JKee 0 Posted February 8, 2018 Posted February 8, 2018 Hello, I have been warned by ESET that I have been TCP-attacked multiple times in a minute. I was given IP's that have been abusing me and wrote them down on a .txt file just in case I will need them. Not sure if that is related but my network connection has been going wild just an hour before TCP attacks started. Any suggestions what should I do? Anything I can do with the IP's I wrote down to stop TCP attacks?
Administrators Marcos 5,455 Posted February 8, 2018 Administrators Posted February 8, 2018 Are you behind a router with NAT? Are the attacks coming from outside or from other devices in the network?
JKee 0 Posted February 8, 2018 Author Posted February 8, 2018 I live alone so I decided I will need no router, so I do not have it. It is only 1 "internet wire" plugged to my computer, so it must be attacks from outside, not other devices connected to my network.
JKee 0 Posted February 8, 2018 Author Posted February 8, 2018 By the way, there is one very odd thing. I was fast enough to write down 4 IP's I was told attacking me and two of them are almost identical, xxx.xx.xxx.xx4 and xxx.xx.xxx.xx1.
itman 1,802 Posted February 8, 2018 Posted February 8, 2018 Need more information. Post a screen shot of the Eset alert you are receiving.
TomFace 540 Posted February 8, 2018 Posted February 8, 2018 (edited) If you have the IP addresses you can look them up at http://www.whatsmyip.org/ip-geo-location/ Also Domain Tools may be able to provide some additional information.http://research.domaintools.com/ Only enter the first 4 sets of numbers (i.e. 222.186.138. 64). Edited February 8, 2018 by TomFace
JKee 0 Posted February 8, 2018 Author Posted February 8, 2018 I do not have an exact screenshot of it but it said something like this: "A computer (IP) on the network is sending malicious traffic, it might be an attempt to attack you". Checking the IP addresses on hxxp://www.whatsmyip.org/ip-geo-location/ will take the map to the ocean of north-west Africa.
itman 1,802 Posted February 9, 2018 Posted February 9, 2018 (edited) Refer to this Eset Knowledge Base article: https://support.eset.com/kb2939/ . As noted in the below excerpt if the IP address/addresses fall in one of the ranges shown, you're going to have to exclude it from IDS detection: Quote Examples of internal IP address ranges known to be safe (where "x" is 0-255): 172.16.x.x - 172.31.x.x 192.168.x.x 10.x.x.x Edited February 9, 2018 by itman
Recommended Posts