Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

I'm being notified of an intrusion attempt, what should I do?


The security on my computer says network traffic from (some IP address)
matches the signature of a known attack. does this mean someone tried to hack
into my computer and if so, how do i find out who it was?

Yes it does, and no it doesn’t.

And finding out who it was it not only difficult, but probably pointless as

Become a Patron of Ask Leo! and go ad-free!

While it’s certainly possible that someone is attempting to break
in to your computer, it’s really not very likely. By that I mean that unless
you present some kind of lucrative target for some reason, there’s not likely
to be someone out there trying to get at you specifically.

What’s more likely is that:

  • There are thousands of infected computers out there

  • They’re trying to infect anyone who isn’t protected

“Firewalls protect you from these random and
unauthorized attempts.”

Most viruses work by trying to infect other machines once they’ve infected
yours. They do that through a number of different ways, but the important thing
here is that they’re simply machines, and they’re dumb. They’re just looking to
infect anyone that they can reach.

If you were to actually look at the traffic on the internet you’d see that a
great portion of it is exactly that: infected machines randomly or methodically
attempting to reach out and infect other machines.

This is why you need a firewall. Even a NAT router will do.
Firewalls protect you from these random and unauthorized attempts.

The great news here, is that it sounds like you already have that in place.
It’s likely your firewall that’s reporting the intrusion attempt.

You could try to track down the infected machine trying to infect you, I
suppose. The problem is that with only the IP address you can only get as far
as the ISP that provides that machine’s internet connection. That’s not going
to do much for you.

In your shoes, I’d ignore it, knowing that my firewall was protecting me,
and get on with my life.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

3 comments on “I'm being notified of an intrusion attempt, what should I do?”

  1. OK. I am getting this intrusion attempt. My information says that the attacking computer is my own (I would think that this was the computer that is trying to attack mycomputer). And then i gives another desination attempt. It happens when I’m trying to access the internet. So I’m assuming that my computer is trying to access a site that is not trusted by my firewall. However, I don’t recognize the website as one that I’ve ever attempted to purposely access. So now, it comes up as my homepage and when I try to set my homepage back to the default, it will set it for one try and then it reverts back to the intrusion site. How can I change this? I would like to get into the internet without goin through this routine every time. Thank you

  2. Leo, if I knew that the intrusion attempt occurred while I was visiting a specific website, does it mean that that website played a part (large or small) in allowing that intrusion attempt to occur? Is that website culpable to some degree? Thanks…

    Not neccessarily. They could have been hacked, or the malware could have come through an advertising network (very rare, but possible), or other things that I can’t think of. It’s possible, but not guaranteed that the website is involved.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.