Norton Personal Firewall - thousands of attempts

C

chopperT

Registered
Hi all!

I've got Norton Internet Security and have noticed that the number of access attempts blocked by the Firewall has gone bananas over the last few weeks.

In the last two days there have been over 3,500 attempts!!!!

Now, the Firewall is obviously stopping these attacks/attempts so I'm not too bothered. But I'm assuming that each attempt slows down my dial-up (yes! I know!!!!) connection a tiny bit?????

They all seem to be "Web Sharing" attacks with a few hundred all coming from the same IP address within a ten minute period.

Anything I can do????

Thanks


Chops
 
Do you have web sharing turned off? Is that same IP continuing to try to get in?
I am wondering if it is a web site you are visiting that is trying to plant a cookie.
 
Your firewall could be registering every communication with your dial-up connection. Not only every time you dailup but everything you download; images from the web, etc.

I think the firewall is made more for cable modems which are more vulnerable because they are usually static, rather than dynamic, IP addresses—easier to find and hack by evil-doers. :) I assume also that you are in OS 9. You won't need the firewall once you move to X because it has one built in.

This is my best guess.
 
You probably don't have anything to worry about with regard to someone hacking into your Macintosh unless you have FTP, ssh, and other "sharing" open in the System Preferences. Once a long time ago, there was a program for hte Dock that showed a little Dock Icon that showed your internet connection, packets coming IN, and packets going OUT. Once I saw IN pegged at 100%, and OUT pegged at 100%, I knew something was wrong. I checked my system.log (I think it's in /var/log/ or open the console) and saw FTP access attempt that were denied. Then I opened my ftp.log and looked that over. I used one of Apple's utility programs to get info on the offending script kiddie. He was on a Windows machine over in France on a broadband connection. I could have done something to his computer, but decided not to since it would be unethical. The only thing he could do was knock on my door, he couldn't get in, and I don't know how he found me, but he came knocking again a month later, also, someone in Belgium tried doing the same thing, perhaps his comrade, then the access attempts stopped. The funny thing was is that I was on a dialup connection, an IP address that consistently changed, but the same bafoon found me a month later. Like I said, I don't think you have anything to worry about. I also think you don't need Norton Personal Firewall, Apple includes everything in the System Preferences in Jaguar and Panther for controlling the built-in firewall.
 
It probably wouldn't make too much difference on the speed of your dial up because connection attempts don't usually take a lot of bandwidth. They are refused by your machine right away so there isn't a lot of data being transfered.

Funny story:
A while ago I was going through my firewall logs and I saw a lot of attempts to connect to port 137 which is windows file sharing. The connection was refused on my end, but the guy that was trying to connect to me had his system wide open! It was quite hilarious. He was in Mexico and the connection to him was quite slow. Like chemistry_geek, I could have deleted all his files but I'm a nice guy, even though he wasn't.
 
Heh... you should have deleted like one critical DLL or something, and left him scratching his head for the next two weeks. :D
 
Cheryl said:
Do you have web sharing turned off? Is that same IP continuing to try to get in?
I am wondering if it is a web site you are visiting that is trying to plant a cookie.
Click to expand...

That's a really smart guess ;) It could also be someone trying to DoS you by flooding you with lots of requests, some 14 year old script kiddie, but since your firewall is blocking it I really wouldn't worry about it too much, just disconnect and change your IP address...

Do you have any dynamic-ip address software (like dyn-dns or no-ip.com) that they could be using to find you when your address changes ?

And yes, every time someone tries to connect to you, you incur internet traffic and slow yourself down a little bit.
 
I have a question. Does the Apple firewall have a log? If so, where is it hiding?
 
just don't think that 'attacks' to your computer stem from somebody active. it could very well be a worm-based attack from the other person's computer. so destroying his PC would certainly hit the wrong person and wouldn't teach him to 'stop hacking' or anything.
 
You must log in or register to reply here.
Back
Top