Hi there, I don't really know much about firewalls/ip addresses, etc., and I'm a little worried because I just set up an internet connection in South Korea, and I'm getting incoming alerts every ten seconds or so from my firewall program...
These incoming alerts are almost all for 211.224.x.x addresses of all sorts of different ports all trying to get at port 135 for "Generic Host Process for Win32 Services" svchost.exe. I think it's a Korean range.
I know nothing about IP addresses and ports and the like, so I don't know if this is coming from my provider or some guy trying to worm his way into my system. I'm about ready to set up a rule against all incoming connections in the 211.224.x.x range but I don't know if that's going to kill my internet connection or not...
Attacks aiming port 135 are very common. Just keep your firewall up and avoid to use "Share files and printers".
Intel based computers have 65536 ports, all can be used to connect to the internet. However the "low" ports, that is bellow 1023, are the most common targets of attacks.
Ok, thanks for the reply (and, as an aside, thanks also for not answering my question like I'm a total idiot).
Back in my home country, I had this same computer and firewall software for another internet connection, but there weren't as many attacks at port 135, so I was worried that with this new connection I might be in a network with many hostile processes trying to get into my computer.
Hmm. Sorry, but to be clear at first: you have a computer you don't understand, you use this computer to get into the internet which you don't understand, and use a firewall software you don't understand either, to protect you against something you don't understand. Hmm. Maybe you should try to learn a little bit more about how things working. This should be your first priority.
Regarding your "problem". The problem is your choice of the firewall program and that you run it in the default configuration which is obviously tuned to tell you all the time what a great shop it is doing. The warning you get are absolutely useless: it reports you just that someone tried to access your computer and this access was blocked. Nothing really of interest happened. The firewall just did what it was supposed to do. Telling you this is useless because there is nothing of interest in these messages and you don't have to react to these messages in any way. They are really just a constant reminder of the marketing people that their product is doing such a great job...
So, the solution is to better understand how to configure your firewall program so that it does not annoy you with messages that are useless. Make sure you only turn the messages off that are related to the incoming traffic. Your firewall program should have something somewhere in its settings. As you did not tell which one it is, it is hard to tell. If it is not possible to change this behaviour, the only other advice is to get a different firewall program or look for a different solution like a hardware firewall router.
It most likely some computers that have been taken over by some worm and no it tries to spread... Annoying but there is nothing you can do about it and also no further concern for you as long as the firewall is doing what it is supposed to do.
Do not block it. As you are in this range, too, you basically cut the line. Again, as long as there are no longer timed, constant attacks from one IP address or a very limited set, you should never block specific IP addresses manually. Just turn off these warning that are useless. Understand that if you connect to the internet anyone else in the internet can try to connect to your IP address. Your firewall is supposed to prevent unwanted contact from the outside. It does not have to tell you how many people tried it.
You don't need a program on your computer either that ever 10 seconds tells you: "everything is working normal"...
Actually, ALL computers that speak TCP/IP (meaning all that are connected to the internet - no matter if Intel based, Apple, or one of the mainframes running UNIX) have 65536 TCP ports and 65536 UDP ports that can be used to connect. That is a function of the TCP (or UDP) protocols. But those are only two of the 138 networking protocols that may be used.
This is because those ports are where "well known" services are found. Thus, if your computer wants to send mail to a remote computer, it would connect to port 25 on the remote computer because if that remote computer is going to accept mail, it is probably running a mail server on that port number.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.