Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

attacks from remote IPs


  • Please log in to reply

#1
mezigues

mezigues

    Member

  • Member
  • PipPip
  • 17 posts
hey all



First, note that my computer is running a fresh (6 days old) win 7 with it's firewall and windows defender active and that both malewarebyte and avira antivir report 0 infected files
GMER reports 0 rootkits
Also, the comp is on a private network along with 2 others, and none of them receives any attacks (they run the security tools)


ok, so about an hour ago, malwarebyte's resident agent warned me that an IP was trying to connect to my comp and blocked it (an Ip from dynamic.saudi.net.sa)
like 1 minute later, another notification from the same attempt from the same IP

a few minutes later, in like half a minute I received a wave of like 10 similar attacks from various IP (50% of them from dynamic.saudi.net.sa and the rest from china and russia and a seedbox in netherlands)
malwarebyte blocked them all

like 10 minutes later, another wave, from different IPs but all from similar domains

nothing since: looks like he gave up on me (I re-scanned and found nothing so I doubt he was successful)




still, there are a few things I don't understand:
- how did they manage to find this computer considering it's behind a router? (and clean)
- how come 7's firewall didn't see, block or warn anything?
- 7's firewall can block IP ranges, but it doesn't seem to know how to block by domain name: is there a way to do so? (those IP ranges are too wide and spread to be blocked by IP ranges)

is there anything I can do to increase my security level on this comp?

thanks

Edited by mezigues, 18 September 2010 - 10:59 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP