Re: help recovering from hack

From: KG6VQE (nospam)
Date: 10/28/04 

Date: Thu, 28 Oct 2004 18:33:54 GMT

Zigzag,
What you are experiencing is typical of having a PC on an open Internet
port. First, I suggest you go to www.grc.com, and run "Shields Up". It is
FREE, and will tell you what is open, and what is not. Second, there are
three services that are open, that Steve Gibson has patches for. Third,
there are tools for testing your firewall vulnerability.
Lastly, I STRONGLY suggeest you go to a hardware firewall/Router. Unless
you are using a dial up account (which makes firewall prevention more
complicated), they do a much better job of preventing hacking. You
basically close all incoming ports, and also you NAT (network address
translation) your IP address, so you then have a "Non- Routable" Private IP
address behind the router.
There are just too many services that Microsoft has running that you have to
watch out for.
I run a IT shop with about 20 PC's behind a strong firewall, and no hacking
ever takes place...I even can watch Ports 23, 445, 135-137 probes into my
firewall, but none get through.
You can still run all your apps. and you can put your PC in a DMZ (between
the firewall and your outside Cable/DSL modem), and have it still protected
(if you want remote access or run a web/FTP server)..

Lastly, I also highly suggest this tool from www. sysinternals.com. It is
called TCPVIEW. It will show you what activity is taking place on your
network stack, and let you see who or what has connected. It is FREE. I
also use PROCESS VIEWER, and it works great...Anytime my PC is acting up, I
run this utility, and can see EXACTLY what is running....then kill it off.

Think of the Internet as the mideval times...You live in a castle, and have
to have a mote and draw bridge, to prevent the hackers from coming in.
Having your PC on the Intenet is like living in a straw house....

For commercial routers, I have used Linksys, Belkin, and D-Link. My local
computer store has CABLE/DSL Routers on sale for $8.00 (after
rebate)...surely you can afford that. If you can't, let me know, and I will
"DONATE" one for you. I am independant computer consultant...I do not make
money off helping people.
I own several "professional" Router/Firewall units. I have purchased them
from EBAY. The SOHO units from WATCHGUARD work well, and are relatively
cheap ($25-$50). It generates a SYSLOG so that I get a recording of all
incoming and outgoing activity.

good luck,

Relevant Pages