First, note that my computer is running a fresh (6 days old) win 7 with it's firewall and windows defender active and that both malewarebyte and avira antivir report 0 infected files
GMER reports 0 rootkits
Also, the comp is on a private network along with 2 others, and none of them receives any attacks (they run the security tools)
ok, so about an hour ago, malwarebyte's resident agent warned me that an IP was trying to connect to my comp and blocked it (an Ip from dynamic.saudi.net.sa)
like 1 minute later, another notification from the same attempt from the same IP
a few minutes later, in like half a minute I received a wave of like 10 similar attacks from various IP (50% of them from dynamic.saudi.net.sa and the rest from china and russia and a seedbox in netherlands)
malwarebyte blocked them all
like 10 minutes later, another wave, from different IPs but all from similar domains
nothing since: looks like he gave up on me (I re-scanned and found nothing so I doubt he was successful)
still, there are a few things I don't understand:
- how did they manage to find this computer considering it's behind a router? (and clean)
- how come 7's firewall didn't see, block or warn anything?
- 7's firewall can block IP ranges, but it doesn't seem to know how to block by domain name: is there a way to do so? (those IP ranges are too wide and spread to be blocked by IP ranges)
is there anything I can do to increase my security level on this comp?
Edited by mezigues, 18 September 2010 - 10:59 PM.