For blacksea

[Mr Bean]

hi

Dear Blacksea

reading the post" I am being hunted"

and looking at your log there seems what I can see not that much to worry about ,why I say this is ."looking" its seems a prober ,and yes someone or a few are trying to get in and have a peek,you seem to have it under control as you are blocking well

but like anything not a guarantee depending how badly thy or who ,wants to get in,And what thy are seeking

most probably your OS XP,(Ho ho) or a game?

now mostly its your regular snooper (kiddo trying) if it were a pro he/she probably would of been in and by now gone.but because its constant at the moment ,the non pro (or kiddo) will give it up.

look at it this way thy got "bill laden" ,yes took a while but thy did get him.So nothing can stop any one if thy are good Enoch.No matter what we have in place to try .yes most cant the odd one may?

few things to hurry the process turn of your modem when not at home or using the Pc on line,pull out the cable,make sure your fire wall is not disabled .or add a ip blocker.like bee think if not already installed (try it) block icmp any this will help as well.now mostly thy will go away if its a hard task ,so long as your system stays silent thy will go somewhere els,for easier game,not saying this will ever stop but you seem well protected,look at my sample log and see what I mean ,now and then its flat out blocking.

but that depends on what one is doing,this case I am seeding and this then will run flat out,point is you or I will never totally stop the hacking or snooping,and I resigned to this now ,just not worrying about it,look if some one did get a peek and pinched a copy of my Os ,good luck to them,or perhaps a gift file good luck to them.

nothing ? I have that any one else has already..certainly nothing more as I never email or bank on the net.and think that its very hard to get into and peek at my drives.

 

Mr Bean

[blacksea]

Hi Mr bean,

 

Well yeah it does feel a bit comforting that I know that my firwall keeps blocking them, but knowing that they and I don't know how many as I saw MANY different IP's are trying to sneak in my pc every minute about 4-8 attempts and that for more than two months.. yes I am using XP, but I do online bank sometimes, but that is not a problem since Avast has a safezone where nobody can get in and see what I am doing.

 

Blacksea

[Mr Bean]

but knowing that they and I don't know how many as I saw MANY different IP's

 

Hi again

in all the time (years) I have been on the net most are query ,like Google and the like,many are robots (seekers looking for a open port or entry Mostly harmless,and can add up a log file.

now as for a hacker that's different.

you be hit perhaps (as I could Also) 20 to 50 timescale in 1 mi nit."now then"

you would see this as your fire wall or blocking apps,as thy would certainly go silly.

this happens on the od times over the years where some one decides thy want a peek no matter what it takes to try.So far as I know No one has ever Succeeded,But that's not to say Bravo! as there is always a first time.

 

the problem now days is the robotic scanners,like The updates,and links thy look as if thy are hackers ,(querying) but relay just scanning your ip and harmless.

any how hope this gives you conveyance that you are fairly safe and rest easy

but not sleep

Mr been

[So_sad]

Hey guys,

 

Blacksea : do you have a router ? I'm asking the question because nowadays most people use some sort of router ; either because they need wireless in the home, or because the ISP supplies a modem/router hybrid box, or because there is a wired home network, etc... When you have a NAT router (network address translation) which applies to most routers out there, then you won't see many or all of these "attacks" in a firewall log, because the "NAT firewall" doesn't let them pass the router to your machine. This probably explains why we don't see thousands of members complaining about those "attacks" on forums every day... because they have a router and the firewall remains silent.

 

Like Mr Bean said : queries from many directions, port scanners, robots of many kinds... it's a jungle out there. As long as you have an updated system with minimal protection, none of those will ever get passed protection and cause harm. Very few of these attacks are indeed attacks. The risk of having a hacker wanting to get into YOUR machine are practically nil, unless you know better (like an ennemy of yours on a game site for instance... someone who has made a direct threat, etc...).

 

It's easy to get paranoid when you look at firewall logs. Don't let it intimidate you, unless you experience clear signs of trouble with your machine.

 

Hope that helps.

[blacksea]

Hi So_sad,

 

Yes, we do have a router since my father and my brother have their own laptops. Well okay, it nice to hear from a very knowledgeable member that it's not a big deal. And yes I don't experience any signs of malware or that I am being hacked, but seeing that suddenly was a bit like 'what's going on here??'

 

So thank you both for your information!

Blacksea

[Mr Bean]

It's easy to get paranoid when you look at firewall logs

 

Yes you are correct ,it can be intimating, seeing all the blocks and the ip's that mount up,but I have learned this,fire walls like comodo and the like , will do the job,and you can rest easy,and I, now hardly look at it .

one thing I can tell you is this, if it were a attack on your system you would know it,as the fire wall (and any other type protection) would go stupid as it would ask you time and time over .like I said inside of 30 seconds you get dozens of pop ups,then you know to shut down

but it only has happened 3 times to me where it was a genuine attack,and i shut down the system ,gave it a few hours and never saw them again.

most probably gave up

 

one thing is to understand that a attacker need a lot of and luck as well and a open system (unprotected) or rather poorly

getting past a router is not easy,then into your system then face a fire wall as well.

in my case my system is over protected ,not always a good thing,but its what one wants or how one thinks one likes it.

look rest easy,with what you have in place not mutch hope of getting in .

 

"suddenly was a bit like 'what's going on here??'"

yes I certainly understand this I would be the same!

 

 

 

 

Mr bean

[blacksea]

Well I do have the firewall of comodo installed but it is disabled because I use the firewall of Avast!. As far as I know the firewall of comodo is one of the best. But I did switch sometimes to see if comodo was also blocking like Avast did. So I switched between them but when I looked at comodo it didn't show me 'incoming connections' and also no block. So I thought that it was letting them get trough and so I switched back to Avast.

 

Also I did some all kinds of test and firewall leak test etc and actually did pass all of them and said that I was 'stealth' and invisible for the internet.

[Mr Bean]

look put it this way, ether one is plenty..

I use a older one very small effective type.its les then 1 meg.self tweaked .

and hard as fort Knox ,plus a few other add on apps.total 5 meg .over the years added variety of tweaks and happy.

you have 2 of the better types and you can feel assured you are fine.any how

thanks for the posting and hope its given you a bit of connivance you are ok.

you can trust me when I tell you this ,as its my specialty fire walls an blockers.

how to harden a system.

 

MR Bean

[blacksea]

No thank you Mr bean for the information, and yes I definitely trust you and also So_sad. So there is nothing to worry about.

 

Blacksea

[So_sad]

Hey Blacksea ;-)

 

I see in the other topic that you're still hunting for baddies...

 

I have a quick question for you : is your router set up with fixed IPs for the machines on the network, or is it configured with DHCP ?

I'm asking because I don't think you should be getting all those attacks on DHCP, if that's what you use. If you are using fixed IPs, then maybe you should reconsider..., and let the router assign IPs for you.

[blacksea]

Hi So_sad,

 

I honestly don't know what you could possible mean by that and also if my router is set up like you mentioned. If there is a way to know I could know, then please tell me and I will try see if it was indeed set up like that.

[So_sad]

Sure thing.

 

To make it easier for both of us, could you tell me the brand and model number of your router please ? Once I know, I'll find a manual for it online and then I'll let you know where/how to look.

 

Thanks ;)

[Melvin_Deal]

Agree with so sad. i do!

 

You can do a simple physical experiment to find out/rule out some possibilities! Change the known physical IP address! Trade a connection with a neighbor... maybe that will work the hits will either go away. Process of elimination. I hope I am not being stupid.

 

I don't know your infrastructure/dataspeed.

 

-Mel

[blacksea]

Hi guys,

 

I will be looking at it, but first I am still being helped by superdave and I don't want to do something else because this may corrupt the procces we are in right now I don't know. If he agrees with it and should try it, then I will do it right away, but for now it is better to wait for him I think. But ofcourse thank you for the help you guys were trying to provide.

 

Blacksea

[So_sad]

Hi Blacksea,

 

I wouldn't do anything to compromise the work being done in the other topic.

 

My angle is "look only", which means once I have your router specs, I'll be able to have you "look" and see how things are configured. Mostly if you are on DHCP and if the unit has NAT and possibly a SPI firewall feature and whether it's enabled or not.

Edit to add : on top of NAT/SPI features, I think you play games online so there's a possibility that your machine has been placed in the router's DMZ (demilitarized zone). If that's the case, then all of the router's protections are bypassed and your machine would be wide open for those attacks. That can be checked easily, once I know which router you have ;)

 

And by the way, I doubt you'll find any malware, looking at all the scans you've run thus far. But that's just my opinion. You guys do what you need to do.

 

:-)

[blacksea]

Hi So_sad,

 

My router is called 'Icidu' This one.

 

http://www.google.nl/imgres?imgurl=http://www.pcdeventer.nl/upload/product/ICIDU%2520router.jpg&imgrefurl=http://www.pcdeventer.nl/eshop/product/index.asp%3Fproduct_id%3D883&usg=__GDR4jVH2jXQqpj3-2hyIm0UQst0=&h=300&w=300&sz=9&hl=nl&start=0&zoom=1&tbnid=mwHCBMF7chjrZM:&tbnh=138&tbnw=138&ei=RdHSTczRDMPHswb9lL2eCQ&prev=/search%3Fq%3Drouter%2Bicidu%26um%3D1%26hl%3Dnl%26sa%3DN%26biw%3D1152%26bih%3D745%26tbm%3Disch&um=1&itbs=1&iact=hc&vpx=130&vpy=72&dur=3151&hovh=225&hovw=225&tx=98&ty=246&page=1&ndsp=22&ved=1t:429,r:0,s:0

 

And yes I do play sometimes an online game, but really not that much any more because I am a bit more busy with my school. Maybe once in a month I play Counterstrike:source and thats it, no other online game actually.

[So_sad]

Thanks ;)

 

Man..., that's not a common router you have there :mrgreen:

 

Google wasn't being very cooperative, but I finally managed to track down the manual for that unit (I think) :

http://www.icidu.com/productdownloads/NI-707502/manual/NI-707502%20Full%20English%20manual.pdf

 

Ok then, let's have a look. Just a look...

 

1) Access the router's web utility by typing this address in your browser :

 

192.168.1.1

(and press [Enter] to load the page)

 

> If that doesn't work, then someone in the home has changed it and you'll need to find out what the new IP (Gateway IP) is.

 

> You should now have the router's configuration window loaded.

 

2) Default Username and Password for the unit are "admin" (for both). If you or anyone else in the home have configured a new username and/or password, you'll need it to get in. If they are default ("admin"), let me know because we'll need to change them later.

 

3) From the window, you'll see menus on the left ; choose the "Network" menu and then "WAN" :

 

> Tell me if you see "DHCP" in the top box, or if it's something else. Write it down because I need you to check a few more things.

 

4) Just to see if your wireless connection is secure : choose the "Wireless" menu on the left and then "Wireless Settings" :

 

> Tell me if the little box next to "Enable Wireless Security" is ticked. If so, tell me which type of securing is in use (WEP, WPA/WPA2, WPA-PSK, etc...). Write it down for me but don't change anything.

 

5) Last, choose the "DHCP" menu and then "DHCP Settings" :

 

> Tell me if DHCP in enabled. That's it.

 

======

 

Don't give us any other details from the router here on the forum because some of them are private (like your internet IP, MAC address, passwords, etc...).

 

See you again soon :-)

[So_sad]

Ah, I forgot one thing to check :

 

Choose the "Forwarding" menu and then "DMZ" :

 

> Let me know if DMZ is enabled, please.

 

Thanks.

[blacksea]

See attachment for the 'network' > 'wan'

 

'Enable Wireless Security' is ticked. everything as ticked there.

 

'DHCP'is enabled.

 

As for the 'DMZ' that was disabled with zero value's.

[blacksea]

Oh I see that I forgot the security type: wpa-psk/wpa2-psk

 

Also, I just went to the advanced security and there was 'DoS protection'. It was disabled, should it not be enabled? I don't know,since I think that every protection should not be disabled?

[So_sad]

Hi Blacksea,

 

Sorry for the late reply. Been very busy here and will be for the next day or so.

 

Quickly though : your router seems to be setup OK, so I don't really understand why all those attacks are getting around it and triggering Comodo like that. Not really my area of expertise.

 

As far as the Advanced Security features go, let me look into it before you start tinkering in there. As you have seen, there's a "Firewall" feature in there, which can allow you to block things at the router, but it's pretty technical so we need to understand what they can do first.

 

"WPA-PSK / WPA2-PSK" is good to secure your Wi-Fi (better than WEP).

 

One thing you didn't mention : were the username and password needed to get in the default ones (admin/admin) ? If so, let me know and we'll change them.

 

We may also need to look at those "attacks" in more detail, to try and determine their origin.

 

More when I get back ;)

[Melvin_Deal]

Yes... so sad is right.

 

Make sure the IP's change. Process of elimination. Can you post a screenshot of the attacks? Don't think it will help but would like to see anyway. Also... curious what your network management software is... do all connections come through the same wireless router, or is it possible that another machine is connected to a different router and acting as a bridge... and that may be where the "attacks" are entering??

 

-Mel

[blacksea]

Hi So_sad,

 

No problem so_sad, take your time when ever you want! ;-)

 

But the attacks are triggering Avast and not Comodo, I have Comodo installed only for the Defense+ HIPS. Firewall is disabled since it was not blocking all those ip's like Avast did.

 

And yes password was needed to get in, but it was not changed since it was a very basic login username and password.

 

About the origin of the attackers, I have tracked their IP's but most of them are private IP's. With Avast you can look it up, some of which I looked up came drom countries like Germany, Czech Republic, United States, Canada and some others.

 

 

 

@ Melvin_deal,

 

I don't think my IP keeps changing. I think that in the Netherlands everybody has one standard IP. I may be wrong don't know.

 

And here is a screenshot of the attacks you wanted, but I also have some more in the 'I'm being hunted' thread of mine. Also, my 'lokaal adres'/local adress is not the same, different IP's are showing up and I don't think those are mine?* The one which is just white. What is that actually? I deleted those IP's since I thought that 'lokaal/local adress' was reffering to my IP, but I don't think so because there are different IP's and also if I look up for them in Avast, it says it is a private adress so I could not get any information of where the IP's are belonging to.

 

http://forums.iobit.com/attachment.php?attachmentid=7659&stc=1&d=1305983660