Re: Trying to Figure out What's OK and What to Block

On Sat, 11 Mar 2006 05:46:33 GMT, Duane Arnold <NotMe@xxxxxxxxx>
wrote:

Fishlips wrote:
On Sat, 11 Mar 2006 02:48:01 GMT, Duane Arnold <NotMe@xxxxxxxxx>
wrote:


Fishlips wrote:

On Fri, 10 Mar 2006 21:59:30 GMT, Duane Arnold <NotMe@xxxxxxxxx>
wrote:



Fish lips wrote:


I have a Win Xp computer that I can't seem to get working right on the
internet.

I have a broadband connection and a router. The other computer
connected to the same router works fine.

I had the old version of Kerio (2.1.5) on both, I switched to the free
Tiny firewall on the problem computer just to see if the firewall was
the problem.

The personal FW is the problem.



When I first start it it works fine. After a while I cannot connect
to anything on the internet unless I reboot.

I am trying to set up the rules so that I block everything that
doesn't need to connect to the internet.

For what? It's a worthless endeavor. The machines are behind a NAT
router and it's not a wireless NAT router.


Mine is also wireless.



But some line to use a
personal FW behind the NAT router and there is no harm and no foul, if
it's not getting in the way.


I prefer to use the personal FW to control apps as I explain to Kerodo
below.

Yeah, I read that and it may work for the most part as long as you don't
*boot* the machine as malware can get to the TCP/IP connection first and
beat it and its App Control and be done before the 3rd party personal FW
can even start to get there and stop it.


One thing I am not sure of is something identified only as "SYSTEM"
which looks like it wants to send and recieve UDP traffic to the
router and send and recieve to and from the other computer.

If you didn't have the PFW sitting there whining about nothing behind
the NAT router, then it would be no concern to you.



Could blocking this be causing me to lose the internet connection?

Who knows? If the PFW is disabled behind the router does the machine
have an Internet connection?


At the point that the internet connection is lost, turning off the
firewall does not restore it. Only a reboot will.


So why don't you do an IPconfig /release and Ipconfig /renew to see if
the machine can access the Internet without rebooting the machine?


I decided to just let "SYSTEM" do its thing, and I am also allowing
the Netbios stuff through because it is so persistant in wanting to do
that, and so far it has been running for a couple of hours and is
still connected. So I think that was the problem. Time will tell.

Oh damn, it just crapped out again.



And what machine is this happening wired or wireless as it seems there
maybe a problem with the NIC dropping the connection and could be
defective in someway.


Wired.

Maybe, you should swap out the NIC on the machine and see if the problem
follows.


I wasn't thinking it could be a hardware problem, but that would be a
good thing to check.

The NIC is built in to the motherboard, but I can add another one and
try it to see if the problem goes away.







I do not use the router as a way to network the two computers. I only
use it to allow each computer onto the internet. So there is no
logical reason for the computers to be talking to each other.

They are trying to talk to each other due to the simple fact that they
are connected to the router. The router is the gateway device that
allows the computers to access the WAN (Wide Area Network)/Internet and
provides the plumbing that's going to allow the machines to see and talk
to each other on the LAN (Local Area Network).



Usually
it says something to the effect that one computer wants to send a UDP
datagram to the other computer on port 137. Should I allow this?


Hey, other machine on the LAN I have discovered that you're on the LAN I
see you. *Other machine on the LAN* -- yeah I discovered you and I see
you too. Both machines reply okay dokey will talk again later.

Duane :)




I also read some other parts of your other post about some MS software
you didn't want phoning home, which the NT based O/S can be configured
to not allow something to run until you configure the O/S to let it run
and should be configured through the O/S and not the PFW.


I don't know how to do that.

By using NTFS and going to the exe or dll you don't want to run using
Explorer to access the directory the file is located and setting its
NTFS property to not *Execute*.


Cool. That is pretty simple.





In addition to this, I had a Linksys wireless NIC driver that was
phoning home and what I did was found out what part of the O/S services
the driver was piggy backing off of and shutdown the unneeded service
that the driver was sneaking out on and is where I needed to go to and
not try control something with Application Control in a PFW.

The buck stops with the O/S and no where else and is the entity that
should be doing the controlling.


I agree. I just wish I knew enough to configure it properly.


Well you could get a book from the library or buy one that's going to
allow you to better understand and control the XP NT based O/S.

The link can get you started on some of the things to secure the O/S a
little more.

http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm


Great site, will spend some time going though this.


You can be compromised by someone joining your wireless network and
coming after the machines. The link may help a little bit, along with
paying a visit to alt.Internet.wireless.

http://netsecurity.about.com/cs/wireless/a/aa112203_2.htm


My wireless is set up according to those guidelines.



You can use Google to find how to(s) and better understand the tools
like Process Explorer to find the bottom line as to what processes are
running on the machine and what hidden process is using a process.

Long

http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html


Another good site.

Thanks for the help.



Short

http://tinyurl.com/klw1

Duane :)


-Fishlips



"Delicious Fried"
.

Relevant Pages

  • Re: Urgent! New router and big disaster
    ... First Page of the Internet Connection Wizard, ... Next I Select a local router device with an ip address. ... You should give your SBS a fixed external address so you can forward ports ...
    (microsoft.public.windows.server.sbs)
  • Re: Slow Internet Connection Sharing
    ... Router between the Modem and Computer. ... Internet Connection Sharing. ... can you log into Hotmail and Messenger? ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Router install problem
    ... that's the Internet (the Wide Area ... LAN side of the router is ... "Internet Connection Wizard" are relevant to the way I was trying to ... and 5 buttons on the left (Wizard, Wireless, WAN, LAN, DHCP). ...
    (microsoft.public.windowsxp.network_web)
  • Re: Unable to obtain a server- assigned IP address Try again later or enter an IP address in Net
    ... I can go to Control Panel - Network and Internet Connections - ... If yours is not a subset of your router, ... I have a LINKSYS router (4 port connection) - I have my cable modem ...
    (microsoft.public.pocketpc)
  • Re: Cannot simultaneously share DSL connection
    ... In order to be able to use Internet with both computers at the same time the ... Router has to be the authentication device. ... The Linksys Router provides on the CD an extended manual that would explain ... happens when we try to share the internet connection. ...
    (microsoft.public.windowsxp.network_web)