WTH? Installed BlackICE and it tells me I've been scanned 2500 times in 36 hours.

[Eug]

I tried ZoneAlarm a while back and it was so damn annoying that I removed it after one day.

I just installed BlackICE for testing, and it tells me that I was scanned 7-8 times while I slept. 2 were "!" and the rest were "?". (For the latter BlackICE tells me I shouldn't worry.)

Is that usual to have that many in such a short period of time?

If it makes a difference, I'm in downtown Toronto on Sympatico DSL (PPPoE), with the computer on 24/7. The IP is not fixed though.

P.S. The computer is also cracking OGR and accessing a keyproxy, so that's the only use of the system when I'm not sitting at it.

 

[nateholtrop]

no dont worry about it i also have a network with black ice and zone alarm and I get scanned a bit but not 7 times. dont fret but if it keeps happening ask your isp. Oh do you have an instant messenger? that does it too I have friends that set black ice into coniption fits because they are sending me msg's.

 

[BCYL]

I wouldn't worry about it... BlackICE tends to give out a lot of false alarms.... most of those are harmless... Heck BlackICE even gives me warnings when my friend sends me a msg thru ICQ, telling me he is trying to scan my PC...

 

[Eug]

Actually the 7 times was probably more like 30... it was 7 unique IP addresses, multiple times each. (I guess it depends on how you count them.)

I left my computer untouched since yesterday except for half an hour in the morning when I posted this topic. What worries me is that I have no ICQ and the computer was completely unused except for it cracking OGR. For OGR, my computer would access the net about 3-4 times. Over the last 24 hour I have been attacked about a thousand times, with over 900 coming from one IP.

Here's my screengrab of BlackICE.

Besides the bunch from Proton, most of the remainder seem to be coming from my ISP (DSL with PPPoE). Can those be ignored?

In the meantime I have set the firewall to the "Nervous" security setting.

 

[BCYL]

OK if it's that many times then you have something to worry about... BlackICE should have recorded that guy's IP or something, run a search at SpamCop and see what comes up... You can also report his activities there....

Also if you want you can install ZoneAlarm again... ZA tends to give less false alarms... so u can see if that's a real threat or just something falsely reported by BlackICE...

But if there are over 900 reports within 24 hrs, I highly doubt it's a false alarm

 

[Z_Amon]

A lot of those "probes" look like people's computers looking for other computers for sharing. I would suspect that your ISP isn't filtering their network very well and that your network neighborhood is huge. (this is in reference to the NetBIOS connections with various computer names)

Some of them, however, might be more dangerous. If you've had 900...I'll agree with the others, that means that somebody is probably probing you pretty hard, which is typical on that sort of network. If it continues, and there are just a couple of IP's it's from, definitely complain.

Z

 

[Eug]

Well, PROTON is back. He has scanned me roughly 2400 times total now. I have since blocked his IP, and have changed my IP address. (I'm on Sympatico DSL which uses dynamic IPs.)

I guess this is another reason NOT to get @Home when I move. Around here my friends who have gotten Rogers@Home have gotten fixed IPs, despite the fact they are told that it uses dynamic ones. I used to think this was a bonus, but now I think it's a liability for casual users like me who do not host anything.

 

[barebottoms]

Geeze .. Just looking at your screenshot is reason NOT to use Cable at all. Netbios doesn't route, yet you see all those Netbios sessions. You must be good friends with 50 million of your network neighbors.

I realize they are bridging, but geeze.. do some filtering at the cable concentrator.

Look at that, PRONTO might be someone's print server. See if you can attach to it and print them dirty messages.

 

[Eug]

barebottoms,

I'm actually on DSL. I was just thinking that maybe it would be even worse on cable.

 

[hymy]

I'm on charter@home I use Zone alarm on one computer. I've found my cable access to be fairly secure. And my Ip is fixed. very few problems. Bout the only thing I ever get are HTTP servers checking connections. I turned zone alarm down a notch, and it won't bother me unless something really bad happens. I think I have had maybe two netbios attempts in the 3 mos since I installed ZA.