Network Attack Blocker

Network Attack Blocker

Kaspersky Internet Security protects your computer against network attacks.

A network attack is an attempt to break into the operating system of a remote computer. Criminals attempt network attacks to establish control over the operating system, cause operating system denial of service, or access sensitive information.

The term “network attacks” applies to malicious activity of criminals themselves (such as port scanning and brute force attacks) and to the activity of malware installed on the computer under attack (such as transmission of sensitive information to criminals). Malware involved in network attacks includes some Trojans, DoS attack tools, malicious scripts, and network worms.

Network attacks can be divided into the following types:

• Port scanning. This type of network attack is usually performed in preparation for a more dangerous network attack. An intruder scans UDP/TCP ports that use network services on the target computer and determines the vulnerability of the target computers to other, more dangerous types of network attacks. Port scanning also enables the intruder to determine the operating system on the target computer and select appropriate network attacks for that operating system.
• DoS attacks, or network attacks causing a denial of service. Such network attacks cause the target operating system to become unstable or completely inoperable.

  The following main types of DoS attacks exist:

  • Transmission to a remote computer of specially designed network packets that are not expected by the target computer and therefore cause the target operating system to malfunction or crash.
  • Sending a large number of network packets to a remote computer over a short period of time. All resources of the target computer are used for processing the network packets sent by the intruder, as a result of which the computer stops performing its functions.
• Network intrusion attacks. Such network attacks are designed to “hijack” the operating system of the target computer. This is the most dangerous type of network attack because, if the attack is successful, the intruder gains total control over the operating system.

  This type of network attack is used when the intruder needs to obtain confidential data from a remote computer (such as bank card numbers or passwords) or secretly use the remote computer for the intruder’s purposes (such as for attacking other computers from this computer).

Enable/disable Network Attack Blocker

1. In the menu bar, click the application icon.
2. In the menu that appears, choose

   Preferences

   .

   The application preferences window opens.

3. On the

   Protection

   tab, in the

   Network Attack Blocker

   section, select/deselect the

   Enable Network Attack Blocker

   checkbox.

You can also enable Network Attack Blocker in Protection Center. Disabling computer protection or disabling protection components puts your computer at much higher risk of infection. This is why Protection Center informs when protection is disabled.

Important: If you have disabled Network Attack Blocker, it will not be re-enabled automatically when Kaspersky Internet Security starts again or after the operating system restarts. You have to re-enable Network Attack Blocker manually.

When the application detects dangerous network activity, Kaspersky Internet Security automatically adds the IP address of the attacking computer to the list of blocked computers, unless the attacking computer is in the list of trusted computers.

Edit the list of blocked computers

1. In the menu bar, click the application icon.
2. In the menu that appears, choose

   Preferences

   .

   The application preferences window opens.

3. On the

   Protection

   tab, in the

   Network Attack Blocker

   section, select the

   Enable Network Attack Blocker

   checkbox.

4. Click the

   Exclusions

   button.

   A window with a list of trusted computers and a list of blocked computers opens.

5. Open the

   Blocked computers

   tab.

6. If you are sure that the blocked computer is not a threat, select the IP address of the computer in the list and click the

   Unblock

   button.

   The confirmation dialog opens.

7. In the confirmation dialog, select one of the following:
   • If you want to unblock the computer, click the

     Unblock

     button.

     Kaspersky Internet Security unblocks the IP address.

   • If you want Kaspersky Internet Security to never block the selected IP address, click the

     Unblock and Exclude

     button.

     Kaspersky Internet Security unblocks the IP address and adds it to the list of trusted computers.

8. Click the

   Save

   button to save changes.

You can create and edit the list of trusted computers. Kaspersky Internet Security doesn’t block the IP addresses of these computers automatically even after dangerous network activity is detected from them.

Edit the list of trusted computers

1. In the menu bar, click the application icon.
2. In the menu that appears, choose

   Preferences

   .

   The application preferences window opens.

3. On the

   Protection

   tab, in the

   Network Attack Blocker

   section, select the

   Enable Network Attack Blocker

   checkbox.

4. Click the

   Exclusions

   button.

   A window with a list of trusted computers and a list of blocked computers opens.

5. Open the

   Exclusions

   tab.

6. Edit the list of trusted computers:
   • To add an IP address to the list of trusted computers:
     1. Click the
        
     2. In the field that appears, enter the IP address of the computer that you trust to be safe.
   • To remove an IP address from the list of trusted computers:
     1. Select an IP address in the list.
     2. Click the
        
   • To edit an IP address in the list of trusted computers:
     1. Select an IP address in the list.
     2. Click the

        Edit

        button.

     3. Change the IP address.
7. Click the

   Save

   button to save changes.

When a network attack is detected, Kaspersky Internet Security logs information about the attack in a report.

View the Network Attack Blocker report

1. Open the

   Protection

   pull-down menu.

2. In the pull-down menu, choose

   Reports

   .

   The Kaspersky Internet Security reports window opens.

3. Open the

   Network Attack Blocker

   tab.

Note: If the Network Attack Blocker component stops running with an error, you can view the report and try to restart the component. If the problem is not solved, you can contact Technical Support at Kaspersky Lab.

You can view overall statistics on protection against network attacks (number of blocked computers and number of events since last startup of the Network Attack Blocker component) in Protection Center by clicking the Show Details button in the right pane of the main application window.

Page top