[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 487
  • Last Modified:

McAfee alerts' messages

I wonder if someone could help me. I use McAfee VirusScan Professional Edition,
together with McAfee Guardian Firewall (+ Windows XP). Since the begining of last week I am
getting all the time Firewall messages warning me for attacks - Port Scan Attack (most
frequent) every 2 minutes (average 30 per hour).
Questions:
- Is that a common situation?
- Is it dangerous?
- What can I do to avoid receiving these attacks?
Please help me!
Thanks a lot!
0
BestwayLuso
Asked:
BestwayLuso
  • 2
  • 2
1 Solution
 
LeftofCoolCommented:
Hi, the attacks you are describing are most likely NetBIOS attacks. NetBIOS is Microsoft's old peer-to-peer networking protocol which Windows XP doesn't even consider accepting unless under certain circumstances. Filesharers who use firewalls experience frequent NetBIOS attacks that aren't malicious but are still blocked. The only reason to worry is if all the attacks are coming from the same IP address. If that is the case, then you could have a piece of spyware on your system that can make your computer susceptible to interest among malicious hackers and could induce real Port-Scanning attacks. To be sure, download Spybot Search & Destroy from this site: http://download.com.com/3000-8022-10194058.html?tag=lst-0-3 . This program will scan you system for spyware, among other things. You might want to set McAfee to alert you only if the activity is malicious activity (or "Hacker Activity" if McAfee wishes to be dramatic). Windows XP coupled with that McAfee package and Spybot should make for a sufficient shield against anything you might come across.

0
 
Tim HolmanCommented:
I wouldn't worry about port scans.  EVERYBODY with an Internet IP address will get these, as part of either automated routines by ISPs to discover what machines are on their networks, or part of automated hacker utilities that enable hackers to ennumerate devices.
What you have to make sure is that any ports you DO have open, and with a personal PC, I wouldn't expect ANY, are secured.
This is a very common situation, is non-dangerous (think of it as background noise), and you can do nothing to stop receiving these, as even if you changed ISP or IP address, you'd still received them.
Do you use an Internet router ?  Or are you just dialling up ?
If you have a router, you can configure that with firewalling to stop these scans at the firewall, rather than letting them annoy you by hitting your internal PC ?
0
 
Tim HolmanCommented:
These are port scans, NOT NetBIOS attacks !!
0
 
LeftofCoolCommented:
Forgive me if I assumed in error. I know that firewalls tend to be dramatic about what they pick up. Port scans, as long as they are not all from the same IP address aren't anything to worry about as long as you are adequately protected, and from what you've posted, you are. I very seldom get port scanned, though. I run ZoneAlarm on my laptop and desktop with a Wireless Access Point. The router may be what's protecting me.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now