Jump to content
  • Announcements

    • Rodion Nagornov

      Недоступность форума // Forum maintenance   08/16/2017

      В связи с техническими работами форум будет недоступен с 20.00 (МСК) 18.08.2017. Максимальное время недоступности - до 20.00 (МСК) 20.08.2017. *** Due to maintenance forum will be unavailable since 8pm (+3 GMT) 18-Aug-2017. The longest possible time of maintenance - till 8.pm (+3 GMT) 20-Aug-2017.
enterclevermonikerhere

KIS, Linksys router and Slammer question?

Recommended Posts

Hi all,

 

I have searched the net for days regarding this and came here as a last resort. I hate to ask stupid questions... My I.S.P. admin couldn't even tell me if this was normal behavior regarding the following:

 

I am using a Linksys WRT54G with the latest firmware plus I have the awesome Kaspersky software suite KIS 7.0.0.125. The software is the best I have ever owned and I am most definitely going to be a repeat customer. :bravo:

 

The question is this though. I keep getting messages from the software firewall that it has blocked Helkern SQL blah blah, I know that this is a good thing. I have seen the "help" and info on the Kaspersky site regarding "what" Helkern is etc etc but shouldn't the worm be stopped cold at my router since a request hasn't been made by my machine to start with instead of making it through the Linksys to my hard drive to the software firewall? I'd expect this if I weren't using a router. Anon Internet Requests etc are blocked in the router.

 

I would rather set my head on fire than even try to navigate the Linksys website any further than I already have (days). I'm not running an SQL server although I did find a sql type dll and a rll in a search of the machine. I know it's not a big deal, just internet noise. I want to know why it makes it's way through the router...maybe the router is fried??

 

Any info as to why the worm is making it through the router to my hard drive would be greatly appreciated and any info as to how to block it there at the router would be as much appreciated as well. I've tried blocking services 1433 and 1434 at the router side without any success at stopping the requests.

 

I've even had my IP address changed by a pal at the ISP, changed the router name, octets in the router and installed a different hard drive I formatted for the box and keep getting "slammed" from several Chinese IPs on a clean install and different IP, different router set-up. I'm glad I have the ability to at least deny the IP's using KIS for up to 9999 minutes. I wish there was a feature to deny them for good. It'd be that much less traffic on the network and that much more for us to game on.

 

Thanks for having a look. I know this is probably anal on my behalf but it's driving me nuts trying to decide if I should trash this router and get another one or if this is normal behavior for Helkern.

 

God Bless.

Edited by enterclevermonikerhere

Share this post


Link to post
Share on other sites
hello

won't do you any good, slammer will attack you over and over at random, there are hundreds or thousand of ips to block. so, just ignore it

 

 

Thanks Lucian,

 

I'm just naturally curious and can't stop obsessing as to why the attacks don't stop at my router. I'm missing something pretty obvious I suppose. I guess I can't expect much from a 50 dollar router eh? =) I believe next week I'll try DD-WRT linux firmware for the router if I can't find a satisfactory answer between now and then, maybe the router will actually have a decent hardware firewall like it's supposed to then. I just can't understand how the attack makes it past the router firewall, then again you get what you pay for.

 

I was wondering if there is anyway I can block the ip's that are attacking indefinitely by using KIS firewall instead of 9999 minutes to "forever" "indefinite" (unless otherwise specified) as I have no desire to connect with anything infected anyway? =P

 

Have a great week!

 

Peace and God Bless.

Share this post


Link to post
Share on other sites
you could make firewall packet filtering rules that block traffic on port 1434 from the ips you want to block.

 

Thanks once again Lucian,

 

I apologize for being off-topic on this forum, I am just curious by nature.

 

I will give that a try if the forwarding ports 1433-1434 to a "phantom" ip address doesn't work. (Gotta learn somehow). Monday July 29th

 

It appears that your idea and mine both work! I've been watching the log on the router and everything is a-OK in either scenario. You're brilliant Lucian, thank you! Tuesday 30th.

 

A fan of Kaspersky I be. =)

 

Peace and God Bless. ;)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×