Prevent futurer hacking?
Posted 01 May 2007 - 05:46 PM
Yesterday I went to use my computer and saw a ZoneAlarm message that there had been 5 attempts to reach my computer through an IP address that when I entered in the I.P. address look up, would not come up.
Im scared this person is gonna come back. I am not on a network, and I dont share files, so I dont understand why anyone would want access to my computer unless it was for malicious means. Im curious if they are going to try to find away around my firewall, if they already havent. I mean 5 attempts! Seems like they really wanted access. Can anyone give me some advice, or at least help calm me down that people arnt going to remote access my computer to do bad stuff?
Posted 01 May 2007 - 07:44 PM
and there are all sorts of reasons that various programs and services try to access your computer... Some are malware probing for vulnerabilities and some are things like your ISP checking your connection... It doesn't mean you are under attack... 5 attempts is pretty minimal for someone trying to probe your system... It is much more likely to be legit... Also, the fact that your firewall stopped it is a clue that you are using the protection you need... It can be a good idea to use a hardware firewall in addition to your software firewall if you wish, but you are already pretty well protected...
OrgName: Internet Assigned Numbers Authority
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
NetRange: 172.16.0.0 - 172.31.255.255
NetType: IANA Special Use
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information.
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgTechName: Internet Corporation for Assigned Names and Number
# ARIN WHOIS database, last updated 2007-05-01 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Helpful link: SpywareBlaster...
MS MVP 2006 and ASAP Member since 2004
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
Posted 01 May 2007 - 08:12 PM
The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets (local networks):
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
Don't worry about it. It's your own system creating a loopback.
Question - are you using a 2Wire HomePortal? Those used to use that IP range for their LANs.
Posted 01 May 2007 - 08:46 PM
Class A 10.0.0.0-10.255.255.255
Class B 172.16.0.0-172.31.255.255
Class C 192.168.0.0-192.168.255.255
These address and ranges are reserved for private use by users when creating LAN (local area networks) and if a True Hardware Router encounters packets with any of these address on them will discard them and not forward them.
For the real geeky types RFC 1918 (go ahead and google it up) Explains what this mean. But here is a brief snip:
Because private addresses have no global meaning, routing information
about private networks shall not be propagated on inter-enterprise
links, and packets with private source or destination addresses
should not be forwarded across such links. Routers in networks not
using private address space, especially those of Internet service
providers, are expected to be configured to reject (filter out)
routing information about private networks. If such a router receives
such information the rejection shall not be treated as a routing
end of snip
So...What does this mean for you and Zone telling you about it? It has to be an internal thing. A server or server like device is trying to make connection with the rest of the computer.
An example would be like setting up a Apache server on your computer and it wanting to have connection with the rest of computers or ports. Did you install something like a Web camera recently? Think of it as a computer in your computer that got its own address.
Its a high possibility it is your own Router doing it.
When you see these alerts, determine whether it is from a computer on your network, or from the machine or router that performs NAT or DHCP (most commonly, if the IP address ends in 1 then it would be the device performing NAT/DHCP). It is possible its trying to multicast and using the range of the 172.16.x.x.
All in all it is interesting, but nothing spooky. Your Zone alarm may need some configuration if the alerts disturb you. But it does bear investigating where in your computer is this comming from.
Spyware removal tools:
Prevent Spyware:Just how did I get Infected?
Online virus scanners:
Tools-Use Only when instructed:
Posted 02 May 2007 - 06:19 PM