Re: firewall intrusion attempts

Simon
Simon Posts: 2,661 Superuser
OK. Client Security problems belong in the Business Security part of the forum.

Could someone move this to the correct board, please?

Comments

  • Ashley
    Ashley Posts: 3

    I get lot of intrusion attempts to my firewall. I wonder what that might be. Today I got Nmap tcp scan attempt from ip address 101.4.0.2 also from 58.120.227.252, 61.160.224.130, 221.155.50.225 and yesterday from ip addresses 221.155.50.225, 61.240.144.66, 80.85.84.75, 37.58.125.35, 58.120.227.252. Should I be worried about these or just not ignore???

  • Simon
    Simon Posts: 2,661 Superuser
    I assume this is Windows Firewall, and I suspect it's just the firewall doing its job.

    If you would like further help, can you confirm which version of F-Secure you're using?
  • NikK
    NikK Posts: 935 Rock Star

    If this is a business version of F-Secure:

     

    There was an issue about a year ago where several computers on a company network started alerting about Nmap scans. They all had F-Secure Client Security. To make a long story short they finally contacted the ISP for the "attacking" IP-addresses because they were all coming from the same domain. Their response:

     

    "It has come to our attention that F Secure interprets harmless port calls (against torrent clients, streaming media or other applications) as NMap Scan. We get a lot of complaints from our and other customers in Sweden regarding NMAP scan, and everyone uses F Secure."

     

    The software in this case that caused F-Secure to alert about Nmap scans, was Spotify.

    You could change the setting for this type of alert to only block and log. However, if you're not using any P2P software there's a possibility that the alerts are correct.

     

    Strangely I haven't seen any comment from F-Secure about this yet...

  • Ashley
    Ashley Posts: 3

    it is F-Secure Client Security 9.01. Thankey for your replies!

  • Ashley
    Ashley Posts: 3

    windows firewall is not in use...

  • Ben
    Ben Posts: 2,641 F-Secure Product Expert

    Hello @Ashley ,

     

    Note that Client security in version 9.X is not supported anymore and therefore not secure.

    Make sure you update to a supported version.

     

    @Simon @NikK thank you for the heads-up and the input.

     

     

    PS: I moved the post to the correct board.

  • Chu
    Chu Posts: 49

    A large number of firewall alerts (of intrusion), indicates you have machines without antivirus or infected machines. In a few cases, also can be an applicatin where use instrusion code.

     

    The best to do in this case, it is atualize the F-Secure antivirus in the last version (Client Security 11.60 - where use the last version of Deep Guard) in all computers and after this, do a manual scan.

     

    Att,

     

    Roberto Chu

This discussion has been closed.