Intrusion alert:3000+

[Guest]

[Michael Withstand]

I've been ignoring my intrusion alert numbers even though it showed 3000+ sometimes until today that I caught a person changing my yahoo messenger status with his intrusion which the CIS detected but I stupidly allowed.

I traced his IP and found that his ISP is the same with mine.

My question is why do I have 3000+ intrusion attempts logged? well mostly by 2-5 different Ip addresses. One is particularly persistent.

Do I have to worry about these intrusion attempts? Wat can I do to protect my PC better and how can I know if somebody got into my PC?

Thanks

[exproff]

1) The number of event in Log depends on 2 conditions: number of Rules "Block AND LOG" and number of intrusions.

2) You shouldn't worry about logged intrusions. If they in Log - then they were blocked =)

3) About IP from same ISP - If they virused, then it is logicaly that nearest IP range for distributing - same IP range of ISP

4) First of all - try to apply Rules for blocking ECHO requests.

5) If you REALLY want to get your life more safe - save you Logs and call to your ISP. Describe situation with permanent intruder and tell ISP that you have enough Logs to prove it. ISP wants to have a good reputation, so it could help you.

[Michael Withstand]

Hmm how do I set to block echo request? I've stealthed all my ports with CIS.

[Michael Withstand]

Never mind I got it expproff. Thanks tests at grc.com showed all my ports didn't respond to ping request. thanks

[Tags:]