Attack before connecting to internet?

[mystvearn]

My firewall registered an attack from an IP before I connect to the internet & I have not even begun connecting. What does this mean?
Using sygate personal firewall.

[Blue_Gundam2002]

Are you on a lan? It might just be picking up lan trafic.

[glc]

What you see as an attack is very often legitimate traffic, you have to analyze what it's telling you, not just assume someone is hammering you.

I have alerts turned off in ZA, and hardly ever look at the log - I just let the firewall do its job. If an app wants access and it's not already preapproved by me, it will still ask.

[mystvearn]

No. I ahve broadband-DSL. Before I went offline, I see the same P attacking. & just as I wanted to enter the internet after restart, the same IP attacking me agan.

[Blue_Gundam2002]

Quote:

Originally posted by mystvearn No. I ahve broadband-DSL. Before I went offline, I see the same P attacking. & just as I wanted to enter the internet after restart, the same IP attacking me agan.

Whats the IP thats attacking you?

[TeenPcknowit]

Lol yeh, let us have some fun with this IP...

[Blue_Gundam2002]

Quote:

Originally posted by TeenPcknowit Lol yeh, let us have some fun with this IP...

No, I'm being serious. We can find out if it's known to be used in attacks or if its just his modem or router sending feedback to his computer. I had zone alarm a while back and it would say my modem was trying to attack me when it was just checking for activity.

[glc]

Teen - we don't behave like that around here.

- Moderator -

[mystvearn]

The IP is 219.93.197.62. I think nearly 100 attacks from it.
my DSL using dynamic IP.
Sygate says its security type is port scan.
Severity:minor
Direction: incoming

Maybe its my IP?

[glc]

Well, I just looked up your IP when you made this post - and it's close enough to make me conclude it's coming from your ISP. They are probably just scanning their customers' ports for unauthorized servers and security issues that would affect their whole network. Either that, or it's another customer running a port scanner.

[mystvearn]

Thanks. How did you find that out? I have lots of attacks, coming from 219.93.19(6/7).xxx alot. Maybe its normal. Thanks.

[MulderMan]

i looked it up and appears to be coming from malaysia so i presume its your isp. i use this to look up ips http://ip-to-country.webhosting.info/node/view/36

[TeenPcknowit]

Very sorry, it was intended as a joke.

[mystvearn]

Thanks,

[glc]

As a moderator, I can look up the IP address of every post. Your IP is 219.93.196.xxx, your ISP is very likely using the 219.93.196.xxx and 219.93.197.xxx subnets.

[mystvearn]

I see. All forum mods have this ability? Even from different forums?
My attack, majority comes from both of that IP.

[glc]

Any PC Mech moderator can use the "IP: Logged" link in each post.

Port scanner "Attacks" from that IP range are one of 2 things - your ISP scanning your ports for security or functional reasons, or some other customer playing games with a port scanner. Just let the firewall do its job.

[MulderMan]

well my dad made me read the t+c of my isp when he got a email wrongly accusing me of sending virsues, and legaly i cant scan ports through my account. is this the same for all isps?

You must not use the Services to carry out Port scanning/probing (which is an attempt to identify an open gateway into another Internet user's machine). Where it has been identified that an account has been used for this activity ntl may withdraw the Services without notice.

[mystvearn]

I see. Thanks