Hello!
I had very many attack on my computer from some IP-addresses: 218.48.49.15, 218.50.78.135, 218.50.43.129 and etc. Antivirus Avast blocked attackes from this addresses with message including name of viruse “DCOM Exploit”. I find located this IP-addresses by NeoTrace in some networks of Seoul.
I am locate in Seoul but I know that hackers can masking under another addresses.
I have questions:
How hacker may determine my IP-address (I know some ways - by transfer files to icq, registration on some sites). May be exist another ways?
Can I define real IP-address of hacker if it masked his IP-address?
They don’t determine your IP they just use a random IP number blocks and cycle through them (using a program) in the hope that they hit a vulnerable system.
This may be a somewhat pointless exercise, the IP may be for an ISP and it could be one of their customers systems that is infected and pumping out these exploit attempts.
This is the avast Network Shield working, which is an intrusion detection monitoring known attack points. It would appear that your firewall isn’t blocking these attempts as a competent firewall should catch this before avast.
What is your firewall ?
If your operating system is up to date it is likely it wouldn’t be vulnerable to this exploit.
What Operating System are you using ? is it up to date ?
Check the avast! Log Viewer (right click the avast icon), Warning section, this contains information on all avast detections. and post the information about the warning/attempt ?
There really isn’t any need to disable DCOM if your system is fully up to date it isn’t vulnerable to the DCOM exploit (patched by MS years ago). That way if DCOM is required for legit purposes it is available.
What firewall are you using? A good firewall that stealths all your ports should prevent those attacks. I recommend PC Tools Firewall Plus , it will stealth your ports with the default settings & uses little RAM. Works for me. Requires 2000, XP or Vista 32 bit.
Kerio Personal Firewall 2.1.5
OS: Win98/Me/NT4/2000/XP
Kerio Personal Firewall is a small and easy to use system designed for protecting a personal computer against hacker attacks and data leaks. It is based on the ICSA certified technology used in the WinRoute firewall. The firewall itself runs as a background service, using a special low-level driver loaded into the system kernel. This driver is placed at the lowest possible level above the network hardware drivers. Therefore, it has absolute control over all passing packets and is able to ensure complete protection of the system it is installed on.