ISP Attack, should I be worried?

[Messerschmitt]

Hello. This is what exact happened.

Everytime I am at this new ISP, Every few days I get my internet ethernet card to: Limited or no connectivity. All of the sudden it just happen, sometimes I just turn it on and I find out I don't have internet or it just starts from nowere while navigating (4 times now in 2 weeks).

What I have obsrved is that in order to make the ethernet card again to attempt to connect to the internet I need to close/disamble (one time even un-install) Outpost Firewall. Today when I did closed Outpost, and re-connected to internet, after 5 seconds, my Karspesky Antivirus detected the following attacks.

LSASS Exploit via TCP Protocol, adress *ISP* to local port 445

PnP Exploit via TCP Protocol, adress *ISP* to local port 445

Lovesan via TCP Protocol, adress *ISP* to local port 135

What all these means? Should I phone my ISP and ask for explanations?

And why my internet allways fall down at some random times and only way I can make my ethernet card reconnect is to disamble Outpost Firewall?

(After reconnecting, and starting Outpost the internet will work for another couple of days)

[I_Broke_My_MHZ]

It sounds like the firewall is improperly configured (on your part), which is blocking both the bad and some of the needed stuff for the connection. Of course, when you disable the firewall all the bad stuff gets in. However, this malicious traffic is NOT coming from your ISP.

[Messerschmitt]

Well I am not good at this at all, but my common sence tells me that LSASS and PnP Exploit is something bad...

Don't know about Lovesan tho that sounds like a malicious file too. And they are all comming from my ISP according to tracking.

But what exactely does they do anyway?

[I_Broke_My_MHZ]

Exploits are what viruses use to infect a computer. The antivirus program is telling you that computers are trying to connect to yours using such exploits. These are NOT coming from your ISP. They are probably coming from other users of your ISP.

[epic]

I wouldn't be too worried about it, unless you are infected with potential viruses or spyware.

Check your PC thoroughly. Run HiJackThis, run SpyBotSearch&Destroy and spyware blaster, I would also recommend installing SpywareGuard and keep it running as a resident service. If you have more questions, run on over to http://www.wilderssecurity.com/

A virus can not install itself on your PC unless you tell it to. Some viruses (i.e. worms) use exploits such as a known buffer overflow to crash systems not infect them. Home users "generally" do not need to worry about this, most of these viruses (i.e. worms) are generated towards medium to large corporate domains.

Edited October 9, 2005 by epic