Author Topic: Network Shield stopping something related to my IP  (Read 5232 times)

0 Members and 1 Guest are viewing this topic.

Offline RoyC

  • Newbie
  • *
  • Posts: 19
Network Shield stopping something related to my IP
« on: February 25, 2009, 08:26:51 PM »
    Hello

    This is the first time I am using
AVAST! home edition, to be exact from yesterday. Now a I try to browse or download (I use Firefox 3.0.6) something I get the following set of message:

Quote
25.02.2009  23:36:36  DCOM Exploit attack
    from 59.xx.yy.209:135
25.02.2009  23:37:37  DCOM Exploit attack
    from 59.xx.yy.209:135
25.02.2009  23:38:38  DCOM Exploit attack
    from 59.xx.yyy.252:135
25.02.2009  23:46:34  DCOM Exploit attack
    from 59.xx.y.0:135
25.02.2009  23:48:41  DCOM Exploit attack
    from 59.xx.y.0:135
25.02.2009  23:48:50  DCOM Exploit attack
    from 59.xx.yyy.138:135
25.02.2009  23:52:12  DCOM Exploit attack
    from 59.xx.yyy.80:135
26.02.2009  00:00:21  DCOM Exploit attack
    from 59.xx.yy.209:135
26.02.2009  00:01:49  DCOM Exploit attack
    from 59.xx.y.0:135
26.02.2009  00:31:03  DCOM Exploit attack
    from 59.xx.yyy.184:135

I have no idea what these messages mean.  ???

I use broadband ADSL connection. And as far as I know that every time I dial and connect, a new set of ip is assigned to my connection. Now these ips start with the above numbers and I am quite sure that AVST! is reporting my own ip as the source of this attack.  :-\

Now what am I supposed to do? I also find that the download speed, browsing speed are also slower.  ::)



  • My OS: XP Pro SP3 (updated to the current)
  • Firewall: PCTools Firewall Plus
Please help :(

Thank you.


EDIT:


Two more questions about this Home Edition of AVST!:

1. Does this edition of Heuristic scanning capabilities?
2. Is it safe/ recommended to use PCTools Threatfire simultaneously with AVAST! AV?[/list]
« Last Edit: February 25, 2009, 08:39:11 PM by RoyC »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86135
  • No support PMs thanks
Re: Network Shield stopping something related to my IP
« Reply #1 on: February 25, 2009, 09:07:57 PM »
First these DCOM attacks should really be intercepted by your firewall but the network shield only monitors certain ports, those commonly used for these types of exploit.

If your system is fully up to date then you shouldn't be vulnerable to the DCOM exploit. That however, doesn't deter these speculative (random) attacks, so they aren't targeting you specifically.

1. avast uses generic and algorithmic signatures in this current version to help combat against previously unknown infection.

However, in its anti-rootkit scan it uses heuristic style detections also. It also has what is loosely called heuristics in the Internet Mail (pop3 email scanner). There will be further enhancements in version 5 where behavioural analysis will be added.

2. I wouldn't as at the moment there is by all accounts a problem with their web scanner/protection conflicting with the avast web shield. This is meant to be fixed in an update of threatfire. You can try a forum search for threatfire as there have also been other issues (unrelated to avast) relating to add-ons in firefox.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline RoyC

  • Newbie
  • *
  • Posts: 19
Re: Network Shield stopping something related to my IP
« Reply #2 on: February 26, 2009, 03:56:26 AM »
Thank you so much David for your reply.

I somewhat understood what you said, but why the source of the attack is my ip and what do I need to do regarding these notifications?  ???

As I said that i am using PCTools Firewall (latest version), do you think that it is of adequate quality or should I migrate to some other firewall? I am a home user so a free one should suffice. I have used Comodo earlier, it is a very good firewall and at present installed beside AVAST! home in my sister's PC. But there also I found that AVAST! is generating these notification and using the connection's dynamic IP as the source of the attack.  ::)  :-\

Offline lukor

  • Avast team
  • Super Poster
  • *
  • Posts: 1886
    • AVAST Software
Re: Network Shield stopping something related to my IP
« Reply #3 on: February 26, 2009, 08:12:25 AM »
Hi,
if i remember correctly, avast! network shield checks for Worms only on the incomming direction. So this does not mean your PC is actually sending these attacks, most probably the attacker is using fake source IP in the packet (in the same way as SPAM sometimes comes with your own e-mail address as the sender). As far as the attack is blocked (either by your already patched Windows system or by avast!) you are OK, but anyway it might be a good idea to perform a boot time scan from time to time.

Lukas.


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86135
  • No support PMs thanks
Re: Network Shield stopping something related to my IP
« Reply #4 on: February 26, 2009, 03:38:34 PM »
Thank you so much David for your reply.

I somewhat understood what you said, but why the source of the attack is my ip and what do I need to do regarding these notifications?  ???

No problem, glad I could help.

Lukor has partially answered. But there is every possibility someone who uses your ISP could be infected and that system tries combinations of the IP range to infect other unpatched systems. I don't know about faking the IP address (I didn't know it was possible), lukor is much more knowledgeable in that area.

I frequently get spam email supposedly from me and that is designed to bypass security as most anti-spam tools would whitelist/allow the users email addresses. So this could be a similar method to try and bypass the firewall but it failed to get past the network shield.

As I said that i am using PCTools Firewall (latest version), do you think that it is of adequate quality or should I migrate to some other firewall? I am a home user so a free one should suffice. I have used Comodo earlier, it is a very good firewall and at present installed beside AVAST! home in my sister's PC. But there also I found that AVAST! is generating these notification and using the connection's dynamic IP as the source of the attack.  ::)  :-\

The PC Tools firewall is used by many people in the forums, I have never used it the one I have used for over 5 years Outpost Firewall Pro isn't free, but that is effectively the only one I have any practical experience of.

As you say it has happened with your sisters system with a different firewall, so there is no guarantee that the same wouldn't happen in the next firewall since the attacks are speculative and random you can't do much about those. Fortunately these don't get past avast.

Welcome to the forums.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline RoyC

  • Newbie
  • *
  • Posts: 19
Re: Network Shield stopping something related to my IP
« Reply #5 on: February 26, 2009, 07:04:23 PM »
Thank you very much David and lukor for your explanation and help.

Anyways, I just clicked the option of "do not show this notification" so that AVAST! can do its inteded work silently. I trust AVAST! completely as my sister is using it for over 2 years, and it was I who installed it in her system. :)

Thank you very much for developing AVAST! and keeping it free for home users. :)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86135
  • No support PMs thanks
Re: Network Shield stopping something related to my IP
« Reply #6 on: February 26, 2009, 07:35:01 PM »
No problem, glad I could help.

Personally I like to know what is going on in my system as, a) it alerts you something isn't right and b) if you are browsing it alerts you to a problem related to that site, c) if you happen to be working on your system (but connected), it lets you know something possibly on your system is trying to access a malicious site.

So all of the above would require further investigation (via the forums, etc.) and without the alerts you would be totally unaware of a potential problem.

Welcome to the forums.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline RoyC

  • Newbie
  • *
  • Posts: 19
Re: Network Shield stopping something related to my IP
« Reply #7 on: February 27, 2009, 03:44:17 AM »
Hello David

I would love to investigate the situation further, so can we discuss it here?

Anyways, I did do a boot time scan of my PC and the system came out to be clean.

What else do you think is required to be done?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86135
  • No support PMs thanks
Re: Network Shield stopping something related to my IP
« Reply #8 on: February 27, 2009, 03:45:17 PM »
Well I'm not sure what there is left to discus, but if you are talking of investigation after a network shield alert, then that is what we have been doing.

There shouldn't be any further action required (since you have a clean boot-time scan result) and by the nature of the network shield it blocks attempts to access the malicious site nothing should have got on to your system.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Hally

  • Guest
Re: Network Shield stopping something related to my IP
« Reply #9 on: February 27, 2009, 04:49:51 PM »
Hi RoyC  :)


My Laptop Is.. Vista Home Premium ( SP1 )
I'm also using Avast and PC Tools Firewall Plus   :D
But I'm NOT experiencing the problem that you have.

However!
In Your First Post...
I did notice one slightly odd thing about your computers setup  :-\

You Said...
Quote
I use broadband ADSL connection. And as far as I know that every time I dial and connect, a new set of ip is assigned to my connection.

You have the same kind of Broadband as me ... But I Don't Have To Dial  ???

Are you using a Router or a Modem?

I'm Not Sure!
But I think your problem could possibly be caused by a muddled up Internet Connection  :(

I use a... Wireless - Modem / Router ( Usually just called Routers theses days ) and My Broadband is always - ON


That's why it's called - Broadband .. Rather Than - Dial Up
No Need To - Dial  ;)


PS.
I'm also using... Firefox 3.0.6
And sometimes... IE7
« Last Edit: February 27, 2009, 04:53:15 PM by Hally »

Offline RoyC

  • Newbie
  • *
  • Posts: 19
Re: Network Shield stopping something related to my IP
« Reply #10 on: February 27, 2009, 05:50:25 PM »
Hello David

Thank you for your reply and clarification. :)

Hello Hally

its a 2Mbps connection, ADSL type. It runs on PPPoE mode and in that you need to dial a connection with specific user name and password. I can also use the Bridge mode and configure my router to use the User Name and Password to automatically connect to net as soon as it is turned on. :)
Oh, you must have got it- I am using a router (to the best of my knowledge that is, I am not really a knowledgeable person when it comes to networking :/ )


Hally

  • Guest
Re: Network Shield stopping something related to my IP
« Reply #11 on: February 27, 2009, 06:24:21 PM »

Hi RoyC  :)

My Internet...
Wireless Router
8Mbps
Broadband ADSL
PPPoE
Pretty Much.. Same As Yours!  ;)

However!
Quote
and in that you need to dial a connection with specific user name and password.

I don't need to do any of that  ???
I just turn on my computers.. And they are immediately connected to the Internet.
Meaning...
Avast, Windows, and anything else can update straight away.
And I just click on Firefox or IE7 to surf the web.


Quote
I can also use the Bridge mode
I don't know anything about - Bridge Mode
I'm also not that experienced when it comes to Routers and Networking  :-[

However!
Quote
and configure my router to use the User Name and Password to automatically connect to net as soon as it is turned on.
I think that's how Broadband usually works  :-\
Using the Name and Password that was provided by your ISP .. In Your Router!

Unless Of Course...
You already know all this, but prefer to only be connected to the Internet when you wish to be  :-\

You've Got Me A little Confused  :-[
Because I've only ever heard of one other person having to Dial and use a Name and Password with Broadband.
I think that was because they were using a particular ISP and a Router I'd never heard of before.
Zoo .. Or Something!  :-\

As long as you know your Internet is OK  ;)
I just thought I'd mention it...
Just in case it would shed some light on your problem.
And Maybe.. Help!

Offline RoyC

  • Newbie
  • *
  • Posts: 19
Re: Network Shield stopping something related to my IP
« Reply #12 on: March 02, 2009, 03:13:32 PM »
Hello Hally

Well in Bridge Mode you need to create a new dial up connection in your PC so that you are only connected to the net only when you desire by dialing the connection. So it basically gives you control over your internet usage. And it also (somewhat) decreases the chances of getting attacked from outside. :)

Anyways, I had to uninstall PC Tools FW as it was really slowing my PC down considerably and I have enough RAM. :)
Now I am back to my trusted Comodo FW.

Hally

  • Guest
Re: Network Shield stopping something related to my IP
« Reply #13 on: March 02, 2009, 04:49:06 PM »

Hi RoyC  :)

Quote
Well in Bridge Mode you need to create a new dial up connection in your PC so that you are only connected to the net only when you desire by dialing the connection. So it basically gives you control over your internet usage. And it also (somewhat) decreases the chances of getting attacked from outside.

Oh! ... I See Now!  ;)

Quote
I had to uninstall PC Tools FW as it was really slowing my PC down considerably and I have enough RAM.

That would probably be due to - Enhanced Security Verification

Did You Try Turning ESV Off?

I've got PC Tools Firewall Plus on my Laptop and Desktop Computer ... But with ESV - OFF

Note!
Starting Since Version 4 ... PC Tools Firewall Plus .. Now Comes With - Enhanced Security Verification ( ESV )
ESV .. Is a relatively new feature that PC Tools have added to their Firewall ... But It Has Problems  ::)
Can Cause.. High CPU Spikes, Manic Hard Drive, Freezes, Blue Screens  :o
So!
Even though - PC Tools Firewall Plus .. Is a great little Firewall  :)
Enhanced Security Verification .. Is Best Left -  OFF  .. Till they get it right!  ;)

Offline RoyC

  • Newbie
  • *
  • Posts: 19
Re: Network Shield stopping something related to my IP
« Reply #14 on: March 03, 2009, 03:55:16 AM »
Nah! I just did not want to take any chances. Its no doubt a good FW, but I shall wait till they get things completely right. :)