Norton tells me an attempt has been made and blocked. I've used Norton for
several years and has never happened until the last couple of weeks.
Norton's firewall tell lots of nonsense.


Possible, but not likely. You need to investigate further what it is
(what ports etc.) Could just as well be obsolete traffic related to
your own P2P apps like Skype or something like that.
Click to expand...

Example:
Risk Name: MSRPC Malicious LSASS DS Request BO (1)
Risk Level: High
Default Action: Block
Action Taken: Block
Attacking Computer: 66.153.243.88.2089
Traffic Description: TCP, 2089

Thanks in advance for any help,
Bill
 
in message
...

DSL
Click to expand...

Okay, so does your host's network card or port connect directly to the
DSL modem? Or is there a router in between? If you have a router even
with a simplistic firewall then it will get rid of the unsolicited
intrusion attempts (i.e., CPU cycles are wasted at the single-purpose
router rather than wasiting CPU cycles on your general-purpose
computer).

It is highly likely that those same IP addresses for the source host are
not just targeting you. They are scanning a range of IP address so even
if you changed the IP address of your computer (or WAN-side of your
router) they would still hit you since you will still probably be within
their scan range. When you change your IP address, the intruder WILL
find you all over again and do so immediately.

So have you reported the intruder to the owner of the IP address (the
ISP owns the IP address, not the user)?
 
in message
Risk Name: MSRPC Malicious LSASS DS Request BO (1)
Risk Level: High
Default Action: Block
Action Taken: Block
Attacking Computer: 66.153.243.88.2089
Traffic Description: TCP, 2089
Click to expand...


Them:
Intruder's IP address = 66.153.243.88
Reverse DNS = 88.243-net.sccoast.net
Lookup = http://www.dnsstuff.com/tools/whois.ch?ip=66.153.243.88

You:
Your IP address (from headers of your post) = 66.153.241.40
Reverse DNS = 40.241-net.sccoast.net
Lookup = http://www.dnsstuff.com/tools/whois.ch?ip=66.153.241.40

Same ISP is listed for both. So call up your ISP and tell them they
have a user that is scanning their network. This likely violates their
terms of use regarding abuse of their network (i.e., hacking attempts).
Scanning an ISP's network is almost guaranteed to get the offending
account disabled or terminated. Make sure that "them" is not "you", as
in you have 2 hosts and your ISP is allocating you 2 IP addresses and
the other one is your first host trying to connect to your second host.

Since my router's firewall takes care of these unsolicited connect
attempts, my software firewall never sees them.
 
Norton tells me an attempt has been made and blocked.
Click to expand...

So Norton blocked it (did what it was supposed to do) but still found
a need to brag about it. That's typical for personal firewall's
wanting to make themselves look valuable.
Example:
Risk Name: MSRPC Malicious LSASS DS Request BO (1)
Risk Level: High
Default Action: Block
Action Taken: Block
Attacking Computer: 66.153.243.88.2089
Traffic Description: TCP, 2089
Click to expand...

I assume they are random attacks from an infected machine in your
network neighborhood. Installing a broadband router will silence
Norton and spare you the worries.
 
Back
Top