Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Firewall Attempted Unsolicited COnnection on NTL

  • 01-08-2005 1:03pm
    #1
    Drapper
    Registered Users, Registered Users 2 Posts: 3,812 ✭✭✭


    Guys does this look normal? I have so many attempted unsolicited attacks per day ! should I be worried?


Comments

  • #2
    Stark
    Registered Users, Registered Users 2 Posts: 21,014 ✭✭✭✭Stark


    That's pretty much normal AFAIK. Get worried when your firewall doesn't stop them ;)

    Even the ones that do get through the firewall are generally harmless as long as your system is fully up to date with security patches. They're the results of people trawling the net in search of unpatched PCs.

    Try leaving an unpatched machine with no firewall plugged into a broadband connection for more than 30 minutes. Fun.


  • #3
    azzeretti
    Registered Users, Registered Users 2 Posts: 1,477 ✭✭✭azzeretti


    Stark wrote:
    Even the ones that do get through the firewall are generally harmless as long as your system is fully up to date with security patches.

    Eh... I won't be so sure. nothing should get through a properly congifured firewall unless you or an allowed application opens a port for it. Anything else can and will cause harm. Most decent firewalls will dynamically open certain ports depending on the requesting application and layer because of this certain ports may open and close with different apps.
    If this was my firewall I would investigate it further i.e trace the IP, reverse lookup and try to establish what ports it is trying to access. But in general as long as the firewall is cathcing it and is correctly cogifured I won't worry. Of course if you have any public services on this IP address i.e webhosting, SMTP etc this kind of probing could result in some sort of DOS attack or at the very least be hogging your bandwidth. If it continues from the same originating address you should let your ISP know about it.


  • #4
    thund3rbird_
    Registered Users, Registered Users 2 Posts: 866 ✭✭✭thund3rbird_


    azzeretti wrote:
    If it continues from the same originating address you should let your ISP know about it.

    better still report it to the originating ISP - they are the only ones that can do something about it
    use a site like geektools to check the IP address
    you should get an address to report this to - something along the lines of abuse@.....
    in ntl's case it's a url - www.ntlworld.com/netreport

    tip: if you are posting up any screenshots it might be an idea to blur out your own IP address.
    have you had an increase in alerts since?


  • #5
    Drapper
    Registered Users, Registered Users 2 Posts: 3,812 ✭✭✭Drapper


    thund3rbird_ wrote:
    better still report it to the originating ISP - they are the only ones that can do something about it
    use a site like geektools to check the IP address
    you should get an address to report this to - something along the lines of abuse@.....
    in ntl's case it's a url - www.ntlworld.com/netreport

    tip: if you are posting up any screenshots it might be an idea to blur out your own IP address.
    have you had an increase in alerts since?

    well spotted :-)

    changed "


Advertisement