Re: I am sick of windows firewall

Jason Edwards wrote:

"V S Rawat" <VSRawat@xxxxxxxxxxxx> wrote in message
news:xn0ek15h74f6fl003@xxxxxxxxxxx
Jason Edwards wrote:

"V S Rawat" <VSRawat@xxxxxxxxxxxx> wrote in message
news:xn0ek09008w8cq003@xxxxxxxxxxx
Leythos wrote:

In article <441fc56a@xxxxxxxxxxxxxxx>,
bumens@xxxxxxxxxxx says...
So for the very small benefit of "controlling what
lets itself control" you're getting huge security
drawbacks. This is what I'm critizising.

Except that they seem (some of them at least) to keep
computers protected for years where the user was
compromised monthly before.

I've personally seen a home with several kids that use
the family computer, where it was compromised every
month by things that the kids where doing, that
remained free of malware for more than a year after
installing ZoneAlarm Pro (I only tracked it for a
year, that's why I say 'year' in my time frame.).


I can understand the merit of that observation.

inbound traffic doesn't come on its own.

Strange, I've had roughly 50 unsolicited inbound packets in
the last hour. Maybe you haven't found the logs in ZA yet.

ZA's Alerts and Logs are set to show only last 50 alerts, and
they are full to the brim.

That's not exactly a surprise.

However, I have set it to work
silently and stop unwanted inbound traffic without informing
me.

The Windows firewall will do exactly the same thing.


Now I checked the logs, and noticed that last 50 alerts in
that list are all referring to some software that I had run,
thus, I guess that the inbound traffic was caused only by
some outbound traffic caused by my those software.

You can guess all you like, it would be better to actually
know what is going on.

That is what I am trying to do. :)



Does your PC have a public IP address?

Dynamic IP address is alloted on the run by my ISP.

Yes I noted from another post that you have a dsl modem.
Most likely the usb one mentioned here:
http://www.airtelbroadband.in/faq02.html

yeah it is beetle 200BX ADSL2 modem.

They have usb option, but they had recommended that LAN
connections are better. So I have installed a LAN card (realtek
RTL 8139) and modem is on that.

That's bad, very bad.

Why? Why?


You must not connect that modem directly to your PC.
If you cannot persuade your ISP to give you the DSL router

He might give one. But, he will charge a king's ransom for that.

then change ISP or get your own DSL router/firewall and use
that.

How will that change things?

Is DSL firewall different from Dial-up firewall, if that is what
you mean?



And, thank God for that, because rapidshare/ badongo/ etc
free account for downloading files would not have worked if
I had remained on fixed IP address. When they refuse to
allow me to download anymore, I switch my modem off/ on to
get a new IP address, and thus, able to download more from
these sites.

So in one post you write:
"it is a responsibility thrusted by divinity upon
your strong shoulders to find out and tell us which are the
effective, free software which will be able to do what
different users want to do in their knowledge level which is
less than yours."
And in another you imply that you are happy to obtain software
illegally.

How does my changing my IP address by switching my modem off/on
tantamount to obtaining software illegally?


This copy of XP you have a heart attack reinstalling four
times per month. Where did you get it? What version is it?
(SP1, SP2?) Home or pro?

sp2.
Pro.

I am sure that no
hacker/cracker is sitting at his computer monitoring my
pc, so that, as soon as I go online, he will start
sending traffic to my pc.

You are probably right, but I am not as sure as you are.

technically, it is possible that I have infuriated some
cracker in some ng, and he is out to take revenge. Thus, he
knows the range of my IP address and can try all
combinations.

It would be easier to just try 61.246.130.207 or whatever it
is after you post.

what is my ip is giving 59.144.133.214 as my ip address.

what is that ip address you mentioned? What do I do with that?



inbound traffic comes AFTER some outbound traffic occurs
from our pc. Our computer sends something that does
something over there somewhere, and inbound traffic
starts arriving.

If it doesn't upset Volker too much I suggest you use this
http://www.google.com/search?&q=shields+up

Went to shields up site and checked common ports for a try.

It reported all as stealth except the following three ports:

...

I am horrified. What to do about them? ?8-(

I'd be horrified too unless I understood the result.
Some things you can do:
1. Verify that shields up did actually scan your correct IP
address and not some other box owned by your ISP. Start run
cmd ipconfig /all

run cmd ipconfig /all just opens a command window and doesn't do
nor show anything. I gave ipconfig/all in that command prompt
and it gives:

Windows IP Configuration
Host Name . . . . . . . . . . . . : microsof-62c105
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139
Family PCI Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-0B-2B-0D-E3-24
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
Lease Obtained. . . . . . . . . . : Wednesday, March 22,
2006 9:48:43 PM
Lease Expires . . . . . . . . . . : Thursday, March 23,
2006 9:48:43 PM


2. Check that you get the same result with a
different test site.
http://omicron.hackerwhacker.com/freetools.php

cut-paste don't work in command window. You want me to type that
entire thing manually. No way. suggest some smaller url. :)

and what should I type?
ipconfig / http://omicron.hackerwhacker.com/freetools.php

3. Check whether or not those servers are actually listening
on your
own computer and are not some side effect of something being
intercepted by your ISP. You can do this with TCPview.

tcpview gives: (yeah, I have 9 windows open)

alg.exe:1204 TCP microsof-62c105:1031 microsof-62c105:0
LISTENING
AVGEMC.EXE:1908 TCP microsof-62c105:10110 microsof-62c105:0
LISTENING
FDM.EXE:1700 TCP microsof-62c105:1407 rapidshare.de:http
ESTABLISHED
FIREFOX.EXE:1776 TCP microsof-62c105:1303 localhost:1304
ESTABLISHED
FIREFOX.EXE:1776 TCP microsof-62c105:1304 localhost:1303
ESTABLISHED
FIREFOX.EXE:1776 TCP microsof-62c105:1443 63.209.100.245:http
FIN_WAIT1
FIREFOX.EXE:1776 TCP microsof-62c105:1444 63.209.100.245:http
FIN_WAIT1
Hamster.exe:3564 TCP microsof-62c105:smtp microsof-62c105:0
LISTENING
Hamster.exe:3564 TCP microsof-62c105:pop3 microsof-62c105:0
LISTENING
Hamster.exe:3564 TCP microsof-62c105:nntp microsof-62c105:0
LISTENING
Hamster.exe:3564 TCP microsof-62c105:nntp localhost:1431
FIN_WAIT2
LSASS.EXE:636 UDP microsof-62c105:isakmp *:*
LSASS.EXE:636 UDP microsof-62c105:4500 *:*
NewsReader3.exe:708 TCP microsof-62c105:1386 localhost:nntp
CLOSE_WAIT
NewsReader3.exe:708 TCP microsof-62c105:1431 localhost:nntp
CLOSE_WAIT
SVCHOST.EXE:828 TCP microsof-62c105:epmap microsof-62c105:0
LISTENING
SVCHOST.EXE:904 UDP microsof-62c105:ntp *:*
SVCHOST.EXE:904 UDP microsof-62c105:ntp *:*
SVCHOST.EXE:948 UDP microsof-62c105:1027 *:*
SVCHOST.EXE:948 UDP microsof-62c105:1310 *:*
SVCHOST.EXE:948 UDP microsof-62c105:1307 *:*
SVCHOST.EXE:948 UDP microsof-62c105:1311 *:*
SVCHOST.EXE:948 UDP microsof-62c105:1309 *:*
SVCHOST.EXE:948 UDP microsof-62c105:1308 *:*
SVCHOST.EXE:948 UDP microsof-62c105:1305 *:*
SVCHOST.EXE:948 UDP microsof-62c105:1312 *:*
SVCHOST.EXE:948 UDP microsof-62c105:1277 *:*
SVCHOST.EXE:948 UDP microsof-62c105:1306 *:*
System:4 TCP microsof-62c105:microsoft-ds microsof-62c105:0
LISTENING
System:4 TCP microsof-62c105:netbios-ssn microsof-62c105:0
LISTENING
System:4 UDP microsof-62c105:microsoft-ds *:*
System:4 UDP microsof-62c105:netbios-ns *:*
System:4 UDP microsof-62c105:netbios-dgm *:*
thunderbird.exe:3572 TCP microsof-62c105:1074 localhost:1075
ESTABLISHED
thunderbird.exe:3572 TCP microsof-62c105:1075 localhost:1074
ESTABLISHED

4. Try
to connect to the servers yourself. Start run cmd telnet
localhost http://localhost
ftp://localhost

giving "telnet localhost" on command prompt gives
Connecting to localhost...Could not open connection to the host,
on port 23: connect failed

same result with "telnet http://localhost"; and with "telnet
ftp://localhost";

5. Start listening to advice given by other people, otherwise
they may conclude that there's no point trying to continue to
help you.

And how do you conclude that I am not listening to advice?

Am I trying all these commands, downloading and installing all
these tools just for some fetish?

But, if you mean "uninstall za, switch on xp fw" to be an
advise, then I would wait till I can understand how that would
help me.

And try to understand that although you requested the test,
there is nothing to stop anyone else doing similar tests on
you without your knowledge. So your conclusion, that
outbound traffic is required before inbound traffic can
occur, must be incorrect, assuming I correctly understand
what you said.

If you really want to control where outbound connections
can and cannot be made to, then you need an external box.

Also install
http://www.sysinternals.com/Utilities/TcpView.html
And try to understand what it is telling you.

Jason

I had downloaded that and I occassionally run that. It will
take some time to become conversant with that. However I
just check that my recognized programs are appearing in the
list: avg antivirus, Free Download Manager, Firefox,
Thunderbird, Hamster

The programs that do not make sense to me, as yet, are:
alg.ece:164 Listening, lsass.exe:632, svchost.exe on 820,
868, 912, and, something called System:4 Listening

Which of the above seems hostile?

Maybe none of them but difficult to tell.
Which programs are listening for inbound connection requests,
and on what port?

posted tcpview results above. I could not make sense from that.

Is AVG up to date?

Sure.

but za is not uptodate. I have stopped its "calling home". I had
problems with its 6.1 free versions, so I am using its 4.5 free.


Jason


--
Rawat

--
Rawat
.

Relevant Pages

  • RE: Dialin problem
    ... # /etc/ppp/ppp.conf File for dial out modem to ISP and Dial in modem ... # connection to this FBSD system. ... # it's default options profile set to, NO command echo ATE0 and NO ... Edit /etc/ttys to enable a getty on the port where the dialin ...
    (freebsd-questions)
  • RE: PPP Dial-in Server NOW WORKS
    ... I discovered the necessary modem commands on the mailing lists while ... > dial in service to my FBSD box. ... in the USA the fastest line connection you ... > # ppp command that starts the ppp task to dial the ISP. ...
    (freebsd-questions)
  • Re: ip address
    ... you might have to power the modem off and on, ... "nass" wrote: ... does it say "Connected" under Local Area Connection? ... CMD.exe click and on the Prompt command type: ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Wireless Modem Options?
    ... We run a daily process on our AS400 that uses a basic 56k fax modem to ... system and download our orders. ... something like a mobile phone connection, ... wouldn't be much use either as it still requires a standard modem ...
    (comp.sys.ibm.as400.misc)
  • Re: Losing internet connection during large downloads.
    ... I have a Motorola SB5120 cable modem. ... minutes of heavy downloading my connection would completely disappear, ... When i take the speed limiter off my download ... think i recall getting near 2MBs download speeds. ...
    (comp.dcom.modems.cable)