Re: Strange problem with software or hardware router..

On Feb 17, 4:58 pm, Ansgar -59cobalt- Wiechers
<usenet-2...@xxxxxxxxxxxxxxxx> wrote:
development...@xxxxxxxxx wrote:
I have narrowed down a strange phenomenon I get between my Win2k
computer network,routerandNIS(Norton internet security) 2003. All
PC's in the network have Win2k, SP5 IE6 SP1, andNIS2003 with all of
the updates. L2TP Cable internet is through3Comwireless
Officeconnect 3CRWE554G72Trouter.

There's no SP5 for Windows 2000.

The problem is this: every few hours, one of the computers (any one,
not a particular one) will have a partial failure of internet service-
I can't browse the web but email, skype and FTP still work. After a
10-30 minutes the problem rights itself. The other computers in the
network don't usually experience this problem in the same time (i.e.
they are fine except the one that does't work). I thought myrouter
has a hardware problem but then I noticed that every time the problem
happens, just before it myNIS2003 reports a "portscan" of
192.168.1.1 (domain 53).

Concratulations. You just discovered why automatic network shunning
(like e.g. the "block attacker's IP address" feature implemented by
NoISe) is utterly braindead.

What you're experiencing is most likely this: NoISe regards incoming
traffic with the source IP of yourrouteras an attack (for whatever
reason), and subsequently blocks the IP address of yourrouterfor about
half an hour. Bang! No Internet for this host.

[...]

I scanne all open ports with a web security site and it reports that
only port 113 is closed (the rest are stealthed).

"Stealth" is another braindead "feature" of NoISe. A computer is not
invisible just because it doesn't respond to echo requrests.

Why do you need a personal firewall on your hosts anyway? Filter
unsolicited traffic on your network borders and remove NoISe from your
hosts.

cu
59cobalt

Thanks for that. The reason I left NIS on my pc's is because I
figured the hardware NAT "firewall" is not the same as a real
firewall, i.e. it can't protect against many types of security risks
that something like NIS can (with all of its admitted flaws).
I have also thought about opening the 192.168.1.1 ip for unlimited
traffic on NIS (i.e. placing the gatway IP inside the NIS DMZ), but
isn't that the same as removing NIS?

Thanks

.

Relevant Pages

  • Re: Cannot download files in IE6
    ... If you have a router with a firewall the firewall part of NIS is only useful ... > at least I seem to be able to download files again. ... Delete the Temporary Internet Files ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • T-Online - Runtime-error
    ... Ich verwende NIS 2007 mit automatischen Updates. ... Ich bitte ich Sie auf u.a. Link zu klicken und den Anweisungen zu folgen: ... IE 6.0.2800.11065 aus dem Internet von MS. ...
    (microsoft.public.de.german.win2000.sonstiges)
  • Re: My Windows XP has the blaster virus
    ... Then turn-on Windows XP's built-in Firewall: ... It entered your computer through your internet connection because the "firewall" ... For instructions on fixing the problem, ... Norton Internet Security 2003 ...
    (microsoft.public.windowsxp.security_admin)
  • Re: How safe am I really?
    ... Have you disabled "Automatic Firewall Rule ... Creation" (wherever that is actually located in NIS 2003)? ... some others may only appear in the Security Alerts log.. ... when you PERMIT your web browser to have Internet ...
    (alt.computer.security)
  • Re: Thanks, and more info
    ... >Hi, Chuck & Steve ... >Do you think I'd be OK to reinstall NIS and just disable ... A disabled firewall doesn't protect your computers. ... Enabling XP's built-in Internet Connection Firewall on your Internet ...
    (microsoft.public.windowsxp.network_web)
Quantcast