Spyware, Viruses, & Security forum

General discussion

20000+ intrusion attempts within 24 hours....

My Samsung laptop runs on Windows XP with SP2. Ever since yesterday afternoon, Norton Antivirus started alerting me that it has blocked various intrusions (with details like these):

------------
Rule "Default Block FTP99CMP Trojan horse" blocked (122.100.80.212,1492).
Inbound TCP connection.
Remote address,service is (122.100.80.212,3059).
------------
Attempted Intrusion "NMap Null Scan" against your machine was detected and blocked.
Intruder: 61.55.0.24(9311).
Risk Level: Medium.
Protocol: TCP.
Attacked IP: YOUR-37DJAFIZF1
Attacked Port: 4932.
-------------
Rule "Default Block WinCrash Trojan horse" blocked (218.15.24.210,4092).
Inbound TCP connection.
Remote address,service is (218.15.24.210,42375).
------------
Rule "Default Block DeepThroat Trojan horse" blocked (59.112.19.112,2140).
Inbound TCP connection.
Remote address,service is (59.112.19.112,3974).
------------
Rule "Default Block Phinneas ******* Trojan horse" blocked (125.78.126.116,2801).
Inbound TCP connection.
Remote address,service is (125.78.126.116,47021).


Norton Internet Worm Protection just kept alerting me (a few alerts every minute or so) that it's blocking all sorts of similar intrusions and I really have zero clue what is going on (I have limited knowledge in computers). I then installed the trial version of ZoneAlarm and within a day it has blocked a total of 20927 intrusions (Inbound Protection: the firewall has blocked 20927 intrusion attempts; 6 of those have been high-rated). The number is increasing as I write this. When I go to view the logs, I find that the source IPs are all different... such as "ZoneAlarm Anti-virus blocked traffic to port 1358 on your machine from port 34711 on a remote computer whose IP address is 122.22.19.180."


I haven't downloaded any "special files" recently and I'm not sure what is causing this to happen. Can someone please give me an idea of what is going on actions I can take to combat the situation?? It seems that my computer is in great danger and I feel that it can crash any moment. Any replies will be greatly, greatly appreciated. Thank you in advance.

Discussion is locked
You are posting a reply to: 20000+ intrusion attempts within 24 hours....
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: 20000+ intrusion attempts within 24 hours....
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
The good thing is that Norton & ZA are working

In reply to: 20000+ intrusion attempts within 24 hours....

Their doing their job. Their blocking stuff. The bad thing is you should only have one 'active' antivirus program. So keep one or the other. Have you scanned your computer lately? Try one or all of the following online free scans, and get rid of whatever they find: A-Squared On Line Trojan Scan -- http://www.windowsecurity.com/trojanscan/
BitDefender On Line Scan -- http://www.bitdefender.com/scan8/ie.html
F-Secure On Line Scan -- http://support.f-secure.com/enu/home/ols.shtml
House Call Anti-Virus http://housecall.trendmicro.com/housecall/start_corp.asp
Kaspersky http://usa.kaspersky.com/services/free-virus-scanner.php
Post back if this doesn't help.
Good luck,
Eddie

Collapse -
38000+ intrusions!!

In reply to: The good thing is that Norton & ZA are working

Thanks for the resouces. I've tried the online scans that you provided with but my laptop is still bombarded with access attempts unfortunately - the number has increased to more than 38000 now. What is causing these random intrusions and is there a way for me to stop them? Any input would be greatly appreciated. Thanks in advance!

Collapse -
default

In reply to: 20000+ intrusion attempts within 24 hours....

Click HERE and scroll down to trojan horse rules and expand and you will see what you pasted.

Try this LINK,I don't have norton so this is the best i can do for you.

Tom

Collapse -
changing my IP!?

In reply to: 20000+ intrusion attempts within 24 hours....

so far ZoneAlarm has blocked 43000+ attempted intrusions for my laptop (within 3 days) but this isn't curing the problem from the source (whatever the source is). I'm wondering if changing my IP address will solve this problem? I'm using cable modem, should I try to ask the internet provider to change my IP once and see if this will help at all? or is the problem related to something else which should be solved from a different perspective?

Collapse -
It's Tough To Cure The Problem 'At The Source'...

In reply to: changing my IP!?

Have you tried turning off your cable modem for about ten minutes, then restart it again so it reinitiallizes.. Sometimes, that will automatically give the modem a new IP address. But because scanners of this type are frequently not sent to a specific address, it may not fix the issue.

In addition, if you're using a router, make sure the firewall or NAT is enabled. If you aren't using a router, you might consider getting one.. It's one more level of protection.

Notifying your ISP of the IP address "might" help but because there are ways to spoof IP addresses, that may not solve the issue either. Most importantly, if the scans aren't causing any major slow down for you, it may be time to simply ignore the messages and move on.

Hope this helps.

Grif

Collapse -
Same Problem

In reply to: It's Tough To Cure The Problem 'At The Source'...

I'm having the EXACT same issue all of a sudden. ZoneAlarm is blocking intrusions as i type this, it's up to roughly 715,000, increasing at the rate of about 1.5 attempts per second. The IP addresses seem to all be different. I'd ignore it BUT it tends to boot me from some online games and effect my download speed. I do on occasion run uTorrent, I'm not sure if this problem is a buggy residual of the program when it's off attributed to a faulty tracker.. I don't know. I was considering manually changing my IP address to see if that solves the issue, but I decided to look the problem up first to see if I can prevent it in the future. I run AVG antivirus and zonealarm pro. XP. Any ideas?

Collapse -
Tried Getting A Router?

In reply to: Same Problem

Even a router with NAT should fix the issue and they're not very expensive.

Hope this helps.

Grif

Collapse -
Change IP

In reply to: Tried Getting A Router?

I already have a router and NAT was turned on durin the problem. To fix the problem I simply changed the last 2 digits of my IP address in windows TCP/IP properties which took less than 30 seconds and fixed the problem immediately. Unfortunately I have to do this everytime I shut uTorrent down.

Collapse -
Then You've Got A Decision To Make...

In reply to: Change IP

It appears as though you already know the answer.. Remember, Torrent is a file sharing setup and that's exactly what all those other users are trying to do.. Access your computer to share files.. It's as designed.

Grif

Collapse -
Torrent Philosophy

In reply to: Then You've Got A Decision To Make...

I understand the design of bittorrent files. However I don't have the luxury of leaving my torrent client running 24/7. For some reason certain games I play drop connection when utorrent is running even if I restrict the U/D limits in the client. I Imagine it's a shortcoming of my belkin wireless pre-n. I also know about ratios.. and i'm a 1.5er.. so no lecture is needed here. My objective was to find a way to COMPLETELY shut down my torrent client when I need a stable connection. By completely, I mean stop pinging my router 900 times/min. As I stated above, I change my IP address and all is well.

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.