Re: I am sick of windows firewall

Jason Edwards wrote:

"V S Rawat" <VSRawat@xxxxxxxxxxxx> wrote in message
news:xn0ek09008w8cq003@xxxxxxxxxxx
Leythos wrote:

In article <441fc56a@xxxxxxxxxxxxxxx>, bumens@xxxxxxxxxxx
says...
So for the very small benefit of "controlling what lets
itself control" you're getting huge security drawbacks.
This is what I'm critizising.

Except that they seem (some of them at least) to keep
computers protected for years where the user was
compromised monthly before.

I've personally seen a home with several kids that use the
family computer, where it was compromised every month by
things that the kids where doing, that remained free of
malware for more than a year after installing ZoneAlarm
Pro (I only tracked it for a year, that's why I say 'year'
in my time frame.).


I can understand the merit of that observation.

inbound traffic doesn't come on its own.

Strange, I've had roughly 50 unsolicited inbound packets in
the last hour. Maybe you haven't found the logs in ZA yet.

ZA's Alerts and Logs are set to show only last 50 alerts, and
they are full to the brim. However, I have set it to work
silently and stop unwanted inbound traffic without informing me.

Now I checked the logs, and noticed that last 50 alerts in that
list are all referring to some software that I had run, thus, I
guess that the inbound traffic was caused only by some outbound
traffic caused by my those software.

Does your PC have a public IP address?

Dynamic IP address is alloted on the run by my ISP.

And, thank God for that, because rapidshare/ badongo/ etc free
account for downloading files would not have worked if I had
remained on fixed IP address. When they refuse to allow me to
download anymore, I switch my modem off/ on to get a new IP
address, and thus, able to download more from these sites.


I am sure that no
hacker/cracker is sitting at his computer monitoring my pc,
so that, as soon as I go online, he will start sending
traffic to my pc.

You are probably right, but I am not as sure as you are.

technically, it is possible that I have infuriated some cracker
in some ng, and he is out to take revenge. Thus, he knows the
range of my IP address and can try all combinations.

inbound traffic comes AFTER some outbound traffic occurs from
our pc. Our computer sends something that does something over
there somewhere, and inbound traffic starts arriving.

If it doesn't upset Volker too much I suggest you use this
http://www.google.com/search?&q=shields+up

Went to shields up site and checked common ports for a try.

It reported all as stealth except the following three ports:

----------------start
21 FTP OPEN! FTP servers have many known security
vulnerabilities and the payoff from exploiting an insecure FTP
server can be significant. This system's open FTP port is
inviting intruders to examine your system more closely.

23 Telnet OPEN! Telnet provides a remote command prompt
window which allows remote systems to be configured and
controlled. Any system that appears to be offering a Telnet
connection ? like yours is right now ? is offering the potential
for total command-level access. Since a surprising number of
Telnet servers are known to have no password, this open Telnet
port will be attracting a LOT of the wrong kind of attention. If
your network contains a residential NAT or DSL router, it may be
that its "WAN-side" management interface is open and accepting
connections. No matter what the cause, you should immediately
attend to this open Telnet port.

80 HTTP OPEN! The web is so insecure these days that new
security "exploits" are being discovered almost daily. There are
many known problems with Microsoft's Personal Web Server (PWS)
and its Frontpage Extensions that many people run on their
personal machines. So having port 80 "open" as it is here causes
intruders to wonder how much information you might be willing to
give away.
----------------end


I am horrified. What to do about them? ?8-(


And try to understand that although you requested the test,
there is nothing to stop anyone else doing similar tests on
you without your knowledge. So your conclusion, that outbound
traffic is required before inbound traffic can occur, must be
incorrect, assuming I correctly understand what you said.

If you really want to control where outbound connections can
and cannot be made to, then you need an external box.

Also install
http://www.sysinternals.com/Utilities/TcpView.html
And try to understand what it is telling you.

Jason

I had downloaded that and I occassionally run that. It will take
some time to become conversant with that. However I just check
that my recognized programs are appearing in the list: avg
antivirus, Free Download Manager, Firefox, Thunderbird, Hamster

The programs that do not make sense to me, as yet, are:
alg.ece:164 Listening, lsass.exe:632, svchost.exe on 820, 868,
912, and, something called System:4 Listening

Which of the above seems hostile?

--
Rawat
.

Relevant Pages

  • Re: Windows XP pro Packet Filtering, want to block kazaa
    ... you can use Browse Control to block KazaA. ... You can download this from: ... As you say KazAa can port hop and so no use just blocking any ports, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Help to clear old audio card conflict please
    ... Which, of all things, in this case, is not controlled by the slider volume control on the PMMixer for CD-ROM. ... I've not tried the complete test run for the UNIMIX command line operation, nor have had the time yet after all this to test the port I/O and log it to a file with UNIMIX to see what the heck is going on for port mishmash yet. ... The wide audio output cable connection for the CD-ROM is plugged into the TAD pin socket on the SBLive 5.1 card! ...
    (comp.os.os2.multimedia)
  • Re: How did they get behind my NAT?
    ... Not having experience with that router, I can't be sure what limits it ... "default forwarding IP", although it is an option on many. ... that listens on that port. ... Always remember - only download files from Trusted Sites. ...
    (alt.computer.security)
  • Re: Parallel port hardware
    ... schematic of a printerport that had no inputs but the status lines. ... The control line outputs used to be SN7406 ... I think the control port was always able to do ... If I just connect a status line to the line then then control pin ...
    (sci.electronics.design)
  • Re: How did they get behind my NAT?
    ... Not having experience with that router, I can't be sure what limits it ... "default forwarding IP", although it is an option on many. ... I understand that exposing a port exposes any service ... Always remember - only download files from Trusted Sites. ...
    (alt.computer.security)