cancel
Showing results for 
Search instead for 
Did you mean: 

More attacks coming through proxy server *sigh*

N/A

More attacks coming through proxy server *sigh*

I'm at my wits end with the person who keeps trying to access our network.

I reinstalled our firewall software on both computers (just to make sure there was nothing malicious attempting to accept or send connections), I made sure our wifi was using a WEP key and 128bit encryption, I installed and set up a new proxy server program -- and set it up 'Permit ONLY' with my husband's IP range.

But today - my husband told me that he was getting endless pop ups from the firewall saying that my computer was attempting to connect to his and was being blocked. I hadn't set up file sharing yet on the computers, and I wasn't even in when this was occurring, so it did seem quite strange. So I had a look at his firewall logs and guess what? Our intruder is back (64.255.164.70) and trying to get in via port 139. My firewall isn't picking him up at all, so I guess I'm left presuming that he's getting in via our proxy yet again.

The good news is - he's being blocked access to my husband's computer by the firewall. The bad news is - the proxy server still doesn't seem secure. And I'm not keen on anyone messing about with programs on my computer. If I block port 139, I believe we'll be unable to share files across the network - which sort of defeats the purpose of having the computers networked in the first place.

I don't know if I'm safe in believing that the firewall is going to stop him - or in thinking that eventually he'll get 'bored' into stopping. But I don't know what else I can do - other than assigning my husband a username and password in order to access the internet.

Any ideas?

Thanks,

Ilene
5 REPLIES
N/A

More attacks coming through proxy server *sigh*

Hi,

Firstly I need to understand a little more about your setup, and how your machines are networked, what firewalls your running and whether they are software or hardware based or both.

I would imagine the attack is from virus infected machine, thus it's not personal and the attack is probably sourced from the internet itself, and not via for wifi network (since your using WEP & 128 Bit Encryption) . If the attack is via a virus infected machine, you'll just have to accept it as background internet noise since there is little you can do, and "hoping they'll get bored" won't happen.

Aaron
N/A

More attacks coming through proxy server *sigh*

Both computers are running ZoneAlarm (free version), our router is being used as a hub rather than a router as we have a usb modem and offers us zero protection as far as a hardware firewall. So we're strictly connection sharing at the moment.

As far as this possibly being an innocent attack - I'm still dubious - as we were quite intensely attacked a week ago (emails went missing, connection to the internet prevented, proxy server settings changed, email addresses spoofed, files deleted) by two ip addressess we did not recognise. Unfortunately, the password on the proxy server program we were using at the time was then changed and we were unable to make any changes or access any of the logs to retrieve the IP addresses of the persons who had been gaining access. But this IP address seems very familiar to me - and I'll eat my hat if it's not the same as one that was accessing the computer last week.

So you're saying that as long as the firewall on the second computer is blocking it, we're okay? I certainly don't want a repeat of last week's fiasco. lol

Thanks,

Ilene
N/A

More attacks coming through proxy server *sigh*

The firewall on the PC which is connected using the modem will probably get all the hits, I'd be worried if you get any hits on the other firewall.

From what your saying it could be an attack, and it appears to be an IP address outside the Plus Net network.

Firstly I would have a look around MajorGeeks website, for a program called airguard or something like it. Unfortuantly I'm work, so I'm unable to get access to this site. However this program monitors you wifi network, shows you which MAC addresses are connected to your network and allows you to restrict which MAC addresses can connect. This will determine whether someone has managed to get on your network that way.

Zone alarm is good, but I don't like the fact that you cannot add rules specifically to block certain ports. In addition the fact that someone was able to gain access to your network, means they might not be setup correctly, or you have a trojan etc on your one or both your PC's.

Within Zone alarm, how are the sliders set, for internet and trusted networks? on both machines.

Finally you can request Plus Net to change your Ip, but I'm also guessing that if you went down that route then you would also want to change your rDns as well.
N/A

More attacks coming through proxy server *sigh*

Yeah - I was quite surprised to find out that his firewall was taking any hits - it was a mistake that he had installed it after reformatting his computer the other day - but I'm glad he did.) It's coming up on his firewall logs that the hits are coming from my computer -- but with the other ip address attached. My firewall isn't picking up the ip address at all anywhere on the logs.

Both firewalls are set for high internet zone security and medium trusted zone security - with the our network ip range being the only trusted zone addresses specified.

I'm in the process of installing AirSnare and if all else fails I'll see if I can find another antivirus program to give me a second opinion on the health of my files. Currently I'm running AVG 7 and I scan regularly and it hasn't detected any infections. My husband's computer just had a full format the other day and scanned files before reinstalling them, so it appears his system is clean, too.

Thanks again,

Ilene
N/A

More attacks coming through proxy server *sigh*

Can you paste the exact output from the firewall.

After reading your last reply, I am unsure if it is being caused by what you think it is.

Are you running and P2P applications by any chance?