8 Replies Latest reply on Aug 21, 2010 10:47 AM by Peter M

    Incoming Events

      Hey guys i was navigating through Mcafee yesterday and i ended up at History and Logs > Incoming Events where i saw some things that got me a bit worried , remote login atempts and several other things, i am no security expert but non of them sound good at all, i will attach a picture with some Incoming Events from the list , maybe someone can tell me if this things are normal or i should worry about them, Thank you !

        • 1. Re: Incoming Events
          Peter M

          Don't worry.  Those are really FYI only and represent failed attempts at entering your system by whatever means.

          • 2. Re: Incoming Events

            Okay i'll try not to worry.. thou now things seem to be getting worse , once every 2-5 seconds computers from different IPs attempt to connect to my 63976 udp port, scary stuff.

            • 3. Re: Incoming Events
              Peter M

              Are you using a router that has the wireless part turned on?    That's usually the culprit.  If you connect wirelessly I suggest you make sure it is encrypted.

               

              If you don't use  a network I would set it to 'Don't Trust" in Home Network Defense - that should make doubly sure you are safe and sound.

              • 4. Re: Incoming Events

                Nop i don't have a router nor do i connect to the Internet thro a wireless connection , the network is set to untrusted since the first day i installed McAfee, this army of events started invading me like 3 days ago, nothing suspicious till then.

                • 5. Re: Incoming Events
                  Peter M

                  Well as I said, they are all blocked events.  Perhaps your ISP can give you clues as to why they are trying your 'back door' for want of a better expression.   They are letting them through after all.

                  • 6. Re: Incoming Events
                    rmetzger

                    Baboon wrote:

                     

                    Nop i don't have a router nor do i connect to the Internet thro a wireless connection , the network is set to untrusted since the first day i installed McAfee, this army of events started invading me like 3 days ago, nothing suspicious till then.

                    Well, not having a router is a big problem in my humble opinion.

                     

                    An inexpensive router adds a Hardware Firewall to the mix. Basically, this hides or stealths your presence on the Internet. It becomes hard to pick the lock of a door you can't see. (Not impossible, but unlikely to be attacked since you are not the easy target. Currently, without the router, you are the 'low hanging fruit.')

                     

                    Currently, without a Hardware Firewall in place, your Public IP address assigned to you by your ISP is directly known to all that want to know via port probing. They are probing your Machine directly. With a Hardware Firewall in place, they can still probe the ports, but the router will simply ignore the probe as if it doesn't exist. This isolates your PC from handling the probe. The hardware firewall adds one more layer of protection against such attacks. Currently, it is the packets that Do get thru and are Not logged that worry me. (These are the ones that software firewall allowed, and unless you log everything, you don't see the ones that are considered benign.)

                     

                    Currently, you are relying exclusively on the software firewall. I would continue to use the software firewall as you are, but by adding the hardware firewall, you are making the router reject most every attack before they can even begin to attempt getting thru your software firewall.

                     

                    Best practices always recommend multiple layers of security. The Hardware Firewall adds stealth and second level that must be bypassed before an attacker can penetrate your system.

                     

                    As far as the wireless is concerned: turn it off. No need to use it or have it running if you don't need it. Later, you could always add the wireless as needed, but be sure to enable WPA or better still WPA2 to the mix.

                     

                    I would still want the hardware firewall running and hiding my presense to the rest of the world.

                     

                    Finally, change the password to the router (the overall password) as the default is well known to the rest of the world, including the malware writers. Simply changing the password used to the router protects against simple attacks where the attacker simply guesses the default passwords used by the well known brands of routers currently available.

                     

                    Hope this helps,

                    Ron Metzger

                    • 7. Re: Incoming Events

                      Thanks for your feedback mates !

                      • 8. Re: Incoming Events
                        Peter M

                        Thanks Ron and good luck Baboon.