Re: I am sick of windows firewall

"V S Rawat" <VSRawat@xxxxxxxxxxxx> wrote in message
news:xn0ek15h74f6fl003@xxxxxxxxxxx
Jason Edwards wrote:

"V S Rawat" <VSRawat@xxxxxxxxxxxx> wrote in message
news:xn0ek09008w8cq003@xxxxxxxxxxx
Leythos wrote:

In article <441fc56a@xxxxxxxxxxxxxxx>, bumens@xxxxxxxxxxx
says...
So for the very small benefit of "controlling what lets
itself control" you're getting huge security drawbacks.
This is what I'm critizising.

Except that they seem (some of them at least) to keep
computers protected for years where the user was
compromised monthly before.

I've personally seen a home with several kids that use the
family computer, where it was compromised every month by
things that the kids where doing, that remained free of
malware for more than a year after installing ZoneAlarm
Pro (I only tracked it for a year, that's why I say 'year'
in my time frame.).


I can understand the merit of that observation.

inbound traffic doesn't come on its own.

Strange, I've had roughly 50 unsolicited inbound packets in
the last hour. Maybe you haven't found the logs in ZA yet.

ZA's Alerts and Logs are set to show only last 50 alerts, and
they are full to the brim.

That's not exactly a surprise.

However, I have set it to work
silently and stop unwanted inbound traffic without informing me.

The Windows firewall will do exactly the same thing.


Now I checked the logs, and noticed that last 50 alerts in that
list are all referring to some software that I had run, thus, I
guess that the inbound traffic was caused only by some outbound
traffic caused by my those software.

You can guess all you like, it would be better to actually know what is going
on.


Does your PC have a public IP address?

Dynamic IP address is alloted on the run by my ISP.

Yes I noted from another post that you have a dsl modem.
Most likely the usb one mentioned here:
http://www.airtelbroadband.in/faq02.html
That's bad, very bad.
You must not connect that modem directly to your PC.
If you cannot persuade your ISP to give you the DSL router then change ISP or
get your own DSL router/firewall and use that.


And, thank God for that, because rapidshare/ badongo/ etc free
account for downloading files would not have worked if I had
remained on fixed IP address. When they refuse to allow me to
download anymore, I switch my modem off/ on to get a new IP
address, and thus, able to download more from these sites.

So in one post you write:
"it is a responsibility thrusted by divinity upon
your strong shoulders to find out and tell us which are the
effective, free software which will be able to do what different
users want to do in their knowledge level which is less than
yours."
And in another you imply that you are happy to obtain software illegally.

This copy of XP you have a heart attack reinstalling four times per month.
Where did you get it? What version is it? (SP1, SP2?) Home or pro?



I am sure that no
hacker/cracker is sitting at his computer monitoring my pc,
so that, as soon as I go online, he will start sending
traffic to my pc.

You are probably right, but I am not as sure as you are.

technically, it is possible that I have infuriated some cracker
in some ng, and he is out to take revenge. Thus, he knows the
range of my IP address and can try all combinations.

It would be easier to just try 61.246.130.207 or whatever it is after you post.


inbound traffic comes AFTER some outbound traffic occurs from
our pc. Our computer sends something that does something over
there somewhere, and inbound traffic starts arriving.

If it doesn't upset Volker too much I suggest you use this
http://www.google.com/search?&q=shields+up

Went to shields up site and checked common ports for a try.

It reported all as stealth except the following three ports:

....

I am horrified. What to do about them? ?8-(

I'd be horrified too unless I understood the result.
Some things you can do:
1. Verify that shields up did actually scan your correct IP address and not some
other box owned by your ISP. Start run cmd ipconfig /all
2. Check that you get the same result with a different test site.
http://omicron.hackerwhacker.com/freetools.php
3. Check whether or not those servers are actually listening on your own
computer and are not some side effect of something being intercepted by your
ISP. You can do this with TCPview.
4. Try to connect to the servers yourself.
Start run cmd telnet localhost
http://localhost
ftp://localhost
5. Start listening to advice given by other people, otherwise they may conclude
that there's no point trying to continue to help you.



And try to understand that although you requested the test,
there is nothing to stop anyone else doing similar tests on
you without your knowledge. So your conclusion, that outbound
traffic is required before inbound traffic can occur, must be
incorrect, assuming I correctly understand what you said.

If you really want to control where outbound connections can
and cannot be made to, then you need an external box.

Also install
http://www.sysinternals.com/Utilities/TcpView.html
And try to understand what it is telling you.

Jason

I had downloaded that and I occassionally run that. It will take
some time to become conversant with that. However I just check
that my recognized programs are appearing in the list: avg
antivirus, Free Download Manager, Firefox, Thunderbird, Hamster

The programs that do not make sense to me, as yet, are:
alg.ece:164 Listening, lsass.exe:632, svchost.exe on 820, 868,
912, and, something called System:4 Listening

Which of the above seems hostile?

Maybe none of them but difficult to tell.
Which programs are listening for inbound connection requests, and on what port?
Is AVG up to date?

Jason


--
Rawat


.

Relevant Pages

  • Re: What are these system files ?
    ... I have recently been trying to download some mp3 music files, ... Maybe a later version of WMP; ... you're doing is listening to the songs yourself, ... station your listening to while streaming - once you collapse it, ...
    (microsoft.public.windowsxp.basics)
  • Re: 0x80072EE7 error
    ... Got a different answer from someone else seeing this issue, so it's not the ISP that's the culprit. ... Thus, the update server attempts to download the .cabs and that fails, too, due to the ... My AV is Windows Live OneCare, which I've had for over a year and up to about 3 weeks ago never had a problem using windowsupdate. ... You will need to run this tool while having an Internet Connection. ...
    (microsoft.public.windowsupdate)
  • Re: Copyright proposal voted away, lets revote!
    ... Net and report to IFPI Sweden, who then reports to IFPI London, who ... used to download illegal content. ... and your ISP is the ... are you selling less than before? ...
    (rec.music.classical.recordings)
  • Re: Cannot download emails using Outlook 6.0
    ... The problem is related to the use of SQwebmail. ... I then try and download these mails, ... My ISP has told me that the process of moving my emails from the Sent ... > logon account name or password is wrong or something is screwed up ...
    (microsoft.public.internet.mail)
  • Re: Copyright proposal voted away, lets revote!
    ... Net and report to IFPI Sweden, who then reports to IFPI London, who ... used to download illegal content. ... and your ISP is the ... spite of having some 600 more titles to sell. ...
    (rec.music.classical.recordings)