under attack......

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi all,

I can see that my event viewer is full of warnings such as the one
below. Should I be worried ? It seems people are trying to connect to
my home laptop (XP SP2).

Is there anything I can do to track this guy down (IP address) ?

Thank you so much
Regards

Logon Failure:
Reason: Unknown user name or bad password
User Name: guest
Domain: MINAS
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: PPEREZP

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
6 answers Last reply
More about under attack
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: <barabba72@hotmail.com>

    | Hi all,
    |
    | I can see that my event viewer is full of warnings such as the one
    | below. Should I be worried ? It seems people are trying to connect to
    | my home laptop (XP SP2).
    |
    | Is there anything I can do to track this guy down (IP address) ?
    |
    | Thank you so much
    | Regards
    |
    | Logon Failure:
    | Reason: Unknown user name or bad password
    | User Name: guest
    | Domain: MINAS
    | Logon Type: 3
    | Logon Process: NtLmSsp
    | Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    | Workstation Name: PPEREZP
    |
    | For more information, see Help and Support Center at
    | http://go.microsoft.com/fwlink/events.asp.

    If you are connected to the Internet via broadband, get a Cable/DSL Router such as the
    Linksys BEFSR41. Due to Network Address Translation (NAT) it will act as a simplistic
    FireWall and keep those connection attempts mostly at bay. By specifically blocking both
    TCOP and UDP ports 135 ~ 139 and 445 on the Router you will effectively block all MS
    Networking attempts from the Internet and will also protect you from Internet worms.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Dave: Doesn't the Linksys already block those ports by default?

    Tom
    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:ub9VcqIlFHA.4000@TK2MSFTNGP12.phx.gbl...
    | From: <barabba72@hotmail.com>
    |
    ||
    | If you are connected to the Internet via broadband, get a Cable/DSL Router
    such as the
    | Linksys BEFSR41. Due to Network Address Translation (NAT) it will act as
    a simplistic
    | FireWall and keep those connection attempts mostly at bay. By
    specifically blocking both
    | TCOP and UDP ports 135 ~ 139 and 445 on the Router you will effectively
    block all MS
    | Networking attempts from the Internet and will also protect you from
    Internet worms.
    |
    | --
    | Dave
    | http://www.claymania.com/removal-trojan-adware.html
    | http://www.ik-cs.com/got-a-virus.htm
    |
    |
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "Tom Pepper Willett" <tompepper@mvps.invalid>

    | Dave: Doesn't the Linksys already block those ports by default?
    |
    | Tom

    Not really blocked. Its like a closed door and the right information can open the door.
    Specifically going into the Router and placing both TCP and UDP ports 135 ~ 139 and 445 into
    the port blocking area ( "Filtered Private Port Range") will lock that door and neither can
    MS Networking information escape nor entry from the Internet be made on those ports.

    On many Linksys models this can be done at the URL; http://192.168.1.1/Filters.htm
    Under "Filtered Private Port Range".

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Dave: After blocking those ports in my Linksys, I could not access the
    internet

    Tom

    |
    | Not really blocked. Its like a closed door and the right information can
    open the door.
    | Specifically going into the Router and placing both TCP and UDP ports 135
    ~ 139 and 445 into
    | the port blocking area ( "Filtered Private Port Range") will lock that
    door and neither can
    | MS Networking information escape nor entry from the Internet be made on
    those ports.
    |
    | On many Linksys models this can be done at the URL;
    http://192.168.1.1/Filters.htm
    | Under "Filtered Private Port Range".
    |
    | --
    | Dave
    | http://www.claymania.com/removal-trojan-adware.html
    | http://www.ik-cs.com/got-a-virus.htm
    |
    |
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Dave: Thanks for the image. I only had the 445 in *one* field instead of
    two. DUH!

    Works fine, now.

    One question: will blocking 445 have any effect on Knology's DHCP service,
    or is that only for internal networks?

    I have my NIC configured to use a static IP from the router, and have
    Knology's DNS servers listed.

    Thanks!

    Tom
    | Tom:
    |
    | I don't know how you set it but I do know that I have that set on my
    Linksys BEFSR81and I
    | have no problem accessing the Internet. I have also set that blockage on
    other Linksys
    | models as well as on Asante Routers. I have also provided this advice
    *numerous* times and
    | you are the first to note a problem as feedback.
    |
    | I know you are aware that Internet activity does not rely on ports 135 ~
    139 and 445, only
    | MS Networking, so a mistake must have been made in setting the port
    blockage.
    |
    | Please refer to the attached JPEG.
    |
    | --
    | Dave
    | http://www.claymania.com/removal-trojan-adware.html
    | http://www.ik-cs.com/got-a-virus.htm
    |
    |
    |
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "Tom Pepper Willett" <tompepper@mvps.invalid>

    | Dave: Thanks for the image. I only had the 445 in *one* field instead of
    | two. DUH!
    |
    | Works fine, now.
    |
    | One question: will blocking 445 have any effect on Knology's DHCP service,
    | or is that only for internal networks?
    |
    | I have my NIC configured to use a static IP from the router, and have
    | Knology's DNS servers listed.
    |
    | Thanks!

    Port 445 is used for non NetBIOS SMB communications which is only available in NT based OS'.
    It will not effect DHCP since that uses TCP port 67 (based upon its parent protocol BootP
    Server).

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
Ask a new question

Read More

Windows XP