Re: unused ports, firewall, and trojanhorse

From: Joseph V. Morris (jvmorris@erols.com)
Date: 07/30/02 

From: "Joseph V. Morris" <jvmorris@erols.com>
Date: Tue, 30 Jul 2002 11:55:03 -0400

rasuli,

Just for general reference: With these kinds of queries, it can often be
extremely helpful to provide three items of information:
1) The operating system in use,
2) The exact build of the software firewall (from Properties
    about ...). For example, I can't tell if you're asking
    about NIS or NPF or whether you're talking about build
    1.0x, 2.0x, 2.5x, 3.0x, 3.5x, 4.0x, or 4.5x from what
    you've stated here (and it _can_ make a difference) --
    all of which are in use by different people.
3) What, precisely, was the alert that you saw? (all info,
    but you can 'mask' the local and remote IP addresses, if
    you prefer.) This can be critical to determining if
    it's totally meaningless (which I strongly suspect based
    on what you _have_ said) or whether it is, in fact,
    something you need to be concerned about. And, if it
    _is_ something worthless, I need to know what the alert
    is to tell you how to configure your system so it doesn't
    drive you nuts. <g>

Three add-on utilities for NIS/NPF that you may wish to check out:
1) NIS Settings -- http://www.capimonitor.nl/atnissettings.htm ,
    shows the basic configuration settings (as many as 30 distinct
    variables)
2) NIS Rules Viewer -- http://www.capimonitor.nl/atguardinfo.htm ,
    shows detailed information on _all_ rules in your current
    AG/NIS/NPF ruleset.
3) NIS Log Viewer -- http://home.debitel.net/user/svenschaef/logview/ ,
    provides a very readable cross-tabulation of your firewall events
    which is a bit easier to read that the standard AG/NIS/NPF log,
    complete with numerous extensions and additional help information.

1) and 2) are from Albert Janssen, who's been writing freeware utilities
for NIS/NPF before it _was_ NIS/NPF (i.e., back when it was AtGuard) and
3) is freeware from Sven Schaefer. Both of these guys are sort of the
ultimate source of independently developed add-ons for AG/NIS/NPF. You
can then cut and paste the output of these utilities (as required) when
you've got a problem for which you are seeking assistance.

Finally, everything that Robert and karl have said is correct. In
particular, the only thing you're going to get in the way of added
security from Norton System Works would be Norton Anti-Virus (NAV). And
I'm assuming that you either already use NAV or some similar AV program.
If you don't, you should get one, run it memory-resident at all times, and
update it regularly.

I don't think you have anything more than an annoyance, based on what
you've said to date. If you answer the first three questions, I can tell
you how to turn the alerts off (without in any way diminishing your
protection). 

--
Regards,
    Joseph V. Morris
    jvmorris@erols.com
    ICQ #29438199
This is a NEWSGROUP message; except for privacy reasons, please respond
therein; an e-mail COPY is always appreciated, of course.
Almost all electrons used in the creation of this message were recycled.
No electrons used in the production of this message were harmed or
mistreated in any manner.
"rasuli" <sikivu77@yahoo.com> wrote in message
news:27a001c2366f$2c74b130$2ae2c90a@phx.gbl...
| i use Norton Firewall.  i have been alerted that someone
| is trying to get into my computer through an unused port.
| There are several hundred attempts a day.  This has been
| going on for months.  Will this person eventually get
| through?  is there something i can do to stop this?  Would
| the Norton System Works provide any added protection, if i
| could use it?  I have Microsoft Millenium Edition (ME).

Relevant Pages

  • Re: Just when you think youd seen it all.....
    ... WinXP Pro SP1 installed, Norton system works, AOL 9.0, ... AVG Anti-Virus Free Edition and Spybot Search & Destroy. ... I started the Windows Firewall so she would have basic ...
    (alt.sys.pc-clone.dell)
  • Re: Help me: Norton and ZoneAlarm block 50% of internet access on new provider.
    ... Third, if you want to do some troubleshooting on a NIS/NPF configuration, ... distinctly different parts of the firewall configuration. ... no help on those two; I don't run either KaZaA or mIRC at the ...
    (comp.security.firewalls)
  • Re: Norton Internet Security or Zone Alarm?
    ... Are you asking to compare the FREE version of ZA to NIS/NPF or are you ... do you know how to customize firewall rules in a rules-based ... Sharing (ICS), which is available in all MS OSs from Win 98 SE to Win 2000 ... Pro, or Windows XP's ICF. ...
    (comp.security.firewalls)
  • Invalid page fault in module VBA332.DLL
    ... Publisher 97 on the system. ... got to the point of using Publisher to write my letters, ... I have Norton System Works 2003 with Virus Checker and Firewall and update ... I already have to keep the Firewall ...
    (microsoft.public.word.docmanagement)
  • Re: NIS/NPF 2002 vs 2003 (What firewall)...
    ... Component Control -- extends the hashing to also include 'called' files, ... there was a very simple version in NIS/NPF ... seen documented evidence of any widespread exploitation of it. ... NIS/NPF 2003 settings and firewall events. ...
    (comp.security.firewalls)