Intrusions

Discussion in 'privacy problems' started by Kas, Mar 18, 2009.

Thread Status:
Not open for further replies.
  1. Kas

    Kas Registered Member

    Joined:
    Sep 29, 2008
    Posts:
    147
    Location:
    Bedfordshire - Rip-Off Britain
    I am going to raise a matter that we all have, but lil ole me does`nt know what it all means. A kinda class dumb-bell - ding ding.

    My firewall, COMODO IS swats hundreds of intrusions every session - they arrive as if by magic like flies round a cow`s butt.

    I get a lovely log with all the meaningless data on it - you know - Source IP, Source port etc. all of which is absolutely useless to me. It may as well be in Chinese. So, I think - well Comodo knows what they are and swats them, why should I care ? Please can some class prefect answer the following dumb questions ?

    What are these intrusions ?
    Where do they come from ?
    Are they harmless or poisonous blood sucking monsters ?
    What do they want ? Just to say Hello or rifle my wallet ?
    How do they know my address ? I never told them.
    What would happen without a firewall ?
    Would they just buzz around and fly away ?
    Can I tell them the guy next door has all his bank data on his PC, so go there, my purse is empty ?
    Why me ? I`m kind to animals and don`t give those two finger signs to drivers.
    The log gets bigger. Will it go BANG when full ?

    I know all you boffins will tell me the obvious on this matter, but look on the bright side - you`ve made some old dumb-bell ring with gratitude.
    KAS
    :argh:
     
  2. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Just wsat your weakest link in your home network. One computer with internet wonderlust in search of HTTProstitution can affect all the other Saints in the network.
    Now the well protected Saint sees access attempts as if from the world wide web, when in reallity it is some spam spuer on one of the infected hosts within the network.

    P.S.

    Excessive tongue in cheek can lead to sores. :)
     
  3. CaixFang

    CaixFang Registered Member

    Joined:
    Mar 24, 2009
    Posts:
    72
    If you are using cable internet service, this is going to be very common, as cable internet is actually a "peer" style network on each circuit. Meaning, everyone in your area using that ISP's cable inet is basically on a shared network connection to the internet. (This also accounts for why cable speeds can vary so greatly, because you are sharing the bandwidth with everyone in your circuit area.)

    Since its a peer style network, people will sit with an app like nmap and scan all the addresses in your subnet, looking for live machines, and then attempting to exploit those machines, some for fun, some for gain.

    This is less likely on dedicated circiuts like dsl/t1/etc, but it still occurs. You can easily lookup the address blocks given out by ISP's and then run scans against those machines.

    Attackers know that home networks are far less fortified than business networks, so they go after addresses assigned via DHCP by ISP's.

    As for the concern, practice good security, and you'll be fine.

    Are you directly connecting your PC to your internet connection, or do you have a router/firewall inbetween?
     
  4. Kas

    Kas Registered Member

    Joined:
    Sep 29, 2008
    Posts:
    147
    Location:
    Bedfordshire - Rip-Off Britain
    =====
    What a great reply, nobody else seems to care much.

    YES I am on Cable Broadband directly connected by Ethernet. No dial-up for me.
    I have Windows XP 2002 Home Edition, SP3, IE7, OE6
    My sentries are ;-
    COMODO IS, AVG 8.0, Spywareblaster, Spyware Terminator, Spybot, Malwarebytes and one or two other things.
    COMODO, ST and AVG are always activated at start. The others are manual, SB just sits there in ambush.

    Your explanation is perfect and understood. My speed does vary, sometimes to dead slow.
    How do I look up "address blocks" to see who is tapping on my door ?
    All I have on my Firewall is ; Protocol TCP or UDP, Source IP and Source Port.
    I would love to scan these bot-flies, but HOW ?

    Thank you a million for your reply.
    KAS
     
  5. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Put yourself behind a hardware firewall and/or NAT router, enable WPA encryption and change the default to a strong password and you will have done the single most important thing to be secure on a cable connection.
     
  6. CaixFang

    CaixFang Registered Member

    Joined:
    Mar 24, 2009
    Posts:
    72

    As Gerald said, the best thing to do is go pickup a $20 router or wifi router, and turn on the firewall and disable external ping and disallow all external traffic. Plug your cable modem direct into the router/wifi router, adn then plug your eithernet into the router/wifi router. That will give you a hardware firewall, and will reduce almost all incoming "attacks" and scans.

    Generally you can findout the address block for your circuit by looking at your external IP address adn your external subnetmask. That will tell you what addresses are locally on your circiut. However, since you have a public IP, people are still going to try and scan your address...I get the majority of attempts not from my area, but from Korea.

    The script kiddies and hacker types go out and find out what address ranges ISPs use for DHCP addresses to customers and then run scans against all those IP ranges looking for an opening to play with. Nothing you can do about that.

    Get you a cheap hardware firewall. If you need any help setting it up, let me know.

    Here is a basic mockup for you: http://img24.imageshack.us/img24/7286/basichomenetworkdrawing.jpg
     
Thread Status:
Not open for further replies.