What do you do when Norton told you that...

[bcmind]

"Norton Internet Security has detected and blocked an intrusion attempt."?

>(

It even gives me the "Intruder" IP 65.101.180.219... how do i know who did this?

EDIT: 5/8/03

Yet another attack
Intrusion: Invalid TCP Flags.
Intruder: 217.159.19.38
Risk Leve: Medium
Source IP address: 217.159.19.38

 

[Scarpozzi]

It was me. Sorry.

 

[Anubis]

post it here!!!

thats always a goo idea

 

[BeauJangles]

Nothing because Norton is terrible and I don't have it installed.

 

[Anubis]

damn that dosent work anyway go herehttp://www.arin.net/ and put in that IP

 

[bcmind]

Originally posted by: TheEvil1
damn that dosent work anyway go herehttp://www.arin.net/ and put in that IP

How to use that site? do i have to register first?

btw, i just got an attack again

from: Remote Address: 216.209.125.12 : 3433

 

[Hammer]

call the police and/or fbi and give them that information.

 

[Heisenberg]

It's probably just script kiddies doing port scans. The IDS on my firewall picks up at least one or two a day.

 

[MercenaryForHire]

I'd get a firewall that doesn't suck at the internet.

* > Norton

- M4H

 

[FoBoT]

here is a port scan report of that IP
its pretty tight, i would ignore it

65.101.180.219 :20 - ftp-data -- open

 

[yoda291]

are you running kazaa?

 

[MercenaryForHire]

65.101.180.219 resolved to tcsndslgw8PoolD219.tcsn.uswest.net

USWest? Game server perhaps? BNet/WON?

- M4H

 

[bcmind]

Originally posted by: yoda291
are you running kazaa?

yes i'm running kazza lite

65.101.180.219 resolved to tcsndslgw8PoolD219.tcsn.uswest.net

USWest? Game server perhaps? BNet/WON?

- M4H

B.net probably?

So after all, it's not a big deal uh?

 

[slycat]

u do nothing

 

[her209]

Stop leeching.

 

[zCypher]

lol, "attacks"

 

[CraigRT]

that happens all the time.... at least 5-6 times a day normally.
don't worry about it.

 

[SSP]

Originally posted by: zCypher
lol, "attacks"

Hehe, I was thinking the same thing. Zonealarm gave me alerts like that, so I turned off the alert messages and it finally stfu.

 

[tarheelmm]

Get a real virus scanning software that really works and get rid of Norton.

 

[Anubis]

From that link gave you

217.159.19.38
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: Singel 258
Address: 1016 AB
City: Amsterdam
StateProv:
PostalCode:
Country: NL
NetRange: 217.0.0.0 - 217.255.255.255
CIDR: 217.0.0.0/8
NetName: 217-RIPE
NetHandle: NET-217-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: AUTH00.NS.UU.NET
NameServer: MUNNARI.OZ.AU
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2000-06-05
Updated: 2003-04-25
OrgTechHandle: RIPE-NCC-ARIN
OrgTechName: RIPE NCC Hostmaster
OrgTechPhone: +31 20 535 4444
OrgTechEmail: nicdb@ripe.net
# ARIN WHOIS database, last updated 2003-05-07 20:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

65.101.180.219
OrgName: U S WEST Internet Services
OrgID: USW
Address: 950 17th Street
Address: Suite 1900
City: Denver
StateProv: CO
PostalCode: 80202
Country: US
NetRange: 65.100.0.0 - 65.103.255.255
CIDR: 65.100.0.0/14
NetName: USW-INTERACT99-2BLK
NetHandle: NET-65-100-0-0-1
Parent: NET-65-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.USWEST.NET
NameServer: NS2.DNVR.USWEST.NET
NameServer: NS3.MN.USWEST.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-01-03
Updated: 2002-08-12
TechHandle: ZU24-ARIN
TechName: U S WEST ISOps
TechPhone: +1-612-664-4689
TechEmail: abuse@uswest.net
OrgAbuseHandle: QIA2-ARIN
OrgAbuseName: Qwest IP Abuse
OrgAbusePhone: +1-703-363-3001
OrgAbuseEmail: abuse@qwest.net
OrgNOCHandle: QIN-ARIN
OrgNOCName: Qwest IP NOC
OrgNOCPhone: +1-703-363-3001
OrgNOCEmail: support@qwestip.net
OrgTechHandle: QIA-ARIN
OrgTechName: Qwest IP Admin
OrgTechPhone: +1-888-795-0420
OrgTechEmail: ipadmin@qwest.com
# ARIN WHOIS database, last updated 2003-05-07 20:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

 

[numark]

Firewall alerts happen all the time. There's no computer that doesn't get port scanned, or have incoming connections after closing a program (a la Kazaa or multiplayer games). Obviously the firewall blocked it, and it only happens once or twice from a certain IP, so no use worrying about every single alert.