Re: rapping noise, gun noise?

From:
Date: 10/28/02 

Date: Mon, 28 Oct 2002 22:08:32 -0000

"Jajones20" <jajones20@aol.com> wrote in message
news:20021028150214.04234.00000993@mb-mo.aol.com...
> Thanks for your civil response. I'm responding to some of your points.
<snip>
>What exactly makes you think they are >Net based? Did you shutdown your
> >Browser and Mail application?
> I can't shut the browser and remain online because I am currently using
AOL.
> Shutting AOL shuts the connection. The noises appeared only when I was
online.
> I didn't think to shut down the mail program; I goofed.

You did not state that the noise was present only when connected to the Net
.. which is a key issue.

> You say the first thing I should have done was install a firewall.
Well, the
> first criticism I got was from someone who yelled at me for installing
more
> software (the firewall) when I didn't know what my other apps were doing.

Exactly! but I think the issue was that you shouldn't install more
applications if you don't even know how to operate the ones you already
have. You should have closed ALL other apps first before deciding you had
been hacked.
System security should always come first > OS patches > Virus Scanner >
Firewall.

> Everything I had read up to this point has suggested using a firewall only
if
> you have a high-speed connection. Further, one of the articles I read on
the
> issue of port 135 (yes, it is relevant) criticized using firewalls for
reasons
> too long to quote here.

Nonsense a firewall blocks outgoing connections from any malcious code you
may have inadvertently downloaded/installed so regardless of your connection
type it's a worth while tool.
I would like the reference that criticises the use of a FW to block port
135. Yes there are other ways but the fast first step is to FW it and the
many other ports.

> >What exactly do you mean spam >attacks? Do you mean unsolicited >messages
> from.messenger?
> >If so then closing ports is not the solution >... close Messenger.
> I did also disable Messenger, but the articles about the unsolicited
messages
> coming through Messenger suggested closing ports as well.

No need to close ports manually if you have a FW although for sure-fire
security when maybe you forget to load your FW this would be the way.
AFAIK messenger does not use port 135, 137-139 or 445.

> >How exactly did you close all these >ports? Why did you close these
ports?
> >How can you use the internet/Usenet >without these ports? What has 135
and
> >445 got to do with your issue?
> I shut the ports by disabling DCOM, etc. etc. The details weren't, to my
mind,

You mean you disabled DCOM service. Are you using XP?
Have you been reading GRC.com by any chance?
Please post the article link to close ports.

> relevant, and I thought that you firewall people would know that 135 and
445
> are points of attack and would be familiar with the processes suggested to
shut
> them, so I didn't give details. I thought the fact that I'd closed the
ports

All ports are vulnerable to attack. Specific ports are more succeptible if
they have service running in the background especially where an exploit is
known.

> would be relevant because that's where I thought the noises might have
been
> coming from.

Again I'm really unsure how you could come to this conclusion. Hacked ports
don't make gun noises. Crackers do not make themselves known as it would
totally defeat the purpose of owning your system.

> The ports are closed from listening to the outside and allowing people
to
> connect to my computer through those ports. They are not closed to
outgoing
> mail and messages. There is a lot of documentation on this on the Web.

Ok so what you mean is you've disabled services hence the ports are not
listening for incoming connections. They are not blocked or stealthed so
still vulnerable.

Relevant Pages

  • Re: Another VPN Issue...Say it aint so...
    ... click on "Services and Ports." ... Now how can I configure the firewall within ... but this time disable Firewall and redo remote access ... to make sure I get a good snap-in connection and see what goes on?!? ...
    (microsoft.public.windows.server.sbs)
  • Re: WDSC, VPN, and RPG Editing
    ... this) and so it drops the ethernet connection. ... to do with firewalls or other ports. ... do with the firewall on my router and the ports that are/aren't ... workstation to port 446 on the iSeries server. ...
    (comp.sys.ibm.as400.misc)
  • AdAware, SpyBot S &D, etc. + leave PC connected to Internet
    ... Does it have somehting to dow the Firewall ... with spyware services and adsites, the latter of which can be worse ... What ports are open? ... routers do absolutely zero as far as preventing outbound connection ...
    (comp.security.firewalls)
  • Re: How to close the unnecessary Ports
    ... >> necessary ports for a homeuser and how to close the rest of the ports? ... I assume you are running a hostbased firewall with no server ports ... > know whether it is a statefull or a packet filtering firewall as the ... makes decisions based on the connection as well as the rule base. ...
    (alt.computer.security)
  • Re: WDSC, VPN, and RPG Editing
    ... to do with firewalls or other ports. ... VPN my connection is great, ... do with the firewall on my router and the ports that are/aren't ... workstation to port 446 on the iSeries server. ...
    (comp.sys.ibm.as400.misc)