Jump to content
Not connected, Your IP: 3.147.62.99
philips

Detected Network Attacks on Netherlands servers

Recommended Posts

Hi Evrybody,

 

Since Yesterday, my antivirus (Kaspersky Internet Security 2016) has detected 3 network attacks when I was connected to Netherlands servers. The Intrusion prevention module says that the "network attack has been blocked.

 

The details are:

UDP against "ip adress" on the port 1434

 

The ip adresses are:

- 120.193.156.174

- 219.140.181.106

- 221.232.247.2

 

I'm a little worried about that because it's the first time. Is it normal, like false-positive?

 

Best Regards

 

Philips

Share this post


Link to post

That can only happen if you have some ports forwarded. Otherwise when you are connected to a server, no traffic from the internet can

reach your machine. If you are sure you were connected to the VPN server while you saw these messages, then it is a false positive.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Hi!

 

Thanks for your answer. I don't have any forwarded ports.

 

I'm sure I was connected on VPN, but I have some troubles with Kaspersky firewall and Windows Firewall Network locking from Eddie. I think that y conection is leaking sometimes. I'm waiting Eddie 2.11 to solve ths problem 

 

I was very surprise because the detected attacks wer from 3 differents IP adresses, and every ip were located in China. The first day, the two different adresses were from the same city. So, I think the attack comes from outside VPN servers. I was connected to a public wifi.

Share this post


Link to post

I saw these attacts too and I do have ports forwarded. It flooded and brought down my VM. Will need to figure out a way to throttle connection coming into those forwarded ports.

Share this post


Link to post

Hi!

 

Thanks for your answer. I don't have any forwarded ports.

 

In this case what Kaspersky reported pertained to your "real" IP address.

 

I'm sure I was connected on VPN, but I have some troubles with Kaspersky firewall and Windows Firewall Network locking from Eddie. I think that y conection is leaking sometimes. I'm waiting Eddie 2.11 to solve ths problem

 

Don't do this. You have two processes competing to modify concurrently the packet filtering tables of your system with unpredictable outcome. In Windows, if you run a third-party firewall, you must not activate Network Lock, because it uses Windows Firewall. You can test Eddie 2.11.8 beta for Windows which implements, by default, a Network Lock using Windows Filtering Platform, instead of the Windows Firewall. As long as your third-party firewall does not modify WFP rules and does not set interfering rules, you can run the third-party firewall and keep Network Lock WFP active.

 

To download Eddie 2.11.x beta please see here:

https://airvpn.org/topic/18625-eddie-211beta-available/

 

Kind regards

Share this post


Link to post

Hi!

​Thanks for your answer. I'm downloading Eddie 2.11.x beta. I will try it

​Best Regards

Share this post


Link to post

Hi!

 

I have downloaded it but I have a problem with the checksum. I don't have the expected ones.

 

With eddie-ui_2.11_windows8_x64_installer.exe, I have:

 

MD5: 0481a56af836133350e18e4c6834e1ec

SHA1: 5f7600f7803db667d6d9736f4a47865c61dcc166

SHA256: cebb75efb0630b53edfceb17fa348d62ed2c19a88db641f73fb0ba6a884295fe

SHA512: c30e44176f06e6fe934cf35b02b17ba55927736220c573a821bed9eee7ccd2f4ab129bb95024939a63930fb0646955a8f2d13e8e91b053a423106116aaed2979

 

When I check signature on the website, I find:

 

MD5 5c70c63ce910022ad5e7a9a8b4a1c1c0 SHA1 ed165ccacaf1ad51ed8006a4db2a917a4994b4da SHA256 b9be8ff27fb03008d25e687fe1f95872f76c2a848e610bf6620b187189e45af0 SHA512 048cc82c3282471667f308b90edf8e1bd4dcc11b51970d0db27505e1804894053f626aac4ed315f9ff6c37a7aa74bbce116a8000d0ccd75ec2facb3ba4529087

 

 

Is it normal?

 

 

Best Regards

Share this post


Link to post

@philips

 

The error is on our web site, the signatures you published for that package are correct, we're going to investigate the issue very soon.

 

To make it clearer, on the 64 bit package:

 

$ openssl sha256 eddie-ui_2.11_windows8_x64_installer.exe
SHA256(eddie-ui_2.11_windows8_x64_installer.exe)= cebb75efb0630b53edfceb17fa348d62ed2c19a88db641f73fb0ba6a884295fe

 

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...