I DID IT! Achieved security perfection! - Page 3

TCM · 10-10-2004, 01:15 PM

Quote:

Originally Posted by switch

he must have a row with his wife or girlfriend and steams off here at ABXZone.

haha, don't you know, since i post on internet forums and usually know what i'm talking about, i can't have a wife or girlfriend. :P

PCBruiser · 10-10-2004, 01:17 PM

ENOUGH! I don't want this to degenerate further and start having to delete posts on this thread.

Endaar · 10-10-2004, 02:28 PM

TCM, your problem here is you're looking at this from the perspective of blocking ICMP within an autonomous system. I am perfectly aware that ICMP includes redirects, host not reachable, etc. None of that has any meaningful effect on a SOHO user with a couple of machines connected to a broadband router.

You can debate if it has any impact on security, but there's certainly no harm in disabling WAN-side pings.

Endaar

Deer Slayer · 10-10-2004, 04:51 PM

No offence Finalheaven, but there's no such thing as perfect security, especially not on the internet. I'm not about to start a rant like TCM, but even though he was rude about it he does have a lot of valid points. It's not that if they can't ping or get a response they can't hack, it's that whatever automated software they have looking for things to hack doesn't find you. Stealthing has it's advantages and disadvantages, so does blocking all icmp. What you've got to do dictates how you set up your security. I don't keep anything serious on my puter so I don't have all the security stuff some people do. I have just enough to keep from getting hosed by day to day use on the internet. If I had something to protect I'd probably be anal about it, but my puter is pretty much for entertainment and fixing other puters. If I get hosed, I slap in my removable hard drive, and restore an image. Big deal, I lost a few downloads! As far as stealthing and disabling icmp goes, I did notice less garbage headed my way since I did that. When I do need icmp and pings I turn it back on in the firewall. When I forget to turn it back off it never fails, I get and incoming echo request in the log followed by a port scan from the same ip. I'd much rather have it disabled for day to day stuff.

Finalheaven · 10-10-2004, 11:13 PM

Quote:

Originally Posted by TCM

the problem? this thread.

how i got here? check the register button. you must know it since you're here as well so i don't understand the question.

and what do you mean, the type you want to be safe from? my arrogant part will never go away when faced with utter bull**** and fake knowledge. deal with it. in case you don't know what i mean, allow me to refer to the thread subject again. mind you, i'm only trying to oppose the subject and statements, not anyone personally.

Actually, I set the bar for my own security perfection. It was merely to stealth all my ports. I did that, hence my statement is correct. I achieved my own personal goal. Regardless, your validity doesn't justify your attitude. You know what I'm saying to you, yes?

Game, Set, Match.

*Fraoch* · 10-11-2004, 01:01 AM

Quote:

Originally Posted by PCBruiser

Fraoch. I hope you have kept the firewall logs, because I would report that attacker in the harshest possible polite terms to their ISP. And I would also check to see if that IP is also recorded on MyNetwatchman and DShield to add that info to your report to the ISP.

<smacks forehead> Oh man, NOW I know what's going on! That IP is the www.grc.com site!

It suddenly dawned on me that GRC mentions their IP before they do any scan, and that CC mentions that if you do the GRC scan, CC will log it as malicious activity. I went to GRC's site several times to test out the CC box.

Sure enough, the IP address falls within their range.

So I don't actually have some crazed script kiddie in Englewood, CO after me.

See, I've never been able to find out these things before so this is all new to me. GRC scans before I got the CC box didn't yield any logs with my last setup.

Outside of the massive amount of activity from that IP then, there's really only a ping or two and one 8080 port scan from a BellSouth subscriber.

Alpine · 10-11-2004, 05:16 PM

Quote:

Originally Posted by PCBruiser

and the number of serious attacks that I have seen in the last few months has dropped dramatically from 40 - 50 per day to 2 - 3 per day at this point.

What evidence do you have that you had a serious attack? Was it from your router log? Could you list some instances from your logs that indicate there was an attack attempted?

PCBruiser · 10-11-2004, 05:28 PM

Quote:

Originally Posted by Alpine

What evidence do you have that you had a serious attack? Was it from your router log? Could you list some instances from your logs that indicate there was an attack attempted?

I have my SonicWALL set to send me an email with every serious attack. I generally delete them after contacting the attacker's (or in many cases these days, zombie's) ISP. I also get a weekly download of my router's logs. The most common attacks these days are Port Scans, SubSeven's and NetBus attacks. More serious ones, such as DOS, etc. are rarely seen by a SOHO. Here is a recent example of a Back Oriface attack report from my router (note: my IP addresses deleted:

10/05/2004 23:00:57.576 - Back Orifice Attack Dropped - Source:64.214.103.201, 39033, WAN - Destination:xxx.xxx.xxx.xxx, 31337, WAN

Another SubSeven:

10/06/2004 09:24:00.480 - Sub Seven Attack Dropped - Source:68.81.172.128, 1028, WAN - Destination:xxx.xxx.xxx.xxx, 27374, WAN

A Port Scan:

10/03/2004 15:33:27.080 - Port Scan Dropped - Source:68.82.70.30, 3238, WAN - Destination:xxx.xxx.xxx.xxx, 5000, WAN - TCP scanned port list, 1025, 6129, 3410, 5554, 1433

And a NetBus:

10/04/2004 01:59:05.176 - NetBus Attack Dropped - Source:68.75.47.48, 1961, WAN - Destination:xxx.xxx.xxx.xxx, 12345, WAN

I picked different ones just to illustrate the variety.

Alpine · 10-11-2004, 05:34 PM

Interesting. Who is your ISP might I ask?

I'm also located in SE PA (near Philly) but I've yet to see any attacks listed in my router log. Maybe it's just a matter of time.

PCBruiser · 10-11-2004, 05:35 PM

ISP = Comcast. And you might check your router's settings to make sure that all your logging features are set up correctly.

BTW, near Philly also - in the Main Line (Chester County) towards Lancaster.

azproc · 10-11-2004, 05:39 PM

Check it out since this morning (my D-Link DI704P Router) I also have Norton Internet Security 2004 Pro, but I'll keep that out this post:

Monday, October 11, 2004 5:29:13 PM Unrecognized access from 84.226.106.208:137 to UDP port 137
Monday, October 11, 2004 5:29:19 PM Unrecognized access from 69.158.32.225:3481 to TCP port 135
Monday, October 11, 2004 5:29:22 PM Unrecognized access from 69.158.82.52:2756 to TCP port 135
Monday, October 11, 2004 5:29:22 PM Unrecognized access from 69.158.32.225:3481 to TCP port 135
Monday, October 11, 2004 5:29:24 PM Unrecognized access from 69.158.82.52:2756 to TCP port 135
Monday, October 11, 2004 5:29:33 PM Unrecognized access from 69.158.3.161:2846 to TCP port 2745
Monday, October 11, 2004 5:29:34 PM Unrecognized access from 69.158.3.161:2847 to TCP port 2082
Monday, October 11, 2004 5:29:34 PM Unrecognized access from 69.158.3.161:2849 to TCP port 135
Monday, October 11, 2004 5:29:34 PM Unrecognized access from 69.158.3.161:2850 to TCP port 1025
Monday, October 11, 2004 5:29:34 PM Unrecognized access from 69.158.3.161:2851 to TCP port 445
Monday, October 11, 2004 5:29:34 PM Unrecognized access from 69.158.3.161:2853 to TCP port 3127
Monday, October 11, 2004 5:29:34 PM Unrecognized access from 69.158.3.161:2855 to TCP port 6129
Monday, October 11, 2004 5:29:34 PM Unrecognized access from 69.158.3.161:2856 to TCP port 139
Monday, October 11, 2004 5:29:34 PM Unrecognized access from 69.158.3.161:2857 to TCP port 1433
Monday, October 11, 2004 5:29:34 PM Unrecognized access from 69.158.3.161:2858 to TCP port 5000
Monday, October 11, 2004 5:29:34 PM Unrecognized access from 69.158.3.161:2859 to TCP port 80
Monday, October 11, 2004 5:29:36 PM Unrecognized access from 69.158.3.161:2846 to TCP port 2745
Monday, October 11, 2004 5:29:36 PM Unrecognized access from 69.158.3.161:2847 to TCP port 2082
Monday, October 11, 2004 5:29:36 PM Unrecognized access from 69.158.3.161:2849 to TCP port 135
Monday, October 11, 2004 5:29:36 PM Unrecognized access from 69.158.3.161:2850 to TCP port 1025
Monday, October 11, 2004 5:29:36 PM Unrecognized access from 69.158.3.161:2851 to TCP port 445
Monday, October 11, 2004 5:29:37 PM Unrecognized access from 69.158.3.161:2853 to TCP port 3127
Monday, October 11, 2004 5:29:37 PM Unrecognized access from 69.158.3.161:2855 to TCP port 6129
Monday, October 11, 2004 5:29:37 PM Unrecognized access from 69.158.3.161:2856 to TCP port 139
Monday, October 11, 2004 5:29:37 PM Unrecognized access from 69.158.3.161:2857 to TCP port 1433
Monday, October 11, 2004 5:29:37 PM Unrecognized access from 69.158.3.161:2858 to TCP port 5000
Monday, October 11, 2004 5:29:37 PM Unrecognized access from 69.158.3.161:2859 to TCP port 80
Monday, October 11, 2004 5:29:40 PM Unrecognized access from 69.158.65.25:1415 to TCP port 135
Monday, October 11, 2004 5:29:43 PM Unrecognized access from 69.158.3.161:2851 to TCP port 445
Monday, October 11, 2004 5:29:43 PM Unrecognized access from 69.158.3.161:2850 to TCP port 1025
Monday, October 11, 2004 5:29:43 PM Unrecognized access from 69.158.3.161:2849 to TCP port 135
Monday, October 11, 2004 5:29:43 PM Unrecognized access from 69.158.3.161:2847 to TCP port 2082
Monday, October 11, 2004 5:29:43 PM Unrecognized access from 69.158.3.161:2846 to TCP port 2745
Monday, October 11, 2004 5:29:43 PM Unrecognized access from 69.158.3.161:2859 to TCP port 80
Monday, October 11, 2004 5:29:43 PM Unrecognized access from 69.158.3.161:2858 to TCP port 5000
Monday, October 11, 2004 5:29:43 PM Unrecognized access from 69.158.3.161:2857 to TCP port 1433
Monday, October 11, 2004 5:29:43 PM Unrecognized access from 69.158.3.161:2856 to TCP port 139
Monday, October 11, 2004 5:29:43 PM Unrecognized access from 69.158.3.161:2855 to TCP port 6129
Monday, October 11, 2004 5:29:43 PM Unrecognized access from 69.158.3.161:2853 to TCP port 3127
Monday, October 11, 2004 5:29:43 PM Unrecognized access from 69.158.65.25:1415 to TCP port 135
Monday, October 11, 2004 5:29:53 PM Unrecognized access from 69.158.69.39:4000 to TCP port 135
Monday, October 11, 2004 5:29:56 PM Unrecognized access from 69.158.69.39:4000 to TCP port 135
Monday, October 11, 2004 5:30:01 PM Unrecognized access from 81.32.238.229:137 to UDP port 137
Monday, October 11, 2004 5:30:05 PM Unrecognized access from 81.32.238.229:137 to UDP port 137
Monday, October 11, 2004 5:30:06 PM Unrecognized access from 69.158.163.126:2173 to TCP port 3127
Monday, October 11, 2004 5:30:09 PM Unrecognized access from 81.32.238.229:137 to UDP port 137
Monday, October 11, 2004 5:30:09 PM Unrecognized access from 69.158.163.126:2173 to TCP port 3127
Monday, October 11, 2004 5:30:15 PM Unrecognized access from 69.158.166.85:2486 to TCP port 135
Monday, October 11, 2004 5:30:15 PM Unrecognized access from 69.158.67.76:2815 to TCP port 135
Monday, October 11, 2004 5:30:17 PM Unrecognized access from 69.158.166.85:2486 to TCP port 135
Monday, October 11, 2004 5:30:18 PM Unrecognized access from 69.158.75.175:4572 to TCP port 135
Monday, October 11, 2004 5:30:18 PM Unrecognized access from 69.158.67.76:2815 to TCP port 135
Monday, October 11, 2004 5:30:20 PM Unrecognized access from 69.158.75.175:4572 to TCP port 135
Monday, October 11, 2004 5:30:21 PM Unrecognized access from 69.158.36.57:3350 to TCP port 135
Monday, October 11, 2004 5:30:38 PM Unrecognized access from 69.158.123.190:3711 to TCP port 135
Monday, October 11, 2004 5:30:41 PM Unrecognized access from 69.158.123.190:3711 to TCP port 135
Monday, October 11, 2004 5:30:43 PM Unrecognized access from 69.158.122.205:1591 to TCP port 135
Monday, October 11, 2004 5:30:45 PM Unrecognized access from 69.158.122.205:1591 to TCP port 135
Monday, October 11, 2004 5:31:15 PM Unrecognized access from 69.158.101.216:1306 to TCP port 135
Monday, October 11, 2004 5:31:18 PM Unrecognized access from 69.158.101.216:1306 to TCP port 135
Monday, October 11, 2004 5:31:18 PM Unrecognized access from 69.158.21.43:4313 to TCP port 135
Monday, October 11, 2004 5:31:21 PM Unrecognized access from 69.158.21.43:4313 to TCP port 135
Monday, October 11, 2004 5:31:25 PM Unrecognized access from 69.158.81.9:1471 to TCP port 135
Monday, October 11, 2004 5:31:28 PM Unrecognized access from 69.158.25.183:4158 to TCP port 135
Monday, October 11, 2004 5:31:28 PM Unrecognized access from 69.158.81.9:1471 to TCP port 135
Monday, October 11, 2004 5:31:31 PM Unrecognized access from 69.158.25.183:4158 to TCP port 135
Monday, October 11, 2004 5:31:41 PM Unrecognized access from 69.158.111.177:4098 to TCP port 135
Monday, October 11, 2004 5:31:44 PM Unrecognized access from 69.158.111.177:4098 to TCP port 135
Monday, October 11, 2004 5:31:59 PM Unrecognized access from 69.158.149.214:2072 to TCP port 135
Monday, October 11, 2004 5:32:00 PM Unrecognized access from 69.158.162.45:1329 to TCP port 135
Monday, October 11, 2004 5:32:02 PM Unrecognized access from 69.158.149.214:2072 to TCP port 135
Monday, October 11, 2004 5:32:03 PM Unrecognized access from 69.158.162.45:1329 to TCP port 135
Monday, October 11, 2004 5:32:10 PM Unrecognized access from 69.158.15.112:4167 to TCP port 135
Monday, October 11, 2004 5:32:11 PM Unrecognized access from 69.158.80.241:3250 to TCP port 135
Monday, October 11, 2004 5:32:22 PM Unrecognized access from 69.158.65.25:1890 to TCP port 135
Monday, October 11, 2004 5:32:25 PM Unrecognized access from 69.158.65.25:1890 to TCP port 135
Monday, October 11, 2004 5:32:29 PM Unrecognized access from 67.70.151.229:4110 to TCP port 135
Monday, October 11, 2004 5:32:31 PM Unrecognized access from 67.70.151.229:4110 to TCP port 135
Monday, October 11, 2004 5:32:42 PM Unrecognized access from 67.70.151.229:1659 to TCP port 135
Monday, October 11, 2004 5:32:45 PM Unrecognized access from 67.70.151.229:1659 to TCP port 135
Monday, October 11, 2004 5:32:46 PM Unrecognized access from 69.158.75.175:1629 to TCP port 135
Monday, October 11, 2004 5:32:47 PM Unrecognized access from 69.158.21.232:3005 to TCP port 445
Monday, October 11, 2004 5:32:47 PM Unrecognized access from 69.158.158.235:1770 to TCP port 135
Monday, October 11, 2004 5:32:49 PM Unrecognized access from 69.158.75.175:1629 to TCP port 135
Monday, October 11, 2004 5:32:55 PM Unrecognized access from 69.158.82.61:3082 to TCP port 135
Monday, October 11, 2004 5:32:58 PM Unrecognized access from 69.158.82.61:3082 to TCP port 135
Monday, October 11, 2004 5:33:07 PM Unrecognized access from 69.158.137.177:3294 to TCP port 135
Monday, October 11, 2004 5:33:10 PM Unrecognized access from 69.158.137.177:3294 to TCP port 135
Monday, October 11, 2004 5:33:24 PM Unrecognized access from 69.158.97.86:3977 to TCP port 135
Monday, October 11, 2004 5:33:26 PM Unrecognized access from 69.158.97.86:3977 to TCP port 135
Monday, October 11, 2004 5:33:32 PM Unrecognized access from 69.158.34.27:4537 to TCP port 135
Monday, October 11, 2004 5:33:35 PM Unrecognized access from 69.158.34.27:4537 to TCP port 135
Monday, October 11, 2004 5:33:43 PM Unrecognized access from 69.158.36.100:4393 to TCP port 135
Monday, October 11, 2004 5:33:46 PM Unrecognized access from 69.158.36.100:4393 to TCP port 135
Monday, October 11, 2004 5:33:50 PM Unrecognized access from 69.158.3.98:1089 to TCP port 445
Monday, October 11, 2004 5:33:53 PM Unrecognized access from 69.158.3.98:1089 to TCP port 445
Monday, October 11, 2004 5:34:02 PM Unrecognized access from 69.157.153.2:2746 to TCP port 135
Monday, October 11, 2004 5:34:05 PM Unrecognized access from 69.157.153.2:2746 to TCP port 135
Monday, October 11, 2004 5:34:05 PM Unrecognized access from 69.158.154.207:3412 to TCP port 135
Monday, October 11, 2004 5:34:08 PM Unrecognized access from 69.158.154.207:3412 to TCP port 135
Monday, October 11, 2004 5:34:17 PM Unrecognized access from 69.158.113.236:4986 to TCP port 135
Monday, October 11, 2004 5:34:19 PM Unrecognized access from 69.158.113.236:4986 to TCP port 135
Monday, October 11, 2004 5:34:24 PM Unrecognized access from 69.158.141.128:3182 to TCP port 135
Monday, October 11, 2004 5:34:27 PM Unrecognized access from 69.158.141.128:3182 to TCP port 135
Monday, October 11, 2004 5:34:28 PM Unrecognized access from 69.158.57.207:3991 to TCP port 135
Monday, October 11, 2004 5:34:31 PM Unrecognized access from 69.158.57.207:3991 to TCP port 135
Monday, October 11, 2004 5:34:39 PM Unrecognized access from 69.158.149.159:3206 to TCP port 135
Monday, October 11, 2004 5:34:42 PM Unrecognized access from 69.158.149.159:3206 to TCP port 135
Monday, October 11, 2004 5:34:47 PM Unrecognized access from 69.158.34.27:2965 to TCP port 135
Monday, October 11, 2004 5:34:50 PM Unrecognized access from 69.158.34.27:2965 to TCP port 135
Monday, October 11, 2004 5:34:54 PM Unrecognized access from 69.158.188.228:3392 to TCP port 135
Monday, October 11, 2004 5:34:57 PM Unrecognized access from 69.158.188.228:3392 to TCP port 135
Monday, October 11, 2004 5:35:07 PM Unrecognized access from 69.158.34.27:1173 to TCP port 135
Monday, October 11, 2004 5:35:10 PM Unrecognized access from 69.158.34.27:1173 to TCP port 135
Monday, October 11, 2004 5:35:10 PM Unrecognized access from 69.158.25.183:4121 to TCP port 135
Monday, October 11, 2004 5:35:13 PM Unrecognized access from 69.158.25.183:4121 to TCP port 135
Monday, October 11, 2004 5:35:16 PM Unrecognized access from 69.158.127.58:1471 to TCP port 135
Monday, October 11, 2004 5:35:17 PM Unrecognized access from 69.158.162.45:1524 to TCP port 135
Monday, October 11, 2004 5:35:19 PM Unrecognized access from 69.158.127.58:1471 to TCP port 135
Monday, October 11, 2004 5:35:20 PM Unrecognized access from 69.158.162.45:1524 to TCP port 135
Monday, October 11, 2004 5:35:20 PM Unrecognized access from 69.158.155.22:4153 to TCP port 135
Monday, October 11, 2004 5:35:23 PM Unrecognized access from 69.158.155.22:4153 to TCP port 135
Monday, October 11, 2004 5:35:28 PM Unrecognized access from 69.158.3.161:1078 to TCP port 2745
Monday, October 11, 2004 5:35:28 PM Unrecognized access from 69.158.3.161:1081 to TCP port 2082
Monday, October 11, 2004 5:35:28 PM Unrecognized access from 69.158.3.161:1087 to TCP port 135
Monday, October 11, 2004 5:35:28 PM Unrecognized access from 69.158.3.161:1089 to TCP port 1025
Monday, October 11, 2004 5:35:28 PM Unrecognized access from 69.158.3.161:1091 to TCP port 445
Monday, October 11, 2004 5:35:28 PM Unrecognized access from 69.158.3.161:1093 to TCP port 3127
Monday, October 11, 2004 5:35:28 PM Unrecognized access from 69.158.3.161:1094 to TCP port 6129
Monday, October 11, 2004 5:35:28 PM Unrecognized access from 69.158.3.161:1101 to TCP port 139
Monday, October 11, 2004 5:35:28 PM Unrecognized access from 69.158.3.161:1104 to TCP port 1433
Monday, October 11, 2004 5:35:28 PM Unrecognized access from 69.158.3.161:1105 to TCP port 5000
Monday, October 11, 2004 5:35:28 PM Unrecognized access from 69.158.3.161:1120 to TCP port 80
Monday, October 11, 2004 5:35:30 PM Unrecognized access from 69.158.171.131:4555 to TCP port 135
Monday, October 11, 2004 5:35:31 PM Unrecognized access from 69.158.3.161:1078 to TCP port 2745
Monday, October 11, 2004 5:35:31 PM Unrecognized access from 69.158.3.161:1081 to TCP port 2082
Monday, October 11, 2004 5:35:31 PM Unrecognized access from 69.158.3.161:1087 to TCP port 135
Monday, October 11, 2004 5:35:31 PM Unrecognized access from 69.158.3.161:1089 to TCP port 1025
Monday, October 11, 2004 5:35:31 PM Unrecognized access from 69.158.3.161:1091 to TCP port 445
Monday, October 11, 2004 5:35:31 PM Unrecognized access from 69.158.3.161:1093 to TCP port 3127
Monday, October 11, 2004 5:35:31 PM Unrecognized access from 69.158.3.161:1094 to TCP port 6129
Monday, October 11, 2004 5:35:31 PM Unrecognized access from 69.158.3.161:1101 to TCP port 139
Monday, October 11, 2004 5:35:31 PM Unrecognized access from 69.158.3.161:1104 to TCP port 1433
Monday, October 11, 2004 5:35:31 PM Unrecognized access from 69.158.3.161:1105 to TCP port 5000
Monday, October 11, 2004 5:35:31 PM Unrecognized access from 69.158.3.161:1120 to TCP port 80
Monday, October 11, 2004 5:35:33 PM Unrecognized access from 69.158.171.131:4555 to TCP port 135
Monday, October 11, 2004 5:35:37 PM Unrecognized access from 69.158.3.161:1120 to TCP port 80
Monday, October 11, 2004 5:35:37 PM Unrecognized access from 69.158.3.161:1105 to TCP port 5000
Monday, October 11, 2004 5:35:37 PM Unrecognized access from 69.158.3.161:1104 to TCP port 1433
Monday, October 11, 2004 5:35:37 PM Unrecognized access from 69.158.3.161:1101 to TCP port 139
Monday, October 11, 2004 5:35:36 PM Unrecognized access from 69.158.3.161:1094 to TCP port 6129
Monday, October 11, 2004 5:35:36 PM Unrecognized access from 69.158.3.161:1093 to TCP port 3127
Monday, October 11, 2004 5:35:36 PM Unrecognized access from 69.158.3.161:1091 to TCP port 445
Monday, October 11, 2004 5:35:36 PM Unrecognized access from 69.158.3.161:1089 to TCP port 1025
Monday, October 11, 2004 5:35:36 PM Unrecognized access from 69.158.3.161:1087 to TCP port 135
Monday, October 11, 2004 5:35:36 PM Unrecognized access from 69.158.3.161:1081 to TCP port 2082
Monday, October 11, 2004 5:35:36 PM Unrecognized access from 69.158.3.161:1078 to TCP port 2745
Monday, October 11, 2004 5:35:40 PM Unrecognized access from 69.151.98.193:4953 to TCP port 135
Monday, October 11, 2004 5:35:43 PM Unrecognized access from 69.151.98.193:4953 to TCP port 135
Monday, October 11, 2004 5:35:48 PM Unrecognized access from 69.158.33.4:1315 to TCP port 135
Monday, October 11, 2004 5:35:51 PM Unrecognized access from 69.158.33.4:1315 to TCP port 135
Monday, October 11, 2004 5:36:07 PM Unrecognized access from 69.158.188.211:4682 to TCP port 135
Monday, October 11, 2004 5:36:10 PM Unrecognized access from 69.158.188.211:4682 to TCP port 135
Monday, October 11, 2004 5:36:14 PM Unrecognized access from 69.158.188.75:4628 to TCP port 135
Monday, October 11, 2004 5:36:26 PM Unrecognized access from 67.70.151.229:3439 to TCP port 135
Monday, October 11, 2004 5:36:29 PM Unrecognized access from 67.70.151.229:3439 to TCP port 135
Monday, October 11, 2004 5:36:33 PM Unrecognized access from 69.158.171.189:4373 to TCP port 135
Monday, October 11, 2004 5:36:36 PM Unrecognized access from 69.158.171.189:4373 to TCP port 135
Monday, October 11, 2004 5:36:41 PM Unrecognized access from 69.158.190.21:2978 to TCP port 135
Monday, October 11, 2004 5:36:41 PM Unrecognized access from 69.158.34.27:1729 to TCP port 135
Monday, October 11, 2004 5:36:43 PM Unrecognized access from 69.158.188.228:3750 to TCP port 135
Monday, October 11, 2004 5:36:44 PM Unrecognized access from 69.158.190.21:2978 to TCP port 135
Monday, October 11, 2004 5:36:44 PM Unrecognized access from 69.158.34.27:1729 to TCP port 135
Monday, October 11, 2004 5:36:44 PM Unrecognized access from 69.158.165.238:1770 to TCP port 135
Monday, October 11, 2004 5:36:46 PM Unrecognized access from 69.158.188.228:3750 to TCP port 135
Monday, October 11, 2004 5:36:47 PM Unrecognized access from 69.158.165.238:1770 to TCP port 135
Monday, October 11, 2004 5:36:57 PM Unrecognized access from 69.158.6.211:2315 to TCP port 445
Monday, October 11, 2004 5:36:59 PM Unrecognized access from 69.158.6.211:2315 to TCP port 445
Monday, October 11, 2004 5:37:09 PM Unrecognized access from 69.158.36.57:3123 to TCP port 135
Monday, October 11, 2004 5:37:19 PM 192.168.0.186 login successful
Monday, October 11, 2004 5:37:20 PM Unrecognized access from 69.158.176.120:3499 to TCP port 135
Monday, October 11, 2004 5:37:23 PM Unrecognized access from 69.158.176.120:3499 to TCP port 135

Sorry about the rant...

I apologize for any negative reactions... Mods feel free to shorten it.

PCBruiser · 10-11-2004, 05:42 PM

No rant, azproc, and you are right to be angry. Your ISP should be doing more for you. Many of those they should be blocking at their level. Since Comcast is doing a lot of blocking at their level, I don't see as much as you any more. A year ago, and my logs were similar to yours. And, it also demonstrates just why you really have to block off netBios from the internet, because a lot of those attempts were intended to gain access via that protocol.

**pointreyes** · 10-11-2004, 05:45 PM

Quote:

Originally Posted by azproc

Sorry about the rant...

I apologize for any negative reactions... Mods feel free to shorten it.

Looks to me like your ISP is pinging you like crazy.

TCM · 10-11-2004, 05:59 PM

may i ask what the problem is with a connection attempt to the port that's normally used by a trojan if you don't run that trojan? that's not an attack.

of course, if the possiblity exists that you actually run that trojan, then you have other problems already.

azproc · 10-11-2004, 06:02 PM

hmm...pointreyes, PCB what do you suggest I do?

but anyhow, I get fairly good internet speeds even with all this overhead on my router. BTW, I still use TCP/IP for my network... most of my LAN games cannot run on IPX/SPX... although I have a spare DI704/non-P router I use specifically for LAN gaming... that's NOT connected to my ADSL modem.

What do you mean TCM?

edit: I have absolutely no trojans, virii, or spyware on my systems... or my LAN for that matter...

10-10-2004, 01:17 PM	#32
PCBruiser Registered User Join Date: Nov 2003 Posts: 13,497	ENOUGH! I don't want this to degenerate further and start having to delete posts on this thread.
(Offline)

10-10-2004, 02:28 PM	#33
Endaar Angry American Join Date: Jun 2002 Location: Long Island, NY Posts: 793	TCM, your problem here is you're looking at this from the perspective of blocking ICMP within an autonomous system. I am perfectly aware that ICMP includes redirects, host not reachable, etc. None of that has any meaningful effect on a SOHO user with a couple of machines connected to a broadband router. You can debate if it has any impact on security, but there's certainly no harm in disabling WAN-side pings. Endaar __________________
(Offline)

10-10-2004, 04:51 PM	#34
Deer Slayer Unscanable!!! Tatoo??? Join Date: Dec 2002 Location: Howell Michigan Posts: 3,843	I had to roll my eyes too when I saw this thread. No offence Finalheaven, but there's no such thing as perfect security, especially not on the internet. I'm not about to start a rant like TCM, but even though he was rude about it he does have a lot of valid points. It's not that if they can't ping or get a response they can't hack, it's that whatever automated software they have looking for things to hack doesn't find you. Stealthing has it's advantages and disadvantages, so does blocking all icmp. What you've got to do dictates how you set up your security. I don't keep anything serious on my puter so I don't have all the security stuff some people do. I have just enough to keep from getting hosed by day to day use on the internet. If I had something to protect I'd probably be anal about it, but my puter is pretty much for entertainment and fixing other puters. If I get hosed, I slap in my removable hard drive, and restore an image. Big deal, I lost a few downloads! As far as stealthing and disabling icmp goes, I did notice less garbage headed my way since I did that. When I do need icmp and pings I turn it back on in the firewall. When I forget to turn it back off it never fails, I get and incoming echo request in the log followed by a port scan from the same ip. I'd much rather have it disabled for day to day stuff.
(Offline)

10-11-2004, 05:34 PM	#39
Alpine Registered User Join Date: May 2002 Posts: 117	Interesting. Who is your ISP might I ask? I'm also located in SE PA (near Philly) but I've yet to see any attacks listed in my router log. Maybe it's just a matter of time.
(Offline)

10-11-2004, 05:35 PM	#40
PCBruiser Registered User Join Date: Nov 2003 Posts: 13,497	ISP = Comcast. And you might check your router's settings to make sure that all your logging features are set up correctly. BTW, near Philly also - in the Main Line (Chester County) towards Lancaster.
(Offline)

10-11-2004, 05:42 PM	#42
PCBruiser Registered User Join Date: Nov 2003 Posts: 13,497	No rant, azproc, and you are right to be angry. Your ISP should be doing more for you. Many of those they should be blocking at their level. Since Comcast is doing a lot of blocking at their level, I don't see as much as you any more. A year ago, and my logs were similar to yours. And, it also demonstrates just why you really have to block off netBios from the internet, because a lot of those attempts were intended to gain access via that protocol.
(Offline)

10-11-2004, 05:59 PM	#44
TCM Registered User Join Date: Sep 2001 Posts: 82	may i ask what the problem is with a connection attempt to the port that's normally used by a trojan if you don't run that trojan? that's not an attack. of course, if the possiblity exists that you actually run that trojan, then you have other problems already.
(Offline)

10-11-2004, 06:02 PM	#45
azproc MD of Technology Join Date: Nov 2002 Location: Canada Posts: 604	hmm...pointreyes, PCB what do you suggest I do? but anyhow, I get fairly good internet speeds even with all this overhead on my router. BTW, I still use TCP/IP for my network... most of my LAN games cannot run on IPX/SPX... although I have a spare DI704/non-P router I use specifically for LAN gaming... that's NOT connected to my ADSL modem. What do you mean TCM? edit: I have absolutely no trojans, virii, or spyware on my systems... or my LAN for that matter... __________________ Azproc ASUS P5W DH Deluxe - 1101 - Intel Core 2 Duo E6400 - 2x512MB OCZ PC2-5400 Gold XTC 4-4-4-12 - Seagate 7200.10 320GB - soon to be replaced ASUS EN5750 128MB - Thermaltake TR2 430W - 17 Samsung 710N - XP Pro SP2 Gigabyte GA-8KNXP - F12 - Intel P4 2.4C HT @ 2.88GHz, 240MHz Clock using 5/4 - 2X512MB OCZ Plat. 3200 Dual running 2/3/2/5 - SB LIVE 5.1 - Seagate SATA 120GB - former ATI (BBA) X850XT @ 554/591 - now XFX 7800GS Xtreme @ 460/1350 Thermaltake 480W FC - 20.1 Viewsonic VX2025WM LCD - XP Pro SP2 - 3DMARK 03/05/05 = 11708/5739/5860
(Offline)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode