IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> KIS, Linksys router and Slammer question?
enterclevermonik...
post 27.07.2008 04:16
Post #1


Newbie
*

Group: Members
Posts: 3
Joined: 27.07.2008




Hi all,

I have searched the net for days regarding this and came here as a last resort. I hate to ask stupid questions... My I.S.P. admin couldn't even tell me if this was normal behavior regarding the following:

I am using a Linksys WRT54G with the latest firmware plus I have the awesome Kaspersky software suite KIS 7.0.0.125. The software is the best I have ever owned and I am most definitely going to be a repeat customer. bravo.gif

The question is this though. I keep getting messages from the software firewall that it has blocked Helkern SQL blah blah, I know that this is a good thing. I have seen the "help" and info on the Kaspersky site regarding "what" Helkern is etc etc but shouldn't the worm be stopped cold at my router since a request hasn't been made by my machine to start with instead of making it through the Linksys to my hard drive to the software firewall? I'd expect this if I weren't using a router. Anon Internet Requests etc are blocked in the router.

I would rather set my head on fire than even try to navigate the Linksys website any further than I already have (days). I'm not running an SQL server although I did find a sql type dll and a rll in a search of the machine. I know it's not a big deal, just internet noise. I want to know why it makes it's way through the router...maybe the router is fried??

Any info as to why the worm is making it through the router to my hard drive would be greatly appreciated and any info as to how to block it there at the router would be as much appreciated as well. I've tried blocking services 1433 and 1434 at the router side without any success at stopping the requests.

I've even had my IP address changed by a pal at the ISP, changed the router name, octets in the router and installed a different hard drive I formatted for the box and keep getting "slammed" from several Chinese IPs on a clean install and different IP, different router set-up. I'm glad I have the ability to at least deny the IP's using KIS for up to 9999 minutes. I wish there was a feature to deny them for good. It'd be that much less traffic on the network and that much more for us to game on.

Thanks for having a look. I know this is probably anal on my behalf but it's driving me nuts trying to decide if I should trash this router and get another one or if this is normal behavior for Helkern.

God Bless.

This post has been edited by enterclevermonikerhere: 27.07.2008 04:34
Go to the top of the page
 
+Quote Post
Lucian Bara
post 27.07.2008 12:50
Post #2


Are You Kidding?
*****************

Group: Gold beta testers
Posts: 56947
Joined: 28.01.2006
From: Timisoara, Romania




hello
won't do you any good, slammer will attack you over and over at random, there are hundreds or thousand of ips to block. so, just ignore it
Go to the top of the page
 
+Quote Post
enterclevermonik...
post 28.07.2008 08:46
Post #3


Newbie
*

Group: Members
Posts: 3
Joined: 27.07.2008




QUOTE(Lucian Bara @ 27.07.2008 02:50) *
hello
won't do you any good, slammer will attack you over and over at random, there are hundreds or thousand of ips to block. so, just ignore it



Thanks Lucian,

I'm just naturally curious and can't stop obsessing as to why the attacks don't stop at my router. I'm missing something pretty obvious I suppose. I guess I can't expect much from a 50 dollar router eh? =) I believe next week I'll try DD-WRT linux firmware for the router if I can't find a satisfactory answer between now and then, maybe the router will actually have a decent hardware firewall like it's supposed to then. I just can't understand how the attack makes it past the router firewall, then again you get what you pay for.

I was wondering if there is anyway I can block the ip's that are attacking indefinitely by using KIS firewall instead of 9999 minutes to "forever" "indefinite" (unless otherwise specified) as I have no desire to connect with anything infected anyway? =P

Have a great week!

Peace and God Bless.
Go to the top of the page
 
+Quote Post
Lucian Bara
post 28.07.2008 14:13
Post #4


Are You Kidding?
*****************

Group: Gold beta testers
Posts: 56947
Joined: 28.01.2006
From: Timisoara, Romania




you could make firewall packet filtering rules that block traffic on port 1434 from the ips you want to block.
Go to the top of the page
 
+Quote Post
enterclevermonik...
post 29.07.2008 23:33
Post #5


Newbie
*

Group: Members
Posts: 3
Joined: 27.07.2008




QUOTE(Lucian Bara @ 28.07.2008 04:13) *
you could make firewall packet filtering rules that block traffic on port 1434 from the ips you want to block.


Thanks once again Lucian,

I apologize for being off-topic on this forum, I am just curious by nature.

I will give that a try if the forwarding ports 1433-1434 to a "phantom" ip address doesn't work. (Gotta learn somehow). Monday July 29th

It appears that your idea and mine both work! I've been watching the log on the router and everything is a-OK in either scenario. You're brilliant Lucian, thank you! Tuesday 30th.

A fan of Kaspersky I be. =)

Peace and God Bless. wink.gif
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 26.10.2014 02:49