Firewall alerts (pings)

greenspun.com : LUSENET : Beyond the Sidewalks : One Thread

julie made mention that her firewall has been gettin quite a few hits lately - especially since we've gone private:

...My firewall has been taking a lot of probing hits from unidentifiable sources lately here on BTS since the password was installed, ones that occured before only when other highly emotional threads were going on. I think it's rather ominious that they ONLY occur when these negative events occur... -julie f

I've had a few pings on my firewall lately, too, but didn't think much of it until julie mentioned what was happening to her.

I'm putting up this thread so people can post the IP addresses of the hits their firewalls detect. I'm not sure if this will help matters any but thought it might be interesting to see if any of us are getting pinged by the same person(s).

I'll start:

157.130.243.149 pinged on 07/22/2001 at approx. 12:20pm CDT
Maps to:
UUNET Technologies, Inc. (NET-UUNETCUSTB40)
3060 Williams Drive
Fairfax, VA 22031
US

-- Anonymous, July 22, 2001

Answers

I haven't gotten any pings lately, but I will add them here when I do.

-- Anonymous, July 22, 2001

As David has mentioned, we use a MAC. Nothing has ever happened to worry us.

Kim

-- Anonymous, July 22, 2001


Type slow...What does this mean? I've only had my computer a few months and am still pretty green. Is this something I need to know about. I look forward to learning Sherry

-- Anonymous, July 22, 2001

Sherry,

Try this thread: Get a Firewall

If you have any further questions after reading the thread, feel free to contact me and I'll try to help you with them. :-)

-- Anonymous, July 22, 2001


As David has mentioned, we use a MAC. Nothing has ever happened to worry us. -Kim

I've been online almost five years and prior to creating BTS, I'd *never* had any problems, either. But I did have a virus sent to me (twice) a couple months ago by someone asking if they could post on BTS. It may have been nothing but the timing of the event was mighty interesting to me.

I told the person that they'd sent me a virus but they claimed they didn't know about it (which was highly possible) and that they couldn't find it with their virus software (possible I guess, but suspicious to me) - even after I showed them some of the code.

I haven't had any viruses (that I know of) sent me way since then, fortunately...

-- Anonymous, July 22, 2001



I will make note and post anymore when/if they occur again. I may be a little paranoid, but the ones that the Zone Alarm can't identify are the ones that start to proliferate after a dust-up. I'm used to the European RIPE program showing up regularly and all over the place, but these hidden ones occur on LUSENET primarily (exclusively?) and something that makes me a tad paranoid is that it seems to always occur around the same time. I log on at odd times, I don't get pinged, I log on at my usual timeframe and it starts up. After a while, you begin to wonder if they're targetting you. Feels like you're playing 'Battleship'.

-- Anonymous, July 22, 2001

24.94.192.133 pinged on 07/22/2001 at 8:18 pm CDT
Maps to:
ServiceCo LLC - Road Runner (NET-ROAD-RUNNER-3)
13241 Woodland Park Road
Herndon, VA 20171 US

-- Anonymous, July 22, 2001

Whois Database Search


-- Anonymous, July 22, 2001

The pings quite often come from servers that you have visited recently , especially if you use a steath firewall. Part of the reason is that when visited by a steath protected terminal, many servers have difficulty registering an intentional disconnect and will ping in an attempt to ensure non interruption of what they percieve to be a desired connection. Most firewalls have the option to disable the pop up alerts if you choose while still stealthing your IP address.

-- Anonymous, July 22, 2001

Well, I don't really understand that, however, soon as I logged on tonight, I got pinged even before my mail was delivered. Today's pings --

210.114.179 pinged on 07/22/2001 at 16:42:06

209.1.225.172 pinged on 07/23/2002 at 0:14:40 first they said it was an invalid IP number and suggested that it was a Trojan Horse attack, then the second inquiry, they said that it originated from vc7.sce.yahoo.com

Interestingly, I haven't been to any Yahoo sites that I know of for many weeks.

-- Anonymous, July 23, 2001



I have my alerts turned off. The firewall still keeps a log, but it doesn't "holler" at me when it gets one. Looking tonight, I got one from the same Road Runner thing that Jim did, mine was at 7:19 Sunday night, and yes, I was signed on to BTS at the time. Since then, apparently MSN and Microsoft tried to find me, but my firewall wouldn't let them in. Boo hoo.

I don't know what to make of any of these pings. I suspect there are so many trying to get into everyone's computer, we'll never figure out which, if any, are specifically targetting us.

-- Anonymous, July 23, 2001


Ok i am lost.....Awhile back Sharon helpped me put up a firewall because of some stuff over on CS,I cant remember which one but the thing{firewall}would shut down my computer all the time so i took it off.I too receive alot of viruses and have since put on Protector plus 2000,it seems to find alot of viruses.Ok now for the ? which firewall is best? I will try again but may need help! thanks

-- Anonymous, July 23, 2001

Renee, I have ZoneAlarm (an internet freebie for private users). I haven't had any problems with it shutting my computer down, but I can no longer use CallWave (freebie internet answering machine) because I'd have to lower the security to where the firewall wasn't doing it's job anyway.

Their main site is http://www.zonelabs.com/ You can get the free download there. It is named as one of the best on quite a few sites that I have visited.

-- Anonymous, July 23, 2001


Thanks everyone for your help just one question.....how many times does your firewall find something? since i put zone alert on it has picked up 5 or 6 hits,is this normal?

-- Anonymous, July 23, 2001

211.34.97.129 at 5:45 on 7/23/01

-- Anonymous, July 23, 2001


Ok either I am a spy and do not know it or some one thinks I am , I am up to 28 hits in less then 24 hrs,whats the deal?

-- Anonymous, July 24, 2001

Okay, I have to know about this "ping" thing!! Can I get pinged with webtv and how do I know if I do get pinged?? All I know is that I can't get viruses or worms. But I do know that, even though I cannot get a virus, I could inadvertently pass it to someone's computer. And hopefully this hasn't happened!!

-- Anonymous, July 24, 2001

Renee.I was wondering how you made out.I had emailed you a long time ago to ask,but never heard back.So I guess your computer was down.

Mine does fine with Zonealarm.No shutdown.But Zonealarm is a memory hog,so some people might not have enough to spare.

When you are up to 20+ hits one right after each other,from the same 5 sources,then you'll be up to my speed. That is really suspicious,and one of the five was from Fairfax,Va.Will have to look it up, Jim, it was a while back.

I usually get so many hits I just ignore it anymore.Some are like Jay said.But some aren't,either.

Firewall protects your ports(backdoor). It will do you absolutely no good if you invite them in the front door,by opening email. Hidden html code can be in emails. Not just as an attachment,either. Someone could even pass it on unwittingly,I think. I was told not to open email from anyone I didn't know.That included everyone on forums.You really DON'T know them. Which is why I have an defunct email address posted here,now.

If you think you have computer problems and you can't find the virus/worm/trojan,like me,then all you can do is reinstall and practice safer computing.

Get an old computer or a web tv for forums and email,and keep your good computer free of all that stuff.

These are some of the suggestions made to me, by a computer engineer and a computer programer with 20 yrs experience(who won't even have a home pc bc of the inherent problems). Take it or leave it.

Here is some info on the virus you had reported a while back,Renee.It's a tough one to find.We probably all have it and have been passing it all around,unknowingly,for quite some time.Who knows? It's all pretty complicated. http://service1.symantec.com/sarc/sarc.nsf/info/html/virus.prevents.co nnecting.html

http://www.symantec.com/avcenter/venc/data/w95.mtx.html

BTW,if anyone ever received email from me back in the beginning of the year from this now defunct account, that contained an attachment,it was probably a virus.No idea what one.I didn't send attachments,yet I found out recently that old emails from this account had attachments with them,(when I checked one I sent to Jim from there with a picture). I had no idea,still don't know what one it was, and apparently you all's virus program didn't find it either. See? Complicated.

Luddite,misanthropic forum,here I come! So where do I find that obscure site,Jim? You're good at finding odd sites like one's on composting people. Do I have to use an old computer to get there? Can I still watch PBS and past muster,or do I have to give up TV entirely? What abt.electricity? Will I have to disconnect and get a solar powered computer? What is the password? Is there an application process? Must I show up in person? Details,please.

-- Anonymous, July 24, 2001


12.44.114.138 7/24/01 1:09 PM

-- Anonymous, July 24, 2001

Man, I seem to be in the lead here....

I got one that was from a port (5000) known to be used by a frequent Trojan Horse. 209.1.225.172

Then McLeod USA 207.191.216.68

heller.tcimet.net 198.109.166.104

208.49.11.82 (not valid IP)

216.2.99.91 (not valid IP)

post.hop.ot.lt 195.22.186.211

202.101.228.112

203.212.5.24

202.99.171.24 just a couple minutes ago...

-- Anonymous, July 24, 2001


Web tv to my understanding is all isp based. Not actually a pc so the trouble would be with them not you hardware wise. Also with webtv you can't go "invisible" as you can with a pc and firewall. Pings can be most any frequency of occurance , depending on how many servers or terminals are searching for info on connections. Pinging could be compared to telemarketers using speed dialers in some instances. Best defense is a high security firewall and stealth mode.

-- Anonymous, July 24, 2001

O.K.........so I didn't install a firewall back when you all were talking about it but lately have gotten nervous again and installed it. Just the last couple minutes while I was reading this thread I got pinged twice. 200.178.97.130 (typed it into the search and it said from Brazil) Then about a minute later 12.19.68.103 which is the ATT & T Hotel Resv. net.

Last night while reading a thread on CS got pinged by 210.220.237.6 which is assigned to Korea.

-- Anonymous, July 25, 2001


I have gotten about 50 pings today! Wondering if anyone else has been gettin this kinda action?

-- Anonymous, August 01, 2001

Yes, everytime I log on to the forums I get one ping right after another, everytime I have hit this site it is like it is waiting.......what ever IT is. When I try to find out who or what is pinging I get it is a phony address.

-- Anonymous, August 01, 2001

I quit listing all my pings here, I was just getting too many of them to waste people's space listing them, but I've been logging them in a notebook 'just in case'.

I've had some really interesting ones -- one was from China, Guangdong Province Network that did not seem to be there to do me any good (their analysis was that this outfit was trying to use my computer to launch more exploration from). Another was from the Phillipines, same story. Numerous ones they have been unable to identify, no valid IP.

Got one from a known Trojan Horse/hacker.

-- Anonymous, August 02, 2001


I haven't had any pings lately.

-- Anonymous, August 02, 2001

Moderation questions? read the FAQ