My ISP did move me from a dynamic IP to a fixed IP, but the attacks continued. I have run exhaustive antivirus...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
and antispyware checks on my LAN comps, which are all clean. I run ESET on the PCs and have a local server, although the server was not online when I changed IP address. How can this happen, and do you have any suggestions?
The attacks are most likely targeting a large number of IPs or networks so changing your IP will not stop the scans because the attackers will eventually scan your new IP.
If you still think that your systems are under targeted attacks or have other evidence of a kernel intrusion attack, your next step should be examining the network traffic in more depth. You may want to scan your systems with different antimalware software than you are currently using or perform the scans in safe mode, Monitoring for unexpected network traffic can help determine if systems have some type of malware that is stopping the antimalware software from working.
Make sure you have the appropriate authorization to monitor your network. There are a number of open source tools that can be used for network monitoring by simply running a bootable live CD off an unused computer. You may want to monitor your network for a couple days to get a good sample of traffic to analyze, but the more traffic you capture, the more effort it will be to analyze the data. Look for traffic originating from one of your computers when it's not in use. You will most likely see some traffic to Microsoft, your antimalware vendor for updates or new antimalware definitions, or other similar legitimate background operations. You may want to start with a short time period to get a sense of the network traffic on your network and then expand from there. You will need to mirror or get a copy of the traffic to the computer doing the monitoring so you can analyze the traffic and determine if anything suspicious is traversing your network.
Dig Deeper on Real-time network monitoring and forensics
Related Q&A from Nick Lewis
DoubleAgent malware is a proof of concept for a zero-day vulnerability that can turn antivirus tools into attack vectors. Expert Nick Lewis explains ...continue reading
A new POS malware downloads a RAM scraper to avoid detection. Expert Nick Lewis explains the tricks MajikPOS uses to target retail terminals and how ...continue reading
An Apache Struts vulnerability is still being exploited, even though it has already been patched. Expert Nick Lewis explains why the Struts platform ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.