|
Home »
Networking
»
Firewalls
Summary: Firewall software can help protect against remote intrusion attempts, as well as outgoing attempts. 192.168 addresses give a clue as to the source.
One of the common annoyances with software firewalls is exactly this: that you may get repeated notification of access attempts, with no real sense of where they're really coming from, and whether or not they're legitimate. In this case, I can't really say whether it's legitimate. But I can say that the IP address is closer than you think. • The IP address range 192.168.x.x is never seen on the internet. By definition that range and a couple of others are reserved specifically for local area networks. Your router's internet-facing connection has a real internet address. But the inward-facing connection on which your computer and perhaps others are connected will have an IP address like you've seen: 192.168.0.101 is one common default configuration for routers. The router also assigns the IP addresses for the machines on your local network from that same range. It then also takes care of translating between the "real" internet IP address and the local network IP addresses as data flows to and from the internet. "The IP address range 192.168.x.x is never seen on the
internet. By definition that range ... [is] reserved specifically for local area
networks."
What that implies is that 192.168.0.105 is a machine on your local network. So the next step is pretty easy: check the IP addresses assigned to the machines on your network and you'll quickly find out which machine is the culprit. My favorite way to get the IP address is to open a Windows Command Shell and type in "ipconfig" followed by Enter; you should get something much like this:
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Here you can see my router is assigning from the "192.168.1.*" range, but it's the "192.168" part that shows that I'm behind a router performing this network address translation or "NAT". Now, there's a interesting scenario you might run into and that's this: you might find that the IP address is that of the very machine you have your firewall installed on. There are a couple of reasons that might be:
Regardless of the reasons, and be it from your own machine or another machine on your local network, understanding the alert is the first step. Hopefully the firewall will include additional information like the "port" the attempt is being made on, which will often tell you what it's trying to do. For outgoing alerts, the firewall should also be able to tell you what software or service on your machine is requesting the connection. If the firewall's not giving you that information in the alert, then check any logs that the firewall might be creating. Using that information you can make a call as to whether or not the alert is legitimate. If it's not, if it's just an annoyance, then it's time to reconfigure the software firewall to stop bugging you about it. And if it's not legitimate, then of course, you'll want to address the underlying cause. Related:
Article 12305 | Posted March 23, 2008 |
Stay Informed Archives Advertisers |
|
•
If you have a wireless connection it's possible that someone else has hacked into your network and is trying to break into your computer.
Posted by: vincent at March 24, 2008 2:02 AMI thought I should mention it because it happened to me once...
One more point - It could be a hacker connected to your LAN through your router's WiFi connection. Is your router's wifi security enabled? Is it WEP - which is easily broken? If your LAN does not have a PC with IP .105, this could be the case.
Quickly enable WPA security on your router. If that is not possible, change your router to one that gives this level of security. Another protection is to enable MAC filtering on your router to allow only those devices whose MAC is known to you and you have configured it on your router.
If you are not using WiFi, just disable radio on your router.
Posted by: Rahul at March 24, 2008 6:58 AMUhm, Rahul, that is what I meant with my first post ;-)
Posted by: vincent at March 24, 2008 11:02 AMI probably wasn't clear enough, sorry.
Anyway, forget mac filtering too, it isn't secure either, trust me...
Actually, since I was the author of the query to Leo about this issue, I thought it might be helpful to announce that Leo is (as is almost always the case) dead on in his remote analysis. The IP address at issue does, in fact, belong to a member of our LAN; namely. our Dandy Dell Laptop. However, I for one, at least, appreciate the additional comments provided above in re WIFi et al!
Posted by: Doug Hagan at March 28, 2008 7:13 PMIf someone is using your wifi connection, he/she will be on your LAN with appropriate IP fro myour LAN's DHCP. An exterme measure I would like to mention would be to close down DHCP and take complete charge of assigning fixed IP to equipment on LAN. However this gets to complicated for anything but a trivially small LAN - e.g. home network would be ideal candidate. I use this for my home network along with other safeguards. Only issue I have faced till now is to add a friend's laptop when he/she visits but that is trivial. I assign another IP when I permit the MAC on the network. Oh and one more thing, if a friend does not want me to mess with his/her computer for IP assignment, no connection for that PC.
Posted by: Rahul at March 31, 2008 2:03 PM