Stopping Intrusion Attacks

  Petminder 11:19 16 Sep 2003

Can anyone help please!!
I have a broadband internet connection thru BT. Three weeks ago I started getting a lot of attacks (MS_RPC_DCOM_BufferOverflow) These attacks come several times an hour and are presumably automated. My firewall (Norton 2003) stops them, says they are a high risk as they can attack my OS. A trace shows they are all coming from a computer in Bletchley with @BTOpenworld in their address, I have tried closing the port(epmap(135)) but cant find it in my firewall software. I have reported it every day to BT via their abuse email address, but all that happens is that I get an automated response saying how they value my report, deplore attacks and will investigate within three days. Three times they have asked for the firewall log and time zone which I have sent them, but still they take no action. I would have thought it would be easy enough for them to trace the attcks, and tell the instingator to stop or else! So far (for 21 days) they have taken no action and it is driving me mad as every few minutes the firewall blocks an attack and tells me all about it. Has anyone any ideas to help me stop this.

  -pops- 11:25 16 Sep 2003

The firewall is obviously doing its job. You should now turn off its notification facility and use your computer for something useful rather than give yourself severe paranoia thinking that someone in Bletchley has it in for you.

  -pops- 11:26 16 Sep 2003

If you have the IP address you can find the postal address/physical location with click here

  dth 11:47 16 Sep 2003

You are not alone. I use a dial up account with BT Openworld and last night I had 765 attempts to connect to my p/c blocked by my firewall - over a 90 minute period. Most of the attacks were from bt openworld ip numbers.

As your firewall is working just turn off the notification tab and relax

  Jester2K II 12:01 16 Sep 2003

You have a firewall but I guess you haven't installed the patch from Microsoft that fixes this vulnerability.

click here

Without it MSBlaster virus etc are still going to attempt to get on your PC every 30 seconds or so....

  Petminder 14:07 16 Sep 2003

Thanks for your responses. Yes I am getting paranoid. Can you tell me how to turn off the notification facility in Norton Firewall 2003 without stopping the firewall working? Thanks
I do think that BT shopuld be more responsive and get their act together to sort these problems out - they claim to be a founder member of the Internet Watch Foundation, but they don't seem to be very watchful!! By the way I have just had another request from them for the firewall log - the fourth request for he same info I sent them two weeks ago!!
Thanks for all your help

  Jester2K II 14:29 16 Sep 2003

Have you / did you install the patch?

  Petminder 14:48 16 Sep 2003

Yes I run automated updates and have just checked on the microsoft site that my updates are up to date.

  GANDALF <|:-)> 14:52 16 Sep 2003

You will NOT get hacked on a home computer. Hackers are not interested in the utter drivel that is on mine and everyone elses'. Firewalls??.they are useful in stopping Trojans dialing out but to be honest, if someone wanted to put a dialer on a computer it would not be rocket science. There are at least 5 programmes that can by-pass firewalls, 'TooLeaky' having the Gibsonmeisters' grudgingly awarded seal of entry. The Cult of the Dead Cows' Back Orifice, cheekily named after Microsofts' Back Office, could easily be put on a target computer, if one was really trying and the firewall would still be asleep. However. like my computer, most home computers contain utter drivel which is important to the owner but naff all use to the great unwashed. Bank and credit card details can be culled much easier than rooting through turgid files on a home computer. Hacking is not about breaking into home computers, it is about getting onto networks using passwords.

The 'alerts/attacks' are merely computers on the net asking your computer if it is still connected, these queries are called handshakes. When you are connected to the net you could be going through many servers and routers. This occurs in a millisecond, so you do not notice and all these routers and servers need to know that your computer is receiving, so that they can send images and webpages to your IP which is, in effect, your mailbox or receiving station. When on the Net you can pass through more than 20 servers and routers and they could all be handshaking your computer at short intervals. You will notice many of the 'alerts' come from Telecoms, which should come as no suprise as they own most of the routers etc.

If you were being hacked I can assure you that you would not get an alert.

Turn off all the alert buttons/warnings on your firewall safe in the knowledge that you will not be hacked. If it is any consolation I do not use a firewall on both my computers and I am on BB. I use a firewall on my laptop only because I take it to out of respect for their fears.......


ps Bletchley was the home of the enigma machine and is also home to some rather big routers owned by BT.

  Jester2K II 15:15 16 Sep 2003

If you installed the patch ignore the alerts.

MS_RPC_DCOM_BufferOverflow are the RPC viruses trying to contact your PC. Ignore as you are patched against this.

GANDALF <|:-)> is correct no one is trying to hack your PC - in general.

However the MS_RPC_DCOM_BufferOverflow "attempts" are REAL attempts by the virus on one PC trying to get onto your PC.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Sea of Thieves Review

Dell Canvas review: the cheap Wacom Cintiq alternative

How to use iMovie for Mac, tips and more

Comment filmer l’écran d’un iPhone ?