Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1713 Views 4 Replies Latest reply: Dec 6, 2012 7:05 AM by 2xtap RSS
2xtap Newcomer 4 posts since
Apr 23, 2012
Currently Being Moderated

Dec 5, 2012 1:54 PM

Firewall not blocking IP addresses

Recently, I noticed multiple attempts to remotely log into one of my PCs.  I loaded a port recorder to get the IP addresses so I could block them with McAfee. However, once they were blocked, nothing changed. The IP addresses are still showing up in the port recorder and they are linked with login failures in the event viewer. Plus, there is no record of them in the firewall history. Am I missing something in the setup of Blocking IP addresses or doesn't McAfee record blocked\allowed IP addresses?

 

Here's a list of the IPs

 

Remote  IP
112.132.214.53
112.65.240.228
115.239.229.220
217.160.239.94
222.186.15.127
23.15.9.146
47.23.23.202
5.79.32.188
54.243.154.76
61.147.119.186
70.89.192.201
77.120.246.16

I researched these and found these addresses are assigned to various users in the US, China, and Ukraine (not a good feeling).

 

Any suggestions on blocking IPs using McAfee would be greatly appreciated.

 

FYI:

OS - XP sp3

  • Hayton Volunteer Moderator 4,590 posts since
    Sep 27, 2010
    Currently Being Moderated
    1. Dec 5, 2012 3:51 PM (in response to 2xtap)
    Re: Firewall not blocking IP addresses

    If you saw the IP addresses in Security History they were being blocked anyway so specifically adding them to the firewall to be blocked is probably unnecessary, although an extra precaution.

     

    I picked one at random - 217.160.239.94 - and did a quick check. The IP address is UK-based, 1&1 Networks, assigned to SCHLUND-CUSTOMERS, and one or more of their servers is infested with malware according to Clean-MX

     

    Your best bet is to set the firewall to Stealth mode and make sure NetGuard and Intrusion Prevention are enabled.


    Volunteer Moderator  Leeds, UK
    No PM's please
  • Hayton Volunteer Moderator 4,590 posts since
    Sep 27, 2010
    Currently Being Moderated
    3. Dec 5, 2012 7:27 PM (in response to 2xtap)
    Re: Firewall not blocking IP addresses

    2xtap wrote:

     

    Unfortunately,  the addresses are not showing up in the security history.  Since the system is XP, the event log only records the event and user name as a failed attempt. 

    ... After a day, the same addresses are showing up in the recorder, but not the McAfee history.

     

    I can't figure out why McAfee is not detecting, or maybe just not recording, the blocked addresses.

     

    Sorry, I should have asked this earlier. Have you got Security Center 11.6.435? That's the one where McAfee changed the reporting arrangements, and after which update lots of people (me included) no longer saw any reports of incoming connections being blocked. I assume they still are being blocked, but there's nothing except scans and buffer overflows since the date of the update.

     

    We've passed a message about this up the line to McAfee but no-one's rushing to get it fixed

     

    fwiw there are port scanners out there looking for open and unprotected ports running 24/7. If you take a brand new machine, add some port-monitoring software and connect it to the internet, someone will attempt to break into it within 17 minutes (a bunch of security researchers did it as an experiment).

     

    And if you want to know where the infected or otherwise malicious machines are doing this, they're actually mostly in the good ol' USA. California especially. Kentucky, for some reason, is almost squeaky clean. Have a look at the latest Microsoft Security Intelligence Report (volume 13) for the lowdown. The Chinese mostly go for targeted high-value attacks (you haven't got any valuable intellectual property, by any chance?) and the Russians and Ukrainians go for anything at all outside their own countries so yes, watch out for addresses in those two countries.


    Volunteer Moderator  Leeds, UK
    No PM's please

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points