cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
camper
Aspiring Expert
598 Views
Message 1 of 8

Being Targetted or Paranoid?

Hi,

I have posted before ,recently about repeated IDS/Firewall notofciations from my Home Hub 2  - always same sources. Typically UDP scans of 20 ports & ICMP checks. This happens repeatedly,daily from same IP adresses. Even after Hub has been reset. Same Adresses /attacks appear.

 

One is TalkTalk/Tiscali - always same location  -I've reported this, no tangible response yet.

Other is BT , whcih I've reported to BT Internet Security. Nothing as yet.

 

Tell me - am I being paranoid that these same adresses keep cropping up even though my public adresee changes frequently?

Or shoudl I be worried?. If so what can I do?.

Thanks.

0 Ratings
7 REPLIES 7
pottyperson
Distinguished Guru
Distinguished Guru
576 Views
Message 2 of 8

Re: Being Targetted or Paranoid?

As has been said before, it's probably just the firewall doing it's job.

 

Don't know about paranoid, but I'd say you're worrying needlessly. Most people will not know what's going on with the firewall because they don't look, trusting it to work for them in the background. To be honest, not only do I not know what my firewall is up to, I don't even know where to find the logs you're looking at on my HH2.

 

Nor do know what the computersied gizmos in my car are up to, but I don't care as long as the car keeps going.

--
You can click the thumbs up icon below this message if you think it was helpful.
0 Ratings
camper
Aspiring Expert
568 Views
Message 3 of 8

Re: Being Targetted or Paranoid?

Thanks - Understand your sentiments. I'm no pc expert at any stretch of teh imagination , have had a guy around to show me whats what after we had some virus/security/ account compromise stuff happen. Basically said to look in router firewall history & any anti virus software as a means of seeing whats going on!.

 

Showed me around The Hub - log into it , "troubleshoot" and select different opitions - check "security" -  I was amazed having had one of these hubs for years the info' that was on there that Ive never seen before. But, also shows dissapointingly how often we are all subjected to attacks / attempted hacking etc, etc.  Even if teh firewall works. I dont understand most of the messages on there.

 

Now knowing where to look - perhaps see things we dont want to , but worryingly as I said same adresses all the time. Poss', previous "attackers" / "hackers" who compromised the machine looking for it again, who knows . But it does concern you. 

0 Ratings
maglin
Aspiring Expert
555 Views
Message 4 of 8

Re: Being Targetted or Paranoid?

I agree with PP - you're probably worrying needlessly. It's probably just random traffic/sniffings hitting your firewall.

 

I'm no expert, but I would think an out and out targetted attack against you seems very unlikely (unless you have something very financially lucrative on your system, or you work for MI6 or some such).

 

Even if something got past the Hub firewall I suspect you probably have a software firewall (either windows or a third party firewall) that can easily be set to block all incoming (mine always is).

 

(Before I had a router firewall I did once set my software firewall to verbose reporting of blocked incoming traffic - I didn't leave it like that for long - it was forever pinging away).

 

I think security breaches these days more commonly originate through getting you to install something on your machine that then phones home, and invites it's friends round. Your firewall can do nothing about this invited traffic - you are then dedependent on good security practice not to run stuff you don't trust, and a good antivirus etc to stop such stuff being installed from infected media/websites without your knowledge, or to stop anything bad that does get in from running/connecting.

 

If you really are keen to investigate these issues you may be better off asking the questions in more dedicated security forum (eg Wilders, or the forum of whoever provides your antivirus or software firewall).

camper
Aspiring Expert
510 Views
Message 5 of 8

Re: Being Targetted or Paranoid?

Spoke to BT Internet Security today. They explained that this was all very irregular , particualarly as Public IP keeps changing & they keep cropping up!. Suggested somehow a device /pc / software etc may be broadcasting its presence without us knowing or in fact some form of virus (nothing found). At least the routers doings its job. BT have located the IP belonging to a "Company"  - naturally wont divulge details and are to contact them suggesting that they may have a problem at their end  - as it should not be happening. Still waiting to haer from TALKTALK / Tisacli - but as I'm not a customer I'm not holsing my breath!.

Keep you posted.

0 Ratings
maglin
Aspiring Expert
499 Views
Message 6 of 8

Re: Being Targetted or Paranoid?


@camper wrote:

 or in fact some form of virus (nothing found). 


Not surewhat virus scans you've tried. A couple of good on-demand scanners that can be used alongside your existing AV to give a back-up opinion are malwarebytes and superantispyware.

 

You can get free versions of both from filehippo

http://www.filehippo.com/software/antimalware/

 

Does your software firewall allow you to see what processes are connecting outbound from your machine, and to where? That might shed some further light?

0 Ratings
camper
Aspiring Expert
473 Views
Message 7 of 8

Re: Being Targetted or Paranoid?

Thanks Maglin,

 

used MalwareBytes.under advice Superantispyware (on my pc) may have been compromised according to BT. MB showed up nothing then ran McAfee Stinger & Windows malicious software tool. ...then Norton. Nothing! - DOnt trust them though, few months I had McafEee /Windows etc - all had been fully compromised & practically diabled - giving off false info'..eventually found out both desktops riddled with Trojans & virus.

 

Not sure where I would look to see about outgoing connections ..................if I go into Firewall activity it does show waht programmes are trying to access internet..but its historical info.

 

0 Ratings
Keith_Beddoe
Distinguished Sage
Distinguished Sage
471 Views
Message 8 of 8

Re: Being Targetted or Paranoid?

There is a free Microsoft application called TCP View, which will tel you what outgoing connections are established.

 

See http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

 

If you want detailed information, then you can use a free program called Wireshark, but you do need to know what you are looking at, and have some understanding of how TCP/IP and the Internet works.

 

0 Ratings