Suspected Attack
From: Hey Nonny Mouse (aol_at_aol.com)
Date: 09/01/03
- Next message: Margaret: "OE"
- Previous message: hano: "Local security Policy"
- In reply to: Alan UK: "Suspected Attack"
- Next in thread: Alan UK: "Suspected Attack Part 2"
- Reply: Alan UK: "Suspected Attack Part 2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 1 Sep 2003 03:25:45 -0700
>After the MSBlast virus I scheduled a weekly Windows
>Update and have all the latest bit and pieces.
>I recently noticed a lot of attempts (throught the
>firewall log) for sites trying to access the internet
>using existing software- ie "site.com is trying to access
>the internet through Norton Speed Disk" sort of thing.
>Although I blocked all I could later the PC went a bit
>barmy and kept showing Explorer.exe errors.
>After a reboot and every scan (AV, Spyware etc) I could
>muster I noticed that the Sygate firewall had gone awol.
>The .exe file and Readme.txt were in the folder, but all
>the rest had gone- and I discovered them all in the
>Recycle bin.
>I restored them, but is this a virus/trojan attack to
>disbale the firewall or could this have happened during
>the Explorer.exe errors? (I realise that could have been
>part of any attack too)
Sounds like you have already picked the obvious 2 options.
I would be tempted to change all my account passwords, and
edit the local security policy (Control Panel-
>Administrative Tools->Local Security Policy) to remove
any possibility of a remote login. Of particular interest
should be the Local Policies->Security Options and Local
Policies->User Rights Assingment. Have a read through the
descriptions and change anything you don't like the look
of. I would recommend changing "additional restrictions
for anonymous logon" to "no access without explicit
permissions" and remove everything from "access this
computer from the network" if you are not part of a LAN
environment, or have no wish to share things with other
LAN users anyway. Also check which services (right click
My Computer->Manage->Services and Applications->Services)
are running on your machine and disable any you do not
need (make sure IIS is uninstalled if you are not hosting
a website, disable Terminal Services etc.).
>Any information would be greatly appreciated, and
>particularly any information about further (cost-
>effective) methods of protecting the pc short of shutting
>it off or disabling so much as to make the internet a
>waste of time...I know its a compromise.
>:-(
For firewalls, you tend to get what you pay for. Although
Sygate and Zone Alarm are free, you'll get more
configurability and functionality if you opt to pay for
it. Zone Alarm Pro is reasonable ($30 or so), Checkpoint
have a great reputation although they are expensive ($300
for a hardware firewall aimed at home broadband users).
Look around, and buy what you can afford. I am sure other
people here can give you info on which firewalls they
prefer.
- Next message: Margaret: "OE"
- Previous message: hano: "Local security Policy"
- In reply to: Alan UK: "Suspected Attack"
- Next in thread: Alan UK: "Suspected Attack Part 2"
- Reply: Alan UK: "Suspected Attack Part 2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
