I have been receiving multiple intrusion attempt by my Windows system. I am not sure why it’s happening? Is it some type of malware? Some one please help me how to deal with this issue.
P.S.: I have attached an image of the intrusion attempts.
Did you set your firewall to “Block all incoming connections and Stealth my Ports to Everyone”?
I ask because I am having a similar problem and I believe this to be the root of my problem. I am unsure whether your problem is related to mine, but on the off-chance that it is…
Sorry I was busy with my school work. I don’t see any of those ip addresses as my ip address. The first digits are same. eg: if the source ip and destination ips are: xxx.xxx.fgr.asd and xxx.xxx.rtg.adf, my ip address is xxx.xxx.y.zzz
So your saying you are seeing packets that are not destined or coming from your IP ?
that’s not normal… only for broadcast traffic does any of those end on .255 ?
Ok. I attached an updated picture of the firewall intrusion attempt. The destination ip is my ip where as the source ip is a bit different. Ex: my ip and destination ip both are xxx.xxx.xxx.xxx while the source ip is xxx.xxx.xxx.yyy
Those are scans against the Windows File and Printer sharing ports.
You can safely create a drop rule for these on the Global rules tab en not log these.
Set a global rule like this
Block
TCP or UDP
Source IP ANY
Source Port ANY
Destination ANY
Destination Port Range 137-139
And an other one with
Block
TCP or UDP
Source IP ANY
Source Port ANY
Destination ANY
Destination Port Range 445
This will block all incoming File & Printer sharing “attacks” normally you move these rules all the way up to the top of the rulebase to they match first, if you use File and Printer sharing on your local LAN then you have to place these rules below that specific access rule.
The above picture is from the “Default” settings, this does not reflect the “Stealth ports wizard” block all incoming traffic, it was merely used to show how it look’s