?
Solved

McAfee alerts' messages

Posted on 2004-04-19
4
Medium Priority
?
482 Views
Last Modified: 2013-11-16
I wonder if someone could help me. I use McAfee VirusScan Professional Edition,
together with McAfee Guardian Firewall (+ Windows XP). Since the begining of last week I am
getting all the time Firewall messages warning me for attacks - Port Scan Attack (most
frequent) every 2 minutes (average 30 per hour).
Questions:
- Is that a common situation?
- Is it dangerous?
- What can I do to avoid receiving these attacks?
Please help me!
Thanks a lot!
0
Comment
Question by:BestwayLuso
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 2

Accepted Solution

by:
LeftofCool earned 200 total points
ID: 10865301
Hi, the attacks you are describing are most likely NetBIOS attacks. NetBIOS is Microsoft's old peer-to-peer networking protocol which Windows XP doesn't even consider accepting unless under certain circumstances. Filesharers who use firewalls experience frequent NetBIOS attacks that aren't malicious but are still blocked. The only reason to worry is if all the attacks are coming from the same IP address. If that is the case, then you could have a piece of spyware on your system that can make your computer susceptible to interest among malicious hackers and could induce real Port-Scanning attacks. To be sure, download Spybot Search & Destroy from this site: http://download.com.com/3000-8022-10194058.html?tag=lst-0-3 . This program will scan you system for spyware, among other things. You might want to set McAfee to alert you only if the activity is malicious activity (or "Hacker Activity" if McAfee wishes to be dramatic). Windows XP coupled with that McAfee package and Spybot should make for a sufficient shield against anything you might come across.

0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10866735
I wouldn't worry about port scans.  EVERYBODY with an Internet IP address will get these, as part of either automated routines by ISPs to discover what machines are on their networks, or part of automated hacker utilities that enable hackers to ennumerate devices.
What you have to make sure is that any ports you DO have open, and with a personal PC, I wouldn't expect ANY, are secured.
This is a very common situation, is non-dangerous (think of it as background noise), and you can do nothing to stop receiving these, as even if you changed ISP or IP address, you'd still received them.
Do you use an Internet router ?  Or are you just dialling up ?
If you have a router, you can configure that with firewalling to stop these scans at the firewall, rather than letting them annoy you by hitting your internal PC ?
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10867580
These are port scans, NOT NetBIOS attacks !!
0
 
LVL 2

Expert Comment

by:LeftofCool
ID: 10873426
Forgive me if I assumed in error. I know that firewalls tend to be dramatic about what they pick up. Port scans, as long as they are not all from the same IP address aren't anything to worry about as long as you are adequately protected, and from what you've posted, you are. I very seldom get port scanned, though. I run ZoneAlarm on my laptop and desktop with a Wireless Access Point. The router may be what's protecting me.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question