Network Exploit

[Laughingman12]

Apparently this is the second time my Avast anti-virus network shield caught a network exploit
from an unknown ip address. What does this mean? this is the second time.

My second question is that my parents are using my old comps to send credit numbers and crap. But my old comp does not have Spyware protection and not even a firewall. Can keyloggers really get to your computer?

 

[KuJoe]

What is the exploit they are using? Is your firewall a hardware or software firewall (or both)? Sending credit card numbers over a non-secure connection should NEVER be done since even secure connections are not completely safe. Keyloggers are real and easy to install/find/disguise/hide/use.

 

[Laughingman12]

Originally posted by: KuJoe
What is the exploit they are using? Is your firewall a hardware or software firewall (or both)? Sending credit card numbers over a non-secure connection should NEVER be done since even secure connections are not completely safe. Keyloggers are real and easy to install/find/disguise/hide/use.

SO what should I tell my parents? they pay their bills online and if the get their credit card stolen I could never forgive my self.

Should I install Spyboy... Window defender... and have them check my computer daily?

 

[Nothinman]

I'd be more suspicious of Avast if it can't even tell you the IP that the attack supposedly came from.

SO what should I tell my parents? they pay their bills online and if the get their credit card stolen I could never forgive my self.

Tell them not to be stupid, most of the time spyware and crap gets installed by opening suspicious attachments, web sites, etc. If they're unsure about something tell them to ask someone knowlegable before they do anything with it, common sense really. If someone left some food on your doorstep that said "Free lunch from Tom down the road" would you eat it without question?

 

[Laughingman12]

Originally posted by: Nothinman
I'd be more suspicious of Avast if it can't even tell you the IP that the attack supposedly came from.

It told the ip. But I call it unknown because I don't recognize the ip.

 

[JackMDS]

There are two functional approaches to these issues.

One. Spend few hours to read the core information involved these issues and become your own expert.

Two. Install an Good Software Firewall, AntiVirus, Antispyware and hope for the best.

You can start with this.

Basic Protection for Broadband Internet Installation.

Freeware Security suit for Internet Connection Protection.

Internet infestation -Or, how you are getting Internet "Junk" in and compromise your Computer/Network?

Basic Steps in cleaning Internet "Junk".

 

[KuJoe]

Best and easiest bet (IMO) would be a nice hardware firewall (or a router with a built-in firewall feature), it's the first line of defense and easy to setup.

 

[Laughingman12]

Ok So firewall and a good anti-Spyware is what I need. Well I guess thats consider good for an basic protection.

 

[KuJoe]

Is anti-spyware really necessary? I think spyware is being overblown and making the majority of the public (who are completely computer illiterate) see it as a problem. I'm not sure how you came to the conclusion that you have a problem with your network security because I'm pretty sure the chances of you recognizing ANY IP address (be it one of your own, friendly, or malicous) are very slim from what I'm reading. I really like JackMDS's suggestion on taking the time to educate yourself so you will know what to look for and what to actually do if your network/computer is comprimised. The first thing any IT Security person will tell you is that as soon as you find out your computer/network is comprimised to disconnect that computer or network from any internet connection. That means that when the sh*t hits the fan and your screen turns black and somebody is telling you to follow the white rabbit, you won't be able to login to this forum and ask us what to do. Information is the key and when somebody is more informed they have power over you and your way of life.

 

[Laughingman12]

So your saying that anti-spyware is not needed? Kujoe. The reason Why I join Anandtech is to learn more about computers.

 

[jlazzaro]

hes just saying anti-spyware isnt necessarily going to keep someone out of your pc...its all relative. however, i think they all go hand in hand.

say you have spyware out the wazoo, most of the time it will affect IE and how it operates. That in turn affects your ability to reach windows update, then you dont get your patches and now your vulnerable.

 

[KuJoe]

It's not needed if you know what you are doing. For the majority of people it is probably best to have installed and used regularly but the majority of "spyware" is harmless unless you're that concerned with who knows where you go on the internet. Keyloggers and trojans are a completely different animal which good up-to-date anti-virus programs will detect and get rid of. A software firewall is a good start (I used to use Zone Labs but now I just use Window's built-in firewall) but like any software a properly coded virus or a script kiddie with to much free time can disable it without you knowing. Even with all of these in place there are no guarantees but, like you said, it's a good start.

Edit: jlazza is right correct it is all relative, the biggest problem spyware will probably bring you is a slowed down computer (or connection) and SPAM... and nobody likes either so it's best to keep your spyware to a minimum.

 

[Nothinman]

It told the ip. But I call it unknown because I don't recognize the ip.

No one expects you to, but if you look it up and see that it's based in china or something it's a fair bet that it is indeed some bot looking for new hosts to infect, but as long as you're patched it's usually nothing to worry about. For example I see MSSQL exploit attempts all of the time but it's irrelevant because I'm not running MSSSQL on my firewall. Did it also tell you the attempted exploit name and/or ports too?

 

[Laughingman12]

Originally posted by: KuJoe
It's not needed if you know what you are doing. For the majority of people it is probably best to have installed and used regularly but the majority of "spyware" is harmless unless you're that concerned with who knows where you go on the internet. Keyloggers and trojans are a completely different animal which good up-to-date anti-virus programs will detect and get rid of. A software firewall is a good start (I used to use Zone Labs but now I just use Window's built-in firewall) but like any software a properly coded virus or a script kiddie with to much free time can disable it without you knowing. Even with all of these in place there are no guarantees but, like you said, it's a good start.

Wait you use to used Zonelab? I am using Zonelab right now. Should you recommend me to uninstall Zonelab and use window built in firewall instead? I mean I am just doing what best for my system.

 

[Laughingman12]

Originally posted by: Nothinman

It told the ip. But I call it unknown because I don't recognize the ip.

No one expects you to, but if you look it up and see that it's based in china or something it's a fair bet that it is indeed some bot looking for new hosts to infect, but as long as you're patched it's usually nothing to worry about. For example I see MSSQL exploit attempts all of the time but it's irrelevant because I'm not running MSSSQL on my firewall. Did it also tell you the attempted exploit name and/or ports too?

No I am using Avast. Also I check the Ip address and its the same one I am using for my sbcglobal dial access number.

 

[Nothinman]

No I am using Avast. Also I check the Ip address and its the same one I am using for my sbcglobal dial access number.

So the exploit supposedly came from your ISP's PPPoE server?

 

[Laughingman12]

Originally posted by: Nothinman

No I am using Avast. Also I check the Ip address and its the same one I am using for my sbcglobal dial access number.

So the exploit supposedly came from your ISP's PPPoE server?

Supposely. what does that mean?

So if it did came from th PPPoE server. Does that means it something bad?

 

[Nothinman]

If it's true, which is unlikely and that's why I used the word supposedly, that means that your ISP's authentication server got broken into.

 

[Laughingman12]

Nothing man... Also for dial-up access is this a San Francisco number? 573-3411
In the sbc yahoo site. it said that its San Francisco and its a (415) number.

I check but can you confirm?

 

[Nothinman]

Wait a minute, you said it was an IP address not a phone number.

 

[KuJoe]

If you're being attacked by a phone number than just pour water on your computers and ask you parents for a new one.

 

[jlazzaro]

415 is san fran...google is your friend.

 

[KuJoe]

Also, if you're dialing long distance for your dial-up connection then your phone bill is probably more than the cost to upgrade to broadband.

 

[Laughingman12]

Originally posted by: KuJoe
Also, if you're dialing long distance for your dial-up connection then your phone bill is probably more than the cost to upgrade to broadband.

NO, I am living in San franciso and I and using a 415 number for my connection. SO it would be free.

By the way, is dial access a non-safe connection?

 

[KuJoe]

Technically dial-up is the safest connection because you control when it's connected and because of it's horribly slow upload speeds most hackers would probably get bored and move along. The downside is that with such a small amount of bandwidth at your disposal, spyware will really impact your performance and connection speed.