Re: A story from the BlackIce mam

From: bassbag (bassbag@bodybags.dragon.wales)
Date: 01/04/03 

From: bassbag <bassbag@bodybags.dragon.wales>
Date: Sat, 4 Jan 2003 13:44:34 -0000

In article <TfrR9.549843$WL3.147882@rwcrnsc54>, notme@notme.com says...
> I had this laptop I gave to family member. It is a Win2k machine that I had
> connected to my network using File and Printer Sharing. So, ports 137, 138,
> 139, and 445 were auto config by BlackIce to do an *Accept* on all (IP).
> That way I didn't have to tell BlackIce about any of my router's IP(s) on
> any of the machines that had BlackIce.
>
> So, since the person who I was sending the computer to has a phone
> connection only, I just uninstalled File and Printer, NetBEUI and MS for
> Network, and TCP/IP and sent it out. But before I sent it out I did set
> the level to *Paranoid* and remember that *Accept* on all IP(s) thing.
>
> So, my family member had Netzero installed on the machine on a dial-up
> connection, and it was in that state for several months. And anyone who
> knows about installing something like Netzero knows what it did.
>
> I went home for one of the holidays to visit --- yeah I happy to see you too
> and where is the food, because I am ready to eat. Let me first go over there
> and check out this machine while you're getting things ready with
> everybody! I really didn't look at BlackIce info first. For some reason I
> went to the network card config screen, knowing that it was a dial-up. Why,
> I don't know.
>
> When I picked my *** up off the floor in shock because I knew ports were
> open due to File and Print Sharing, etc being back on the machine, I just
> knew the machine had been hacked.
>
> But because of the *Paranoid* with *Auto Block* I had set on BlackIce, when
> I reviewed the logs, BlackIce had knocked down every last bit of it, even
> with
> those ports in an Accept All IP(s) state I had left the IDS/firewall in.
>
> The rest of you excuse me! I don't give a ***** about what any of you
> *clowns*, and you know who are, are talking about! BlackIce is my *DOG*
> and it's always on point!
>
> Duane :)
>
> --
> The protection of the machine is a process and is not a given!
>
>
>
Duane ..I would be grateful for some advice on config for BI.In advanced
firewall settings i just have ports 113tcp,137udp,138udp,and
139tcp..nothing else.I also have auto blocking enabled and file sharing
and netbios disabled (unticked).I have paranoid setting enabled.I also as
you know use BI along with outpost.The problem i seem to be having (which
i think is to do with my BI settings) is when i share files through yahoo
messenger i mostly have to remember to set level to trusting otherwise i
cant send or recieve file.Im not sure whether i can use the paranoid
setting but still filehsare through yahoo or winmx.Any ideas what i need
to do in advanced firewall settings so that i can recieve files without
altering the protection level each time?Also you mentioned allowing all
ips?..whats that and should i have a few more rules in advanced for
that.?
tia.
me