Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Frequent Firewall Alerts And Banning Ip's


  • Please log in to reply
3 replies to this topic

#1 Jennahlynn

Jennahlynn

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 08 June 2006 - 02:49 AM

Good evening all -

I have what may seem like a ridiciulous question...I run WinXP with all the updates, etc..Additionally I have the Windows Firewall, The McAfee Personal firewall plus (running in tight security mode), and run Windows Defender 2x per week and the Stinger programs as necessary. I have my secuity settings established to shut all listed ports off, have turned most MS programs to outbound access only (unless I need them). Additionally, I lock the computer down when not on-line. However, I have had a huge influx of "attempted connections" from some scary entities - namely the DoD (IP 158.243.0.0 - 158.243.255.255) and Halliburton Houston (IP 340.0.0.0 - 34.255.255.255), and a spiffy program called ESCHELON2000A (IP64.65.128.0.1. - 64.65.15.9.0.) all incoming on ports 1026 and 1027.

Let me state first that I am a lawabiding citizen and stay at home mom - with no criminal history. They info I am given states that a program called "NetSpy/Trojan" was scanning my system - (For what???) - but moreover, how do I make it stop??? Any information on how to close these ports (?) or what action I can take other than banning a zillion ip addresses would be greatly appreciated.

PS: The simple step by step advice in your "Malware section" showed me how to remove a worm several weeks ago - This place is fantastic!

My best to all - Jennah

BC AdBot (Login to Remove)

 


#2 Harry83

Harry83

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Location:State College PA
  • Local time:06:43 AM

Posted 08 June 2006 - 03:50 AM

First of all you need to make sure that you are only running one firewall. Multiple firewalls can cause serious conflicts with each other. You should make sure that you disable the Windows Firewall.

Second, make sure that you have an active Anti-Virus program.

Here is a link to some freeware replacements to commercial anti-malware products:

Freeware Replacements...

This link includes freeware AV programs, Anti-Spyware programs, and Firewalls. I highly recommend AVG as a free AV program if it turns out you need one. It is easy to download and is very effective.

Netspy is definitely malware, which indicates that you have a malware infection. The following link provides information from Symantec about this particular infection and also includes removal instructions.

Netspy Info

If this doesn't solve your problem then I suggest the following:

Post a HijackThis log in the HJT Logs and Analysis Forum. Here is a link to that Forum:

HJT Forum

Please follow the preparation directions and try not to alter your system until you receive help from one of our HJT Team Members. The preparation directions are found at the following link:

Prep Guide for Posting HJT Logs

Please note: Do not try to fix any problems with HJT yourself. This is an advanced tool and requires expert analysis.

I hope this helps you out! :thumbsup:
--
Harry83
Posted Image
Liberating America From Spyware - 1 Computer at a time...

#3 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:05:43 AM

Posted 08 June 2006 - 08:54 AM

1. As one learns when one has a firewall, all sorts of entitites scan the internet; a good firewall will return no information to these often automatic scans and your address will be "invisible" to whoever is doing the pinging.
2. I am not sure what you mean by the "...info I am given states that a program called "NetSpy/Trojan" was scanning my system ...". What is the source of the information and when do you get this notice?
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#4 Jennahlynn

Jennahlynn
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 08 June 2006 - 10:31 AM

Sorry for the confusion -

I have a Mcafee AV program -which is continually "ON". The info about which programs are attempting to gain access come from the McAfee alerts re: IP Address, S Port, D Port and Listed Event Information which is set to"Auto-report" to thier "Hacker Watch Program".

The "Hijack This" protocol was what I followed to remove last weeks WIN32Polip (sp?) bug - the info was invaluable and removed it without having to post a question.

1) When turning off Windows firewall - Do I check anything under the"Allow Exceptions Tab"?
2) My firewall was initially set to "Not" alert when it blocks a program or attempts at connection - but after last weeks malfunction - I set it to notify re: every connect attempt from a port not commonly used.

I will follow the HJT prep protocol (and noting additional - lol) - and the removal instructions for "NetSpy".

Thanks for the info ev1. Hope to hear from you again soon-

Jennah




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users