Network Attacks!

  • Thread starter ronscores
  • Start date
  • Replies: Replies 37
  • Views: Views 6,183
R

ronscores

Newbie
Messages
58
Location
NA
hi,

have XP with SP2..
installed Kaspersky Beta 2006 and was shocked to see abt 2 network attacks per hour of logging on to the net..
I mean 'twas only kaspersky which detected it and repelled it..
I'm thankful i d'loaded Kaspersky..
BTW.. i'm attaching the screenshot..
http://img298.imageshack.us/img298/3502/attack26ol.png
Here's the thumbnails..
http://img298.imageshack.us/my.php?image=attack26ol.png
are network attacks common in Airtel Broadband? and any other antivirus program would surely not have recognized it!
 
B

blr_p

Regulars
Messages
3,912
Location
NA
ISP
Airtel 256k ultd
3 of those IPs resolved to Airtel addresses, i'd say they are prolly infected with some worm and looking for company ;)A decent firewall (Zonealram or similar) should be good enough to deal with it.
 
R

ronscores

Newbie
Messages
58
Location
NA
hey .. dont u ppl in bangaore have such problems?And aint these harmful?lovesan & LSASS exploit are frequent!Would anyone here recommend the inbuilt Windows firewall (inbuilt in XP with SP2)??i thought only kaspersky detected it!and btw is ZoneAlarm free?
 
B

blr_p

Regulars
Messages
3,912
Location
NA
ISP
Airtel 256k ultd
I'm not seeing this attack as i'm using the ethernet modem they gave me. It's set up to work as a NAT, ie it doe snot allow anything form the outside in unless the connection was previouslyt initiaitef form the inside. This has proven to be a problem for ppl that want to setup servers as the Airtel modem does not port forward properly. THe ports mentioned in ur pic are for netowrk shares on windows, very common for them to be attacked for vulnerbilities.I'm not sure if the USB version acts as a NAT. Zonealarm is free for personal use and is regularly updated., quite easy to setup and works well. I hear Kapersky is good as well.I would disable the XP firewall, and instead rely on either of the above two for sake of your sanity.
 
Sushubh

Sushubh

Admin
Staff member
Messages
393,558
Location
Gurgaon
ISP
Excitel
Airtel
airtel is atleast a safer bet than sify broadband which has a lan...
 
C

coolbuddy_79

The Coolest One!!!
Messages
3,471
Location
NA
ISP
TriB 749NU @ 2 mbps
lsass - lsass.exe - Process Information

Process File: lsass or lsass.exe
Process Name: Local Security Authority Service

Description:
lsass.exe is a system process of the Microsoft Windows security mechanisms. It specifically deals with local security and login policies.

Note: lsass.exe also relates to the Windang.worm, irc.ratsou.b, Webus.B, MyDoom.L, Randex.AR, Nimos.worm which spread via floppy disk drives, mass-mailing and peer-to-peer sharing. Please review file path for clarification of this.


Author: Microsoft Corp.
Part Of: Microsoft Windows Operating System

System Process: Yes
Background Process: Yes
Uses Network: Yes
Hardware Related: No
Common Errors: N/A
Memory Usage: N/A

Security Risk (0-5): 0
Spyware: No
Adware: No
Virus: No
Trojan: No

so i really wonder if it's really a security threat :unsure:

but "helkern" for sure is something you should worry about...

know more here
 


G

GAURAV7777

Regular
Messages
548
Location
NA
ISP
MTNL
well if u have xp sp2then u r protected against lsass exploitand these cases are just are worm trying to spread itself so my suggestion is just have a firewall like the one u r using or zone set to highest level and just relax
 
G

GAURAV7777

Regular
Messages
548
Location
NA
ISP
MTNL
almost forgot this kaspersky thing is way better than zoneatleast it tells people which exploit is being targeted than the zone alarm which just gives the technical infodoes it comes bundled with that antivirus or just the firewall alone
 
R

ronscores

Newbie
Messages
58
Location
NA
you are asking abt Kaspersky
They have an AV as well as firewall(Internet Security)
I have the beta 2006..
which is pretty good...
both nearly only 9 mb..
just check out http://forum.kaspersky.com
 
S

Supreme

Newbie
Messages
86
Location
NA
ISP
Airtel
You be on any network , attacks are bound to happenBetter to keep the system fully patched, have an antivirus & firewall updated. Stop all services you dont require.It is not that a LAN is insecure, rather if you have a public ip you are more insecure.
 
Sushubh

Sushubh

Admin
Staff member
Messages
393,558
Location
Gurgaon
ISP
Excitel
Airtel
mhm.... lan makes ur pc always available to the people in your lan. public ip would require a random guy on the net actually target ur IP :p
 
S

Supreme

Newbie
Messages
86
Location
NA
ISP
Airtel
The same thing goes for LAN a random chap has to target you. Not everyone on LAN can know some other's IP. In a LAN number of attackers is going to be limited.But for a public ip the whole world can be the attacker. Also normally for DSL ip is static,(dont know of airtel), so a person can be easily identified.Each type has its own benefits and disadvantages.There is no use arguing over this.The thing is on any type of network u are, never lower the guard of your security.You just dont know from where the attacker will come and how.
 
C

coolbuddy_79

The Coolest One!!!
Messages
3,471
Location
NA
ISP
TriB 749NU @ 2 mbps
well, in LAN, u can browse anyone's contents (if the security is not there)...in WAN, u'd have to first find the target!!!unless u opt for static IPs, no one provides them for free (as much i know)...they only give u dynamic/global IPs... :)
 
R

ronscores

Newbie
Messages
58
Location
NA
just thought of somethin' else now..Could be that i'm the brunt of Network attacks since i have a security vulnerability??i have only xp pro with pre installed SP2 and nothing else.. And i havent updated my XP (turned auto updates off)Do i need a security patch to download from MS?I remember reading an MS article sometime ago.. that not installing some security update would leave my network ports open.. thus rendering it easy or making my system vulnerable to hackers...Is this the issue? can someone direct me to an update or patch from MS