Jump to content
xisto Community
Sign in to follow this  
musichere

Zonealarm Alerting Lot Of Hack Attempts Serveral intruders caught - Help me

Recommended Posts

ZoneAlarm is going crazy on me. Since reformatting my C: drive, it's been rampant on the alerts and intrusions. I know have OVER 1000 BLOCKED INTRUSIONS in 4 hours.

 

This is scaring me

 

Posted Image

 

The number has gone up by 300 since making this screenshot.

 

Can someone explain?

Share this post


Link to post
Share on other sites

maybe you've downloaded some stuff since you've formatted your harddrive that had a trojan or something in it, so the intrusions are coming from the inside and are being stopped there, that way they'd be trying alot which would explain the number. Or maybe someones scanning your area with WI-FI?

Share this post


Link to post
Share on other sites

My suggestion is to revover your computer. Yes, all of it. Start from scratch. If you still have the recovery discs. It's like getting a new computer except that the hardware isn't. I do it to my computer monthly, I just get a lot of spam and spyware, and viruses into my computer that even the virus scans and Ad Aware can't clean up. It's the best solution to any problem (with the exception of losing all youir files if you didnt save them onto a disc or another computer!!!)

Share this post


Link to post
Share on other sites

My suggestion is to revover your computer. Yes, all of it. Start from scratch. If you still have the recovery discs. It's like getting a new computer except that the hardware isn't. I do it to my computer monthly, I just get a lot of spam and spyware, and viruses into my computer that even the virus scans and Ad Aware can't clean up. It's the best solution to any problem (with the exception of losing all youir files if you didnt save them onto a disc or another computer!!!)

<{POST_SNAPBACK}>

Uh, that would definatly be my last resort option. Try all other options first! DO NOT REVOVER YOUR COMPUTER WITHOUT BACKING UP YOUR FILES! There are many other options, use this as a last resort.

Share this post


Link to post
Share on other sites

Dude...It's nothing...trust me :) my zone alarm has a 6digit number for blocked access attempts...if your on a network that could trigger it...Also since you reformated you are probably gunna get all the same attempts as last time aswell cuz they need 2 all be reblocked n such.Also since you just reinstalled microsoft will probably tend to check for updates a lot so the number incline will slow down soon enough. Also since you've just reinstalled your computer is much more vulnerable to attackers then before...So a lot more attackers so your computer on the net, n try to attack it...Try changing your windsows firewall to...Finaly...check the log to see exactly what ips are trying to access it.If it's the same ip's over again they are most likely not causing you harm...Espicialy if they are for like windows and stuff...and the ip's 127:0:0:1 or 192:168:1:XXXSo yeah...Just check your log files

Share this post


Link to post
Share on other sites

Hmmm the purpose of a firewall to block communication to and from your computer. In the event a malicious program or someone is trying to gain access to or send information from your computer. Now if the firewall is setup for the first time it will block every communication that is attempted by your computer. So you have to monitor each alert and decide if you want to allow or not to allow that communication to happed or if you want the firewall to remember to do the same action the next time around.This gets very annoying at first because every thing seem to get blocked even network communication. You must also take into account that 99% of the programs on your computer try to communicate when they are started including windows explorer.Don’t panic the sky is not falling in it is a normal procedure. Also remember to set it to check you mails for viruses.No one can gain access to your computer via WI-FI if you don’t have such capability or it is not setup.

Share this post


Link to post
Share on other sites

I suggest you use Prompt to find out if there is another I.P address, then enable your firewall and set it to what you want to allow through. It can be done in the control panel/network and internet connections. Right-click on the connection, then click on properties/advanced... There you can do everything that you need! :) Wish you all the luck in the world!

Share this post


Link to post
Share on other sites

well, as long is it says "blocked", there's no probleme is there? If there are seriously threaths, ZoneAlarm will notifie you... These blovked attempts are probaply you're own programs...

Share this post


Link to post
Share on other sites

First of all, since posting the first of these screenshots, the number has now gone up to 8000,I think possibly the problem is that I haven't installed Service Pack Two (which might be a problem). So that's what I'm doing now.

Share this post


Link to post
Share on other sites

are you on a static or a dynamic IP address. It looks like someone is hammering your IP address. Did you recover your computer from a trojan recently or did you have a lot of malware / spyware? If you did you may have a lot of "static" noice or handshake attempts.If you are on a dynamic IP disconnect the computer tonight, turn it off and remove it from the net. If you have a cable modem or dls, unplug and shut that off also. In the morning you can start it up again, see if you have a differnt IP address than now. Write down the current IP address, If you are on a router or dsl cable modem make sure you write down the IP address that is on the router / modem it may be different than your internal network IP address. (I'm assuming you know all this already)Clear the history files in ZA and with a new IP address see if the intrusions come back, if they do you may still have a trojan that are broadcasting your IP address. I only have 6 intrusion attempts on a static IP address so there is definitely something wrong with yours. I updated ZA about 14 days ago, so it's not that long of an uptime.If you are saving your log files you should be able to look at them and see what the intrusion attempts are and what IP they originated from and what ports they scan. Turn on logging if you have not done that already.Nils

Share this post


Link to post
Share on other sites

Im not familiar with that Firewall, but you need to somehow get details about the so called attacks, destination and source, protocol, port, TOS, as much information as you can get before you can correctly diagnose the problem.so called false posities are quite common.One day, my network securety tools went mad, they thought i was under a smurf attack (local machines pinging the broadcast IP) it turned out that this was just my samba (windows network support for linux) searching for other computers on the network.

Share this post


Link to post
Share on other sites

are you on a static or a dynamic IP address. It looks like someone is hammering your IP address. Did you recover your computer from a trojan recently or did you have a lot of malware / spyware? If you did you may have a lot of "static" noice or handshake attempts.

 

If you are on a dynamic IP disconnect the computer tonight, turn it off and remove it from the net. If you have a cable modem or dls, unplug and shut that off also. In the morning you can start it up again, see if you have a differnt IP address than now. Write down the current IP address, If you are on a router or dsl cable modem make sure you write down the IP address that is on the router / modem it may be different than your internal network IP address. (I'm assuming you know all this already)

 

Clear the history files in ZA and with a new IP address see if the intrusions come back, if they do you may still have a trojan that are broadcasting your IP address. I only have 6 intrusion attempts on a static IP address so there is definitely something wrong with yours. I updated ZA about 14 days ago, so it's not that long of an uptime.

 

If you are saving your log files you should be able to look at them and see what the intrusion attempts are and what IP they originated from and what ports they scan. Turn on logging if you have not done that already.

 

Nils

<{POST_SNAPBACK}>


Thanks for your post.

 

I think I have a dynamic IP, but every time I dial my IP there is a different IP on whatismyip.com (I don't know how else to check the IP)

 

Also the attacks are becomming increasingly frequent and the worst part is I have to sometimes disconnect my zonealarm because when I have it open my home network won't work.

Share this post


Link to post
Share on other sites

run the firewall test, selecting option 1 when asked.then copy and past what it says here for us to read. (but censor parts of any ip addresses for example ***.168.1.2 just incase you are infected, you dont want to advertise yourself to more script kiddies :))

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.