Hi Everyone. I was working on my main workstation last night (i have two computers: a workstation and a server) and zonealarm popped up a "high" level message (which it has never done and ive been running it for a couple of years) stating that someone was trying to connect to my computer three times with different ip address each time. I use an unroutable address internally 192.168.... My security setup is a linksys router (NAT) and zonealarm pro on each network. I looked at the ip address that was trying to connect to my computer but i have no such ip address on my computer. My server computer is set up as a static ip and i checked the dynamic address that was assigned to my workstation by the router and it wasn't the one. I tried to ping the address that was trying to connect to my computer with no such luck. The only explanation would be that someone broke through my NAT router and spoofed their IP address on my internal network which i would think would be pretty hard to do (not sure though). I guess its very good that zonealarm stopped then but its kind of scary that they even going through my hardware firewall. I guess my question is this: linksys now has a SPI (statefull packet inspection) firewall out now. Would this have made the hackers job hard of spoofing his address? I would like to prevent this on the hardware end if possible eventhough i run zonealarm on each machine. I have some pretty secure stuff on my computers including passwords and sourcecode that i wouldn't want getting out. So would you guys recommend getting a spi firewall?
Just for additional info. The only port i open up through my firewall is port 80 because i have a web server.
Just for general info.....i have Windows 2003 Sever & Windows XP. All my shares have security set up. I have disabled the guest accounts. Could they still have connected to my computer even if hadn't had zonealarm because i think they would have an NT account assocaited with their connection.
Ok before anyone guesses it was something like backorfice, a trojan, a virus, or spyware. I run Mcaffe Viruscan 9 on my workstation and Norton Corporate Antivirus 7.6 on my server. I also run spybot, microsoft antispyware, and adaware on both computer with all latest updates. I scanned both machines last night and i had no problems.
The wierd thing is they tried to connect to my workstation which has a dynamic ip address. You would think they would attack my server if the would attack anything because thats the one with the static ip and thats where port 80 is open to.
thanks,
ncage
Just for additional info. The only port i open up through my firewall is port 80 because i have a web server.
Just for general info.....i have Windows 2003 Sever & Windows XP. All my shares have security set up. I have disabled the guest accounts. Could they still have connected to my computer even if hadn't had zonealarm because i think they would have an NT account assocaited with their connection.
Ok before anyone guesses it was something like backorfice, a trojan, a virus, or spyware. I run Mcaffe Viruscan 9 on my workstation and Norton Corporate Antivirus 7.6 on my server. I also run spybot, microsoft antispyware, and adaware on both computer with all latest updates. I scanned both machines last night and i had no problems.
The wierd thing is they tried to connect to my workstation which has a dynamic ip address. You would think they would attack my server if the would attack anything because thats the one with the static ip and thats where port 80 is open to.
thanks,
ncage
Facebook
Twitter