400 attempts to infiltrate my computer in 1 hour?

My log from my Pc-cillin anti-virus software told me that in the last
hour that I was connected via broadband to the internet, my Windows XP
machine had suffered about 400 illegitimate attempts to access its
ports. I even had 2 trojans install themselves in my computer as I was
registering and setting up the pc-cillin software during that hour, so
it wasn't complete functioning at the beginning.

How can there be so many attempts to illegally access my computer? Is
this normal?

My other computer is a Windows 98 on a phone modem. I practically
never have problems with it, and I have it on the internet maybe 10
hours a day, and doing pretty risky stuff, such as file sharing.

 

I'd say it is unlikely there were 400 separate attempts but rather someone
or some program was just scanning for open ports or exploitable openings
on your computer. That isn't uncommon. You shouldn't connect to the
Internet until you have your firewall enabled, then you won't have to
worry about such things.

 

(Wizard of Ozz) wrote in message My log from my Pc-cillin anti-virus software told me that in the last
hour that I was connected via broadband to the internet, my Windows XP
machine had suffered about 400 illegitimate attempts to access its
ports. I even had 2 trojans install themselves in my computer as I was
registering and setting up the pc-cillin software during that hour, so
it wasn't complete functioning at the beginning.

How can there be so many attempts to illegally access my computer? Is
this normal?

My other computer is a Windows 98 on a phone modem. I practically
never have problems with it, and I have it on the internet maybe 10
hours a day, and doing pretty risky stuff, such as file sharing.

 

Actually not that unusual these days

http://it.slashdot.org/article.pl?sid=04/11/30/1932245&tid=220&tid=172&tid=201
http://www.usatoday.com/money/industries/technology/2004-11-29-honeypot_x.htm
http://it.slashdot.org/article.pl?sid=04/08/17/1347214&tid=172

The problem is that there a re a lot of infected machines out these which
people either don't know are compromised or don't care. It's a major issue
and everyone has an opinion who's to blame (I'm keeping my opinion to
myself). If you can, get all your patches from a safe system and burn them
to CD before attempting a clean install. then install and patch offline
before connecting.

or connect behind a _good_ firewall to download your patches


--
Jason Brown
Microsoft GTSC, IIS

This posting is provided "AS IS" with no warranties, and confers no
rights.

 

At the least I would install a cheap firewall router to block the intrusions
in your computer. Your software firewall has to process all those intrusions
eating up processor cycles.....

 

yes please!

 

....and suffer the consequences sometime in the future for having done it.

 

....unless those services (which are many) are not required...

| xmp wrote:
| >> or connect behind a _good_ firewall to download your patches
| >
| > or actually learn how to disable services with known vulns.
| >
|
| ...and suffer the consequences sometime in the future for having done it.
|
|

 

Actually that's not such bad advice, but having a properly configured
firewall between you and the net means far less messing about whenever a
reinstall is required. I regularly build VPC VMs on my home desktop machine
and I'd get so bored with constantly messing around with services just so I
could safely connect them to the net. Luckily I have a pretty good firewall
config (two actually, one fairly open, the other quite tight with one
machine sitting in between)


--
Jason Brown
Microsoft GTSC, IIS

This posting is provided "AS IS" with no warranties, and confers no
rights.