Sign in with
Sign up | Sign in
Your question

under attack......

Last response: in Windows XP
Share
Anonymous
July 29, 2005 6:47:06 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi all,

I can see that my event viewer is full of warnings such as the one
below. Should I be worried ? It seems people are trying to connect to
my home laptop (XP SP2).

Is there anything I can do to track this guy down (IP address) ?

Thank you so much
Regards

Logon Failure:
Reason: Unknown user name or bad password
User Name: guest
Domain: MINAS
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: PPEREZP

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

More about : attack

Anonymous
July 29, 2005 10:12:27 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: <barabba72@hotmail.com>

| Hi all,
|
| I can see that my event viewer is full of warnings such as the one
| below. Should I be worried ? It seems people are trying to connect to
| my home laptop (XP SP2).
|
| Is there anything I can do to track this guy down (IP address) ?
|
| Thank you so much
| Regards
|
| Logon Failure:
| Reason: Unknown user name or bad password
| User Name: guest
| Domain: MINAS
| Logon Type: 3
| Logon Process: NtLmSsp
| Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
| Workstation Name: PPEREZP
|
| For more information, see Help and Support Center at
| http://go.microsoft.com/fwlink/events.asp.

If you are connected to the Internet via broadband, get a Cable/DSL Router such as the
Linksys BEFSR41. Due to Network Address Translation (NAT) it will act as a simplistic
FireWall and keep those connection attempts mostly at bay. By specifically blocking both
TCOP and UDP ports 135 ~ 139 and 445 on the Router you will effectively block all MS
Networking attempts from the Internet and will also protect you from Internet worms.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
Anonymous
July 29, 2005 10:12:28 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Dave: Doesn't the Linksys already block those ports by default?

Tom
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:ub9VcqIlFHA.4000@TK2MSFTNGP12.phx.gbl...
| From: <barabba72@hotmail.com>
|
||
| If you are connected to the Internet via broadband, get a Cable/DSL Router
such as the
| Linksys BEFSR41. Due to Network Address Translation (NAT) it will act as
a simplistic
| FireWall and keep those connection attempts mostly at bay. By
specifically blocking both
| TCOP and UDP ports 135 ~ 139 and 445 on the Router you will effectively
block all MS
| Networking attempts from the Internet and will also protect you from
Internet worms.
|
| --
| Dave
| http://www.claymania.com/removal-trojan-adware.html
| http://www.ik-cs.com/got-a-virus.htm
|
|
Related resources
Anonymous
July 30, 2005 2:58:50 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "Tom Pepper Willett" <tompepper@mvps.invalid>

| Dave: Doesn't the Linksys already block those ports by default?
|
| Tom

Not really blocked. Its like a closed door and the right information can open the door.
Specifically going into the Router and placing both TCP and UDP ports 135 ~ 139 and 445 into
the port blocking area ( "Filtered Private Port Range") will lock that door and neither can
MS Networking information escape nor entry from the Internet be made on those ports.

On many Linksys models this can be done at the URL; http://192.168.1.1/Filters.htm
Under "Filtered Private Port Range".

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
Anonymous
July 30, 2005 11:45:09 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Dave: After blocking those ports in my Linksys, I could not access the
internet

Tom

|
| Not really blocked. Its like a closed door and the right information can
open the door.
| Specifically going into the Router and placing both TCP and UDP ports 135
~ 139 and 445 into
| the port blocking area ( "Filtered Private Port Range") will lock that
door and neither can
| MS Networking information escape nor entry from the Internet be made on
those ports.
|
| On many Linksys models this can be done at the URL;
http://192.168.1.1/Filters.htm
| Under "Filtered Private Port Range".
|
| --
| Dave
| http://www.claymania.com/removal-trojan-adware.html
| http://www.ik-cs.com/got-a-virus.htm
|
|
Anonymous
July 30, 2005 2:11:51 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Dave: Thanks for the image. I only had the 445 in *one* field instead of
two. DUH!

Works fine, now.

One question: will blocking 445 have any effect on Knology's DHCP service,
or is that only for internal networks?

I have my NIC configured to use a static IP from the router, and have
Knology's DNS servers listed.

Thanks!

Tom
| Tom:
|
| I don't know how you set it but I do know that I have that set on my
Linksys BEFSR81and I
| have no problem accessing the Internet. I have also set that blockage on
other Linksys
| models as well as on Asante Routers. I have also provided this advice
*numerous* times and
| you are the first to note a problem as feedback.
|
| I know you are aware that Internet activity does not rely on ports 135 ~
139 and 445, only
| MS Networking, so a mistake must have been made in setting the port
blockage.
|
| Please refer to the attached JPEG.
|
| --
| Dave
| http://www.claymania.com/removal-trojan-adware.html
| http://www.ik-cs.com/got-a-virus.htm
|
|
|
Anonymous
July 30, 2005 4:25:55 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "Tom Pepper Willett" <tompepper@mvps.invalid>

| Dave: Thanks for the image. I only had the 445 in *one* field instead of
| two. DUH!
|
| Works fine, now.
|
| One question: will blocking 445 have any effect on Knology's DHCP service,
| or is that only for internal networks?
|
| I have my NIC configured to use a static IP from the router, and have
| Knology's DNS servers listed.
|
| Thanks!

Port 445 is used for non NetBIOS SMB communications which is only available in NT based OS'.
It will not effect DHCP since that uses TCP port 67 (based upon its parent protocol BootP
Server).

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
!