I'm seeing lots of attacks. Is this normal?

Remy_3D

This article applies to: BlackICE Defender.

SUMMARY
Yes.

DETAILS
How often you will detect scans depends upon your connection type and how long you are connected.

cable-modems
Scanned/attacked several times per day. It depends upon the cable-modem segment you are on, but some people are getting attacked as much as 20 times per day. We believe scans are so common because hackers know that virtually all cable-modems are in the range 24.x.x.x. We suspect that those in the low range of 24.1.x.x receive more than those in higher ranges (i.e. 24.94.x.x).

DSL modems
Varies widely, some are only about once per week, others receive a couple per day. We suspect that some DSL ranges are better known among hackers, and therefore get attacked more.

dial-up modems
This varies widely, though you should see a scan against your system about once per month. It depends upon how often you are online, and what ISP you use. Since some hackers "camp" on IP addresses (waiting for people to dial-up), you are most likely to be scanned within a few minutes after you connect to the Internet.

The following are the most common attacks/scans against your system. Because you are running a built-in firewall, the hackers rarely get past the "scanning" stage (they only "attack" the system if the "scan" reveals something interesting).

TCP port probe
Hacker looking a particular way at your system (using TCP). The hacker has a single exploit he/she is trying on millions of systems.

UDP port probe
Same as above, but with UDP.

Trojan Horse probe
Testing to see if you've been compromised by a Trojan Horse, using TCP.

TCP port scan
Hacker is scanning for all the open ways into your system.

WhatsUp scan
Hacker is scanning you with a popular program called "WhatsUp".

UDP Trojan Horse probe
Similar as above, but using UDP.

SOCKS port probe
Hacker is testing your system for SOCKS, which might allow him/her to hide behind your system when attacking others.

Back Orifice ping
Testing your system to see if you are vulnerable to Back Orifice.

ICMP unreachable storm
Trying to disconnect your system from the network.

SNMP discovery broadcast
Scanning your area of the network in order to discover systems.

SUNRPC port probe
Testing your system to see if it supports UNIX, and then to see which UNIX-specific ways he/she can break into your system with. Obvious not a concern if you are running Windows.

TELNET port probe
Another UNIX-specific test against your system.

NetBIOS port probe
Tests to see if you have shared your hard disk with the rest of the world (10% of Windows users do this).

The following are the most common reasons hackers attack systems:

Island hopping
The hacker hopes to compromise your cable-modem or DSL connected computer because it is often on 24-hours a day, and because it always has the same IP address. The hacker hopes to then funnel all his/her attacks through your machine in order to hide his/her true IP address. Hackers often chain multiple machines together like this. See SOCKS for more info.

ISP Passwords
The hacker wants to scan your system for passwords. If they find your ISP information, they can dial-up as you and use your account for their nefarious deeds. For example, they can dial in from a pay phone and use your account to attack the Pentagon.

Web-site Passwords
They are hoping maybe you have a paid account with porn sites, and they want to steal those passwords so they can log in for free.

Corporate Passwords
They are hoping you have some passwords on your machine (for telecommuting) that they can use to bypass corporate firewalls.

Personal Information
They are hoping to find maiden names, children names, social security numbers and so on in order to commit "identity theft". If they get this information, they can often steal money from your bank account.

Online stock info
Some want simply to buy/sell stocks in your name, others want a check cut to their name. If a hacker buys/sells stocks in your name, you are liable for the result.

Online bank info
The hacker wants to steal money from your account. You are liable for losses in this manner.

Credit card info
The hacker wants to steal your credit card. They will often use it for porn accounts. You are generally NOT liable for credit card loss if you check your bill regularly. For most credit cards, the maximum damages you are liable for are $50.

cz

i really likes the blackice defender but have to purchase it to use.
I dont mind if i cant obtain it as i'm using iptables