Jump to content

third party attacks since installing SP2


IgnatiusJReilly

Recommended Posts

Since I installed SP2, I have had about 200 third party attacks (from different IP addresses) every day. Each time I get a warning message from Norton Internet Security saying "A remote system is attempting to access your computer." Norton also recommends that I not permit these remote systems to access my computer. Does anyone have any idea what these attacks are?

Link to comment
Share on other sites


It might help if you can post a segment of the log from your firewall.

More than likely these are just pings, ICMP echos and items of that nature. I'd get them on occasion and be alerted with Outpost Professional (Much better than Norton and ZAP, in my honest opinion.)

Link to comment
Share on other sites

The following are the details of the typical attack alerts:

Details: The user has created a rule to "block" communications

Inbound UDP packet

Local address, service is ()

Remote address, service is (209.173.245.119,8264)

Process name is "N/A"

Details: The user has created a rule to "block" communications

Inbound TCP connection

Local address, service is ()

Remote address, service is (64.231.80.78,4480)

Process name is "N/A"

Link to comment
Share on other sites

Search results for: 209.173.245.119

OrgName:    SECURE WEBS INC

OrgID:      SEWB

Address:    463 W FIFTH

City:    COLVILLE

StateProv:  WA

PostalCode: 99114

Country:    US

NetRange: 209.173.240.0 - 209.173.255.255

CIDR:    209.173.240.0/20

NetName:    SEWB-2

NetHandle:  NET-209-173-240-0-1

Parent:  NET-209-0-0-0-0

NetType:    Direct Allocation

NameServer: NS1.DNSWIZARDS.COM

NameServer: NS2.DNSWIZARDS.COM

Comment:

RegDate:    2004-08-24

Updated:    2004-08-24

NOCHandle: HM184-ARIN

NOCName: Hostmaster

NOCPhone:  +1-509-684-2511

NOCEmail:  hostmaster@securewebs.com

OrgTechHandle: HM184-ARIN

OrgTechName: Hostmaster

OrgTechPhone:  +1-509-684-2511

OrgTechEmail:  hostmaster@securewebs.com

# ARIN WHOIS database, last updated 2004-08-30 19:10

# Enter ? for additional hints on searching ARIN's WHOIS database.

Also both these ports are associated with Proxy servers.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...