Since last Monday Avast informs me that he blocks connection with an IP-address because of “DCOM Exploit” attack. This information comes two-three times a day irregardless of the site I’m visiting. The pop-ups disappear so quickly that I hardly managed to note down the malicious IP - 93 dot 85 dot 238 dot 195 colon 135/tcp
Could anybody explain what’s going on in plain English?
Certainly I know this company - it is my Internet provider. It is very strange to be attacked by your own provider. I think I have to contact them, right?
Are you running a firewall?/Is your pc updated?
According to those threads, the firewall should protect against it...
My Vista has all the latest updates and I'm using Windows7 Firewall Control (former Vista Firewall Control).
It doesn’t matter what site you are visiting as it generally has nothing to do with that.
The DCOM attack tries to exploit a vulnerability in your OS, if it is up to date then it can be exploited, but that doesn’t stop the speculative attempts in the hope to find an out of date system.
The attacks aren’t specific, e.g. targeting you, but random selection of IP addresses hoping to get a good one. This is frequently a user who has the same ISP, whose system is infected and trying to infect others on the range of IPs that are under that ISP.
The firewall is has been suggested, should be the first line of defence, but for whatever the network shield has got in first as it monitors common attack ports.
So, I understand the situation this way: an infected computer is trying to find vulnerabilities in other computers using my ISP connections. Does it mean that my provider has problems in anti-malware protection?
I wouldn’t like to install software firewall. I had some “not good” experiences (BSOD, to tell the truth) while trying to use Comodo’s one.
ISPs have thousands of IP addresses and you are assigned one dynamically (not a fixed one every time) when you first connect, the same is true of someone else using your ISP, so when you do a whois on the IP address it is one of these that belong to the ISP.
So it is more common for this type of thing rather than take completely random IPs (millions of them) to generally stick within the ISPs range of IPs.
It is unusual to find you get BSODs through having installed a firewall, I have never had one directly related to the firewall in all those I have used, but for over six years I have stuck with the same one from Agnitum, Outpost Firewall in various versions along the way.
Many forum users are using these:
PC Tools Firewall seems to have the least user headaches as it doesn’t seem to be constantly asking the user questions about this and that.
Online Armor for the most parts fine but it has caused some users grief after avast program updates and that is something you have to watch out for.
Comodo (which you didn’t have a good experience) is now a suite and you have to do a custom install so as not to install the antivirus element (or use the add remove programs to remove the AV element if already installed), of all the firewalls listed this seems to be the noisiest in asking questions, depending on settings and elements used, so it could be daunting for those not to familiar with firewalls or their systems.
Many forum users are using these:
- PC Tools Firewall seems to have the least user headaches as it doesn't seem to be constantly asking the user questions about this and that.
PC Tools fw is buggy.
Online Armor for the most parts fine but it has caused some users grief after avast program updates and that is something you have to watch out for.
OA Free hasn't given me any problems. If while the set up wizard is running you check off what you want to allow, you wont be bugged by OA. You will need to allow updated programs.
I don’t use my license for OA Premium due to every boot I get a magicJack .dll pop up. MagicJack .dll’s are always changing. This doesn’t happen in OA Free.
Outpost Firewall 2009 free, a cut down version of the Outpost Firewall Pro version, which should still provide good protection,
Outpost Free & Pro drastically slows my & others internet speed. Plus it's been reported Outpost Free's inbound protection is weak.
As everyone can see in my sig., I use OA on XP & Windows 7 Firewall control on Vista 64bit. I’m waiting for a 64bit version of OA.
I’ve tried every fw for Vista 64bit I could find & Windows 7 Firewall control is the only one without problems. (From my experiences with Outpost & Comodo in XP, I didn’t even bother trying them on my Vista 64bit) :
This is not strange to me as my ISP tries to access my computer every few minutes anytime I am on-line ever since I first started using this ISP many years ago. I assume they are trying to verify who is using the connection. They should already know this from when I make the initial connection and they never get in.
Avast has never needed to warn me of this because my old version of Zone Alarm always has blocked this action and so Avast never sees this happen. By the way, I use an old version of ZA that is the last version before the original ZA was bought out and became bloated. I do not recommend anyone use such an old version unless you are very sure you know (not think, but know) what you are doing.