i got bluescreen while i had the firewall on

psycody
psycody used Ask the Experts™
on
hi friends,please...
i have a little problem surfing the net, 4 days ago i installed Outpost ,the firewall,
yesterday the firewall told me somebody was scanning my ports and attack my computer with something
today i got online again different time, different proxy ,browsing diffrent sites
then he came again scanning & attacking, within 2 hours my win98 got blue screen
the strange thing(for me) is that the firewall told me that the origin of the attack came from the same ip
as my proxy was while yesterday his ip  was just from a local internet provider in my country.

does anyone know how come someone else exactly know when i get online & my ip (my proxy was anonymous)
could i be really stealth on the internet,
with the outpost firewall and an anonymous proxy i still got forced to stop surfing, booting my computer again.

the below was what someone did after gave me one time bluescreen
what did he expect, my computer is older than his grandpapa i guess

7/12/2545 18:14:30     Rst attack     211.22.33.11 -> 211.22.33.11    
7/12/2545 18:09:41     Port scanned     211.22.33.11     TCP(1917) TCP(1829)
7/12/2545 18:09:41     Connection request     211.22.33.11     TCP(1917)
7/12/2545 18:09:30     Connection request     211.22.33.11     TCP(1829)
7/12/2545 18:08:24     Connection request     211.22.33.11     TCP(1829)
7/12/2545 18:07:22     Connection request     211.22.33.11     TCP(1829)
7/12/2545 17:57:16     Port scanned     211.22.33.11     TCP(1749) TCP(1756)
7/12/2545 17:57:16     Connection request     211.22.33.11     TCP(1749)
7/12/2545 17:57:03     Connection request     211.22.33.11     TCP(1756)
7/12/2545 17:46:29     Port scanned     211.22.33.11     TCP(1462) TCP(1426)
7/12/2545 17:46:29     Connection request     211.22.33.11     TCP(1462)
7/12/2545 17:46:23     Connection request     211.22.33.11     TCP(1426)
7/12/2545 17:38:51     Rst attack     211.22.33.11 -> 211.22.33.11    
7/12/2545 17:36:22     Port scanned     211.22.33.11     TCP(1226) TCP(1225)
7/12/2545 17:36:22     Connection request     211.22.33.11     TCP(1226)
7/12/2545 17:36:19     Connection request     211.22.33.11     TCP(1225)
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Gabriel OrozcoSolution Architect

Commented:
this guy was trying to get you. that's the only problem.
and if you can use a proxy, why them not?
well first off i would request a new ip address from your isp if it is static, second if its not static then do a ipconfig /release and then a ipconfig /renew hopefully this will give you a new ip address, hopefully is the key word, second if i dont know if there are programs out there but he must be listening for any traffic period coming from your ip address, i imagine he is not literally sitting at his computer waitng so he must have some sort of script running that will make his computer automatically initiate this attack, hope this helps
My bet is you have a trojan on your system. Boot while not connected to the internet.

Run netstat -a
Run msconfig

In netstat a list of ports open should pop up. Anything over 3100 is unusual.

In msconfig on the startup tab look for programs that you didnt install/dotn want on at startup.

MY biggest recommendation would be to get a strong antivirus program and firewall. An anonymous proxy is nice but it doesnt stop someone form knowing where you are if your system is broadcasting an IP through a trojan.

It could be through a common port also it would help if you posted the results form the netstat -a screen.

Good luck and I hope the perp is caught, its people like them that make us hackers look bad..
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

a simple port scan is not an attack, what is an attack is using that port scan and having the ability to access your computer through one of those ports, that is an attack.  if i were you just save all data needed to something, reinstall and get a new ip hell install a good firewall like zone alarm or something and use the same one
Gabriel OrozcoSolution Architect

Commented:
I agree with bcastaldo.

just check you have up to date your programs and your firewall, and that's all.
well, maybe if you use a tool lik prelude for linux, which can detect several kinds of attacks, and block them, you will have more peace of mind :)
http://www.experts-exchange.com/Hardware/Routers/Hey people,

No comment has been added in roughly 1 year, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question
be PAQ'd and pts split between raven31337 and bcastaldo.
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Zenlion420
EE Page Editor
*sorry for the link in my last post, somehow snuck onto my clipboard*

j

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial