Relentless inbounds, need advice/help

Discussion in 'other firewalls' started by Longboard, Jan 11, 2005.

Thread Status:
Not open for further replies.
  1. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Sorry for this bother.
    May be about to demonstrate total lack of understanding of computer!

    Am running NIS and NPF. HAve been good up to now.

    Currently I am getting relentless Program Control pop-ups warning about inbound UDP ("Medium Risk") from 218.83.153.59:xxxxx.
    Am clicking "block always" option only to have literally evry minute a new pop-up box from the same address with different xxxxx.

    I have done IpLookup and ? this is a site In China.
    What is this and how to stop these relentless nuisances?

    XPSP2 up to date
    Browser is FF
    Have scanned with AVG, NAV, AdAware, Spysweeper, A2, Ewido: nothing.
    Have cleaned all trash files and rebooted.

    Any suggestions.
    Thanks.
     
  2. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    This is almost certainly Windows Messenger spam (selling fake diplomas and other garbage) and blocking it is therefore a good idea - you should be able to create a rule to do this for you in NPF rather than having to respond to prompts all the time though, or tell NPF to block all unsolicited incoming traffic (it should be doing this by default so maybe a change you made is the cause of the problem). Someone more familiar with NPF should be able to give specific advice here.

    Given it is a China-based ISP, complaining to them is unlikely to achieve much. You could do a tracert on the address to find out which network provider is upstream from them and email them asking them to block this ISP (this probably won't achieve much on its own but if they receive enough emails something may get done).
     
  3. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    If it is Windows Messenger spam, you can try this program http://www.grc.com/files/shootthemessenger.exe
    It will stop Windows Messenger from running, and its service should be terminated. I've got a feeling that there's something nasty originating from the computer networks in China as I've blocked some unsolicited time-exceeded ICMP packets from a telecom based in Guangzhou province in China. And it always comes from China most of the time. The IP address from China always starts with 202. something, etc, etc....
     
  4. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    While terminating Windows Messenger is a good idea (and can be done via Control Panel/Administrative Tools/Services without any extra software), it will not do anything to prevent others from sending Messenger traffic...
     
  5. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Yes, terminating the service won't stop the spam getting in but...

    If there's a firewall that blocks the ports which Windows Messenger uses, the Messenger spam won't get in. The Windows Messenger spam is unsolicited broadcast traffic. Firewalls should be able to block it.
     
  6. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    I believe that his firewall IS blocking it at the moment... he's just tired of seeing all the Norton popups about the incoming packets. He needs to configure Norton to stop alerting him and just block it silently.
     
  7. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Yes, I think he forgot to set it to block it silently.
     
  8. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Thanks guys.
    Good info as always P2000.
    Kerodo: got it in one!
    Thanks for the input Nadirah
    I have rejigged the settings I had for the alerts, they were set to warn: to give me at least the illusion I was actively involved in my protection.
    I have disabled them and no further pop-up messages.
    Hope to the higher power that NPF is doing its job :eek:
    I am finding the Norton tools seem to have really slowed down my comp.
    I may have to try some other tools.

    I already have the messenger services disabled with the AdAware add-ons, and, have checked with Gibson's STM.

    With NPF/NIS and FF, have passed all GRC tests and interestingly almost all of the firewall leak tests, Jason Levines tests are all good.

    The only problems stem from Java.
    When (rarely; bloody Banks) using IE; have all settings on high.
    E-mail text only of course.
    Remember, I am still only humble home user and still learning from you guys.
    Thanks again
    Stephen
     
  9. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    I completly agree with you, using the hacker ID feature in ZAP ive seen alot of this traffic originating from asia, also the majority of portscans i pick up seem to be from singapore.
     
  10. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    I live right here in Singapore and I've blocked a lot of port scans from zombie computers here. I think Singapore has an extremely high trojan infection rate. Lucky my computer is well defended.
     
  11. JayTee

    JayTee Registered Member

    Joined:
    Nov 2, 2004
    Posts:
    166
    Funny, I live in Singapore too and I have not seen many port scans on my computers. Usually, its from the ISP. In fact, I have been wondering whether it was worth ponying up money for anti-trojan or antivirus stuff since the infection rate seems to be nil or very low for the past two years. Only the Zafi worm got through one time. Are you guys running servers or what?
     
  12. Ga1tar

    Ga1tar Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    118
    Location:
    U.K
    Do not run one myself but can tell you without protection my machine would have died xmas day, as within 2 hrs I received over 500 virus laden mail from a mailing list I subscribed to. Better always to be safe than sorry I believe
     
Loading...
Thread Status:
Not open for further replies.