Firewall

Curiosity.

Is a firewall really that essential on a dial-up connection?
Correct me if i'm wrong, but it would seem to be a waste of time for hackers to even think of bothering someone on such a slow connection.

 

If we use Adaware we get rid of Trojans and the likes don't we?
Btw, looked up under Firewall and all i see are various programs to download...

 

Its essential. Im on my laptop right now, im on 56k Dial up. Today alone i have had 671 Port Scans, and 129 attempts to place trojans on my machine. In the last 3 months i have had 381,972 Port scans.

Hackers still like 56k Machines, they can pump out 1000's of ping requests per minute, whe you get 100's of 56k Machines doing that, or send UDP packets etc to one person, you can pretty much take any website out until they start to filter you.

Sure Dial up is safer, but it only takes 5 seconds for someone to install a trojan on your machine, and from that point on they can be monitoring your every keystroke, until you enter in a credit card number and password..and BAM, your getting a call from the bank asking why your card is over the limit.

Seriously, this day and age, a firewall is essential, without one, its only a matter of time before you have someone defraud you, or you get banned from your ISP all because a zombie is installed on your machine making you attack another IP address.

For more info..go read here, and learn

https://www.grc.com/x/ne.dll?bh0bkyd2

http://www.grc.com/dos/grcdos.htm <-- Very intersting, shows how easy hacking is

 

Grasshoper here.


Thanks for the two articles Nirvana_CN - guess it's heavy duty stuff and firewalls are really essential in this day and age!

Appreciate xflat's intervention too, don't know why he couldn't direct me to that Firewall section... all i saw there were downloads. No articles.

 

Glad you realise how needed they are

I would download Sygate 5.5 Free version or Zonealarm 4.5 Free (Do NOT get Zonealarm 5.x it has so many bugs they are reccomending sticking with 4.x)

Both of these only use up a few megs of your memory, and wont slow your PC what-so-ever

 

I'm confused now. Ive just changed to verizon dsl. it came with MSN premium. does one or both of these already have a firewall? i used to have one with my last ISP. if they do have firewalls, is that sufficient or do i need another. if it is sufficient how do i disable them if i have to. much aloha

 

i have a 12 yr old boy....and lots of his friends. in addition other people feel free to use it, (although Ive put a lock on it now so at least I'm at home when its being used). i do not use my debit card for anything, i do not pay bills on line or use it for any money related things. i have no credit to steal anyway. i have a 56k modem and im now on dsl. much aloha

 

so now i have,
ZA pro (15 days free)
cleanup.
CCleaner,
AntiVir personal xp,
spybot,
spyblaster.
i have DSL
i have changed the default search to google.
i still have IE.

is there anything ELSE i should have?
is there anything i should know about any of these?
much aloha again.

 

so.....the zone alarm is going off all all over the place.
is this normal?
is it just adjusting?
does it miss its mummy?

aloha (and a tad worried)

 

HEY!
This is a GREAT thread here. I just went to this "Sheild's Up" site and went through all the tests.
It said that I passed.
But, the situation is this: It says that my ports are all in stealth mode, not closed.
Is this really good enough? I have some security books to read, I just thought someone could give a quick answer now.

 

well zone alarm is still popping up for air every minute or so. IS IT SUPPOSED TO DO THIS. or do i have it 'set' wrong? in addition my puter doesn't remember my login name anymore. MG and yahoo are making me sign in each time i log back in. i take it that the cleanup or Ccleaner is responsible. any way of altering it so the puter remembers my log in details? aloha

 

its a today thing, so its cleanup, CCleaner or zone alarm. i would hazard a guess at one of the first two.
yes zone alarm asks for permission for sites to use the net, but in addition it is popping up every few seconds to say that is has blocked an entry into one of my ports. are there ligit reasons why a site would want entry into a port. or are they all no good cads, bounders, and ne'er do wells?. (in the time its taken me to type this reply it has stopped seven entries) aloha

 

there is one particular one it is trying to stop.

[netBIOS Session] from fia250-8-100.dslmxposure.nl[80.100.8.250][TCP Port (increasing 4 digit #)][TCP flag S}

what is it? how do i find out? should i be bloking it? etc etc.

 

Robster:- Stealth mode is good It means that people who are randomly scanning IP adresses dont even know you exist If you simply blocked the scan, the Hacker would know you were there as they are getting blocked. If that makes sense

Laurie, All Firewalls have to Learn. Everytime a new program tries to get net access, your firewall should ask you. This is *GOOD* as it means if somehow you do get a trojan on your PC, the only way it can access the net is if you let it. Also it is very normal to get maybe 100 Alerts an hour, remember they are just your firewalls way of saying, "we detected XXX person randomly scanning our PC, we blocked it for you". After a few days your Firewall should not keep asking you about all the programs, and should stop popping up new threats. So long as on the Shields up site you Have "Stealth" on the all ports test, youa re says.

And to the Person who said they dont have a firewall as they dont go to bad sites..well all you got to do is dial up, and if someone happens to scan you, they can start copying files to your PC, even if you never go to a web site.

Without sounding an arse, I see surfing with no firewall, the same as sleeping with many women with no protection. With no firewall your PC could be being used right now to remotely attack another website, and you wouldn't even know. Also know ISP's are *Finally* starting to ban its memebers who are found to be taking part in these attacks..Ignorance is not Bliss people..

 

Thats just a normal NETbios Probe. So long as Zonealarm has blocked it, dont worry. Personally i disable NETbios in the services.msc, as i dont use it at all.

PS any problems, send me a tickets and ill personally sort you out.. you live near a beach i imagine?

*looks out of the window to see it pouring with rain..bloody england*

The reason you get the increasing port numbers, is that somehow that hacker has seen your PC, and is scanning for a port that is not stealthed or blocked.

I really suggest you Turn NETBios off. Search the net to find out how.

Also go to www.grc.com and find the Shields UP test. Doa ll your port appearas stealthed? I suspect they dont, hence someone trying to connect to you

 

what is a net bios probe? i get an alert every few seconds, on that 'number'. what is 'normal'? help cos i have left it switched off for now as i cant be dealing with it.
ps. no air fare but if you ever get it together i can offer free accomodation, food, and tour guide. i love having visitors, especially from england and would be honored to have you as my guest. aloha.

pps. are you really telling me i have a hacker? lol i dont have anything to hack!

 

OK, ran the check. the file sharing check passed. port 135 is in full stealth and unable to connect with net bios.
the ports check revealed one open port and therefore failed the solicited TCP packets test.
unsolicited packets and ping echo both passed.
the open port is 1024 DCOM.

i run an emachine c=series.
preinstalled windows xp home, and i installed windows office 2000
i am on verizon dsl which comes with msn premium.
i have yahoo mail default, and google search default. and IE default.

this cannot possibly be normal for this alarm to be going off every few seconds.

HELP

 

laurieB. Both CrapCleaner and Cleanup! wipe out all your cookies, as a default. Cowboy advises that you can save selected cookies (like MG). I never bother. I have the various MG sections stored as favourites so just click on the one I want to use. Front page, Lounge, Software, etc.

I would sooner wipe out everything, every day and use my favourites list to log on to various sites that I use often. Different strokes for different folks, I guess. Bazza

 

What Firewall you using? You should be able to turn alerts off, it would be a pain in the bloody arse to get a warning everytime Look in the options to turn alerts off. It sounds like your firewall id just telling you that it has successfuly blocked someone..which is annoying

As for the DCOM port. Go here, download the DCOModulator, and makesure it is disabled.

http://www.grc.com/dcom/intro.htm

 

Thank you, Nirvana_CN
He,he.
I started reading
Hacking Linux Exposed again today. Its making more sense to me now. I
THINK that I'm catching on to this. I am trying to learn about turning off services with the Xinetd and the netfilter/iptables chains.

I will not give up.
There's so much to learn, but I WILL get there, because I'm stubborn as hell!

Ha!

 

Ha!
You GOTTA love laurieB!!!
You GOTTA love her!
That's it, you dive in there, woman!!!

Yes!
Ha!
<Does anybody else here smell a REFORMAT a'comin'?

Hahahahaha!!!!!

I told myself that if I ever got a computer machine, that I would take it upon myself to learn about it enough to not have to worry about it. That is, so that I could "fix" it myself.

Thank God for MajorGeeks.
What fun!

I figure, go for it. I'm a "suicide tweaker".... If push comes to shove, I reinstall...

<wonders if it ever comes down to it, that larieB. will install knoppix in a dual-boot configuration with the precious GAG boot loader>
<wonder if she has a hardware modem>


WOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!!!

 

robster, your frightening me!!! OK ....i went to discombobulater and did whatever it told me to!!! strangely enough as soon as i did the discombob thing it alerts have stopped. soo.....i still don't understand who or what was trying to access my machine. i find it difficult to believe i have a hacker.
is any of the stuff that Ive downloaded unnecessary or dangerous to my puter. Ive only done what Ive been 'told' to. if not why would i need to 'reformat' and what the hell is that anyway? thanks guys for all your help. i do learn more each day....but I'm a looooong way from being proficient.

aloha to you all

 

Dont worry. Im glad the Alerts have gone. If you disabled DCOM as it told you,. CONGRATS your now secure!

You werent bing hacked, but some was running a port scanner program to scan for people with open DCOM ports, it just so happens it found you..but now you closed DCOM you dont have to worry

 

@ laurieB.:
I got a little excited there for a minute. Something new (again [imagine that]). Happy about learning about this security. Should have learned long ago.

Reformat is reinstall the operating system (OS). You haven't lived until you've done it.
Everybody does it eventually.

Everybody.

Its all good, believe me. You know as well as I that we are surrounded by competent people. There is nothing to fear. Everyday we learn more.
Swell, isn't it?

 

aloha

 

OK, question.....if Ive now blocked all access to my puter....how will the automatic updates download?

 

ok....so alll is well then. lol

aloha

 

I copy THAT, xflat!

 

Hi Nirvana_CN

I use broadband and a friend told me that I do not need a firewall as my router acts as a firewall?.I am hopeless when it comes to ports/routers and firewalls!! Thought I would read up on here first and after following your links decided that I will keep my firewall, irrelevant of. Out of interest is it true that my router acts as a firewall?

I have re-pasted your links as they are very well worth reading.

https://www.grc.com/x/ne.dll?bh0bkyd2

http://www.grc.com/dos/grcdos.htm <-- Very intersting, shows how easy hacking is

P.S. Shields up report indicated my computer is VERY SECURE!

 

Open the ZA control center, click on the Alerts and Log section at the bottom. Select the Main tab and select off button and it will stop the intrusion alert pop-ups.

 

While we are on the subject I have a question. I went to the sheilds up site and was told that port 515 printer spooler is open. It was the only one that showed up as open. How do I go about closing this? I am running windows xp and and behind a belkin 4 port router, and running sygate... free version.

 

Shields up test is for the most part useless.

 

Vlad!
You are my favourite geek, next to Torvalds and ESR!
I hope that you elaborate a little!

 

Hey i just found out today that my computer didnt have a firewall! I completly forgot about it when i installed the OS.

Now i have ZA and it has already blocked 1317 attempts to get into my computer! WOW!



cooked

 

Shields up is just basic and doesn't mean much at all, just because it probes 5 ports and gets no response doesn't say anything about system security.

 

Black Code site seems to test pretty thoroughly. You might give their scans a go.

 

Still not very good.

 

my god... Vlad902... i didnt realise you were still alive!!


And I agree with you. Theres only so much a webserver script can do to test security (or rather, theres so much the web-scripter can be bothered to code.... ). Plus, it doesn't say anything about exploits which can still be open to attack even if you are "stealthed"

Oh, and GRC (grotesque raving crazyman) should die in a firey pit of mass hysteria and unfounded myths.

 

hahaha!
So, what would you guys throw at it?
Nessus?

 

Okay your geekiness, you make the call.

 

Nessus is "alright", doing it by hand better, but just getting something like stealthed is not useful, especially considering on many firewalls it can be bypassed.

 

Hey
GRC is on a mission to conquor all nastiness on the www,
I agree reading his notes he does sound a bit para .but its very intresting reading .

 

It's not that he's paranoid, it's just that he's completely wrong and ignorant.

 

Okay, tell us how to do that please. I'm not getting smart, I really would like to know. You might remember that a lot of us are at a level you were at a sometime or the other -- in other words, learning fast but not at all at the stages of expertise the mods, you or adrynilyn are . . . yet. So, if you tell us to "do it by hand" then -- if you would take to time to do so -- please tell us
how. We are willing oh master, but you must instruct

 

It seems to me, from what little I have been exposed to, that security concerns are like an arts unto themselves.
A buddy of mine (he has 78 servers under his direct support... yes, he is a real geek) told me that at the company he works for, there are security guys that just specialize in security. That's all they do.

Constantly watching for exploits, intrusions, keeping up with patches FAST,
and so on....

So, it would seem that security in and of itself could scale to be a FULL TIME job pretty quickly...