Every hour or so I get a message from norton internet security saying that someone is attacking my using portscan from the following ip 71.250.0.12 Could anyone here tell me where this attack is coming from. I am not using any programs other than internet explorer at the time. I have a belkin wireless router that I get the internet from. There is only 1 other computer that is also connected that is mine that isnt running. Any help would be appreciated.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Being hacked!
- Thread starter c0ex
- Start date
OrgName: Verizon Internet Services Inc.
OrgID: VRIS
Address: 1880 Campus Commons Dr
City: Reston
StateProv: VA
PostalCode: 20191
Country: US
NetRange: 71.240.0.0 - 71.255.255.255
CIDR: 71.240.0.0/12
NetName: VIS-BLOCK
NetHandle: NET-71-240-0-0-1
Parent: NET-71-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.BELLATLANTIC.NET
NameServer: NS2.BELLATLANTIC.NET
NameServer: NS2.VERIZON.NET
NameServer: NS4.VERIZON.NET
Comment:
RegDate: 2004-11-09
Updated: 2005-06-01
OrgAbuseHandle: VISAB-ARIN
OrgAbuseName: VIS Abuse
OrgAbusePhone: +1-214-513-6711
OrgAbuseEmail: [email protected]
OrgTechHandle: ZV20-ARIN
OrgTechName: Verizon Internet Services
OrgTechPhone: +1-703-295-4583
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2005-12-29 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
OrgID: VRIS
Address: 1880 Campus Commons Dr
City: Reston
StateProv: VA
PostalCode: 20191
Country: US
NetRange: 71.240.0.0 - 71.255.255.255
CIDR: 71.240.0.0/12
NetName: VIS-BLOCK
NetHandle: NET-71-240-0-0-1
Parent: NET-71-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.BELLATLANTIC.NET
NameServer: NS2.BELLATLANTIC.NET
NameServer: NS2.VERIZON.NET
NameServer: NS4.VERIZON.NET
Comment:
RegDate: 2004-11-09
Updated: 2005-06-01
OrgAbuseHandle: VISAB-ARIN
OrgAbuseName: VIS Abuse
OrgAbusePhone: +1-214-513-6711
OrgAbuseEmail: [email protected]
OrgTechHandle: ZV20-ARIN
OrgTechName: Verizon Internet Services
OrgTechPhone: +1-703-295-4583
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2005-12-29 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Malk-a-mite
[H]ard|Gawd
- Joined
- Feb 16, 2002
- Messages
- 2,023
c0ex said:
Could be another DSL customer scanning the network, or could be the Version netadmins scanning for their own purposes.
As long as you have your firewalls in place, and a good general security policy in place I wouldn't worry about it too much.
A portscan isn't really an attack. It's probably just someone scanning a range of IP addresses looking for something interesting. I wouldn't worry about it. Just make sure you don't have anything open that shouldn't be open and that your system is properly secured.
You can notify them, but I doubt they would do anything, or that they would even care. Like I said earlier, portscanning isn't an attack. The best thing you can do is to just turn off those stupid messages. It's like if your car had a system that alerted you whenever someone looked at you while you were driving. Do you really need to know whenever someone looks at you?c0ex said:
And it is most likely an internal verizon thing anyway, so there's not much you can do about it other than cancelling your service.It happens all the time to everyone.
You should really get one of these:
http://www.compusa.com/products/product_info.asp?product_code=334330&pfp=BROWSE
This is a router that performs NAT, network address translation. What that basically means to you is that your computer is not directly accessible in any way to the internet at large. This affords you a huge amount of protection, because no one can ping, portscan, or do anything else to your computer directly. All requests to your IP from the internet are handled by this box, not by your PC.
Everyone with broadband should have one.
Oh, and BTW, I'd email the info to [email protected] They may or may not care or take action... if they do, they won't let you know or anything, but I have the feeling they'll look into it.
You should really get one of these:
http://www.compusa.com/products/product_info.asp?product_code=334330&pfp=BROWSE
This is a router that performs NAT, network address translation. What that basically means to you is that your computer is not directly accessible in any way to the internet at large. This affords you a huge amount of protection, because no one can ping, portscan, or do anything else to your computer directly. All requests to your IP from the internet are handled by this box, not by your PC.
Everyone with broadband should have one.
Oh, and BTW, I'd email the info to [email protected] They may or may not care or take action... if they do, they won't let you know or anything, but I have the feeling they'll look into it.
Check your own IP (Start > Run > type: cmd > type: ipconfig /all). Norton may be reporting your PC attacking itself.
If you determine that someone is continuously probing your IP, an email to abuse@the_attackers_ISP with a log file attached usually fixes the problem within a few days.
If you determine that someone is continuously probing your IP, an email to abuse@the_attackers_ISP with a log file attached usually fixes the problem within a few days.
ALso here is the router that I am currently using
http://www.belkin.com/support/download.asp?download=F5D6231-4&lang=1&mode=
http://www.belkin.com/support/download.asp?download=F5D6231-4&lang=1&mode=
MisterDNA
[H]ard|Gawd
- Joined
- Feb 8, 2004
- Messages
- 1,055
You're being CRACKED or H4XX0R3D, not hacked.
Hackers are a different animal entirely.
Hackers are a different animal entirely.
a port scan is usually nothing to worry about, it's probably random.
unless you're new to the internet or this is new software, you should have seen this going on every hour for the past 5 years. its been happening for a while and isn't really malicious (although it can preceed a malicious act). forget about it.
unless you're new to the internet or this is new software, you should have seen this going on every hour for the past 5 years. its been happening for a while and isn't really malicious (although it can preceed a malicious act). forget about it.
It's just internet traffic. Move along.
Some dude (on the same ISP as me) was trying to brute force my unix box all day long until I came home and noticed my DMZ lights were blinking like crazy (I don't run a very busy server ). I just port-scanned him and blocked his ass.
Some dude (on the same ISP as me) was trying to brute force my unix box all day long until I came home and noticed my DMZ lights were blinking like crazy (I don't run a very busy server
). I just port-scanned him and blocked his ass.YeOldeStonecat
[H]F Junkie
- Joined
- Jul 19, 2004
- Messages
- 11,330
kumquat said:
I agree 100%, every single client of mine, businesses, home workers that remote to the office, all kinds...I always put a router in between their computer(s) and the internet. Even if just a stand alone single box. (well, 99.9% of clients...I have a couple of ISA servers running in the raw..only exception)
Wether or not you want the nag of a software firewall...that's up to you, but IMO, a NAT box to make a perimeter is preferred.
Now....did you DMZ your rig or something? (which is bad bad bad BTW...you just lost all the advantages of NAT...which were blocking all 65,000 plus ports) Because I'm wondering how you're picking up ports scans.
If you're addressing me, then yes.Hotwheelz said:
For a home user a software firewall is indeed pointless. There are no other local machines that you need to protect yourself from, and your computer is not accessible from beyond the local network at all. You're basically immune to any hack that doesn't involve taking over the router first.
YeOldeStonecat
[H]F Junkie
- Joined
- Jul 19, 2004
- Messages
- 11,330
Hotwheelz said:
My opinion, it depends on the user.
For me...I'm absolutely fine with running just NAT on my routers. I sometimes run ISA at home but not so much for worries about security, but because some new version came out, or a new service pack I'm dorking with, or just because I'm bored with the current fleet of routers I have and didn't get a new one recently.
On my laptops, I run Ghostwall, because I'm often out on strange networks with them for my job. Honestly the xp2 firewall is fine, but I decided to check out Ghostwall a few months ago...had been hearing how "light and fast" it is. And indeed it is light, so I've left it on my laptops.
So in my case, I'm a careful surfer, I don't run any P2P warez programs, I only surf a couple of limited sites which I trust, I use Opera, I run NOD32 for antivirus, I'm not worried. I consider my rigs squeeky clean.
My only concern is keeping the outside from coming into my computer. Hence NAT from a router is all I want/need. I don't like the performance hit of a true 2x way firewall, and I absolutely hate the nagginess of them as they ask for permission from everything I'm launching.
For some users, who surf flakey sites where they pickup bad junk, or run lots of cracked software, etc...they're at risk of having infected computers. And in those cases, it'd be a good idea to run true 2x-way firewalls....which inspects both incoming, and outgoing.
Man, in some "security" forums I peruse now and the, it amazes me how some people seem to be sooo.....super worried about stuff. They'll run 3x antivirus programs, 1/2 a dozen anti trojan programs, layer the firewalls....it's like, man, A) How does your computer still run at a respectable speed, and B) I'd rather be spending my time doing "stuff" on my computer like forums, surfing, and playing Battlefield. Some of these guys, I get the impression they spend 21 hours a day scanning their PCs.
Malk-a-mite
[H]ard|Gawd
- Joined
- Feb 16, 2002
- Messages
- 2,023
kumquat said:
Can you address viruses and trojans? Would not a software firewall (not counting XP's built in one) prevent software from attempting to make outbound connections from your PC.
A firewall is not the proper way to deal with viruses and trojans. Don't drive screws with a hammer. Not to mention a virus can easily modify firewall software in order to cloak itself and allow outbound connections for itself.Malk-a-mite said:
Absolutely.Malk-a-mite said:
jpmkm is right on the money with his assessment. A software firewall is not a tool to protect you from malware. Virus and spyware scanners, however, are.
A twice a week scheduled virus and software scan, along with safe browsing practices, is the proper way to deal with viruses, trojans, and spyware.
Malk-a-mite
[H]ard|Gawd
- Joined
- Feb 16, 2002
- Messages
- 2,023
What about the concept of layered defense? Twice a week scans are great - assuming you have the updated definations and that those definations cover all the lastest and greatest.
While I can understand many members of the [H] boards saying they don't need or don't run multiple firewalls, or different types of anti-virus, what I don't get is the insistance on giving everyone the advice of "practice safe broswing." It wasn't that long ago that a bunch of sites got hijicked for hosting viruses. So that even going to "safe" web sites could get you infected.
While I can understand many members of the [H] boards saying they don't need or don't run multiple firewalls, or different types of anti-virus, what I don't get is the insistance on giving everyone the advice of "practice safe broswing." It wasn't that long ago that a bunch of sites got hijicked for hosting viruses. So that even going to "safe" web sites could get you infected.
SJConsultant
2[H]4U
- Joined
- Jan 14, 2004
- Messages
- 3,599
Malk-a-mite said:
Don't forget the fact of we have had virus in the past that infect other PCs via network connections. Anyone remember Sasser,Blaster, and SQL Slammer? Not to mention many virus/spyware intitiate outbound connections to god knows where.
Fact is preaching safe browsing practices will only get you so far, in fact if anyone has been keeping up on the latest "WMF" fiasco, your *NOT* safe even if you use an alternative browser since the exploit executes when viewing images using Windows Explorer and not IE.
How many people out there who use Windows, absolutely do not use Windows Explorer or programs that use the Explorer shell?
The whole idea of *not* having localized and layered protection on workstations reminds me of the obsolete "crunchy shell around a soft, chewy center" concept of computer security.
Malk-a-mite
[H]ard|Gawd
- Joined
- Feb 16, 2002
- Messages
- 2,023
kumquat said:Correct.
That's why you run the scans
So you are ok with twice a week scans?
Or to put it another way, you are ok with a system being hikacked for 3 to 4 days at a time before you are aware of it. You are ok with a system chatting with a IRC bot channel during this time. That would be best case, this assumes that whatever the problem is your anti-virus vendor has a sig for the problem within that 3-4 day window.
Maybe I'm the oddball, but I'd rather run a simple firewall to prevent connections that aren't specifically allowed out. Software firewalls have their faults, and in some cases have been found to be bypassed easily, this I won't disagree on, but since many home users aren't running a highly configurable firewall (be it a *nix box or a PIX or what have you) that can be setup to secure their network a software firewall is a good comprimise. To dismiss out of hand an entire avenue of defense instead of understanding it's limitations and adjusting accordingly seems to be less than wise.
I am willing to concede that I won't change your mind, and that you won't change mine. So best of luck to the both of us.
I just thing software firewalls(running on the system that you are trying to protect) offer a false sense of security. Also, ignorant users will get into the habit of allowing everything(the few things they normally use don't work all of a sudden, so they get into the habbit of allowing stuff so that their programs work), essentially negating the protection of the firewall. Either that or they become so paranoid(by simple pings and such) that they don't let anything through, and then complain when stuff doesn't work right.
I'm not saying firewalls are pointless or whatever; just that they are a piece in the grand puzzle, not an overall solution for everything. I, for one, run iptables on my internet gateway, but I don't have any sort of firewall on any of my other machines. I just don't see the point.
Basically all I'm saying is that a firewall is just a piece of the puzzle, and you must understand its limitations and weaknesses. I wouldn't trust it to protect against viruses or worms even though it can be used in that situation. You'll have much better protection against viruses by being aware of what you are running and by running antivirus software(if necessary).
ps. for the record, I never do virus scans or anything of the sort. And no, I'm not totally infested with viruses. And yes, I know I'm not.
I'm not saying firewalls are pointless or whatever; just that they are a piece in the grand puzzle, not an overall solution for everything. I, for one, run iptables on my internet gateway, but I don't have any sort of firewall on any of my other machines. I just don't see the point.
Basically all I'm saying is that a firewall is just a piece of the puzzle, and you must understand its limitations and weaknesses. I wouldn't trust it to protect against viruses or worms even though it can be used in that situation. You'll have much better protection against viruses by being aware of what you are running and by running antivirus software(if necessary).
ps. for the record, I never do virus scans or anything of the sort.
And no, I'm not totally infested with viruses. And yes, I know I'm not. I was origonally going to post that I haven't heard someone get all paranoid about being "scanned" by some random IP since my father installed a firewall on his machine.
Now I see the topic has mutated. I think firewalls are definatelly one piece of the computer security pie. When it comes right down to it though the first thing you learn about security is that you're never secure. No matter how many security tools you implement you are still using the internet. With using the internet or even just being connected and not using it you are putting yourself at risk. Now I'm not telling you to unplug your computer from the net. I'm just saying thats the only complete security. All you can really do is just toughen your computer to the point where most people wont bother unless you have something extra spiffy(which is highly unlikely). It's mainly about the choice of a user. There really isn't any right or wrong security setup. Just one that the user is conetent with.
Just my $0.02.
(gosh I can be long winded at times )
Now I see the topic has mutated. I think firewalls are definatelly one piece of the computer security pie. When it comes right down to it though the first thing you learn about security is that you're never secure. No matter how many security tools you implement you are still using the internet. With using the internet or even just being connected and not using it you are putting yourself at risk. Now I'm not telling you to unplug your computer from the net. I'm just saying thats the only complete security. All you can really do is just toughen your computer to the point where most people wont bother unless you have something extra spiffy(which is highly unlikely). It's mainly about the choice of a user. There really isn't any right or wrong security setup. Just one that the user is conetent with.
Just my $0.02.
(gosh I can be long winded at times
)I run software and hardware firewalls. Didn't used to use software until I encountered a site that used java to completely bypass my firewall. It was really messed up. What's worse, is that my firewall didn't even flinch. If the person had been malicious (it was an informational site, I'll have to look up the address later), they would have been able to drop whatever they wanted on my rig. It's too bad that when you're defending against an attack that you have to win every battle.