Re: Firewall

From: Bruce Chambers (bchambers_at_nospamcableone.net)
Date: 05/08/04

• Next message: Saevio: "My Network Places MRU List/Cache"
• Previous message: Bruce Chambers: "Re: xp firewall"
• In reply to: vivienne: "Firewall"
• Next in thread: anonymous_at_discussions.microsoft.com: "Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 8 May 2004 07:54:26 -0600

Greetings --

    If you're using AOL, you'll either need to find a 3rd party
firewall that is compatible with AOL, or switch to a real ISP that is
compatible with the real Internet. This is because AOL is an on-line
content provider that ignores international Internetworking standards
in favor of its own proprietary products, and has deliberately made
its connection software incompatible with both WinXP's built-in
firewall and WinXP's Internet Connection Sharing feature. AOL's
proprietary connection applet is deliberately designed to preclude
your setting/adjusting any of its properties, to include
enabling/disabling WinXP's ICF and ICS.

    I believe that the free version of ZoneAlarm (www.zonelabs.com) is
AOL-compatible. Sygate's free Personal Firewall
(http://smb.sygate.com/buy/download_buy.htm ) is also AOL-Compatible

For your friend:

    You've apparently contracted the latest worm, W32.Sasser.Worm,
specifically designed to attack people who do not update their
computers promptly and who do not practice "safe hex." In other
words, like Blaster, this worm was developed and distributed _after_ a
patch for the vulnerability was announced and made publicly available.
Further, and also like Blaster, this worm could not affect any
computer whose user had taken the basic precaution of using a properly
configured firewall.

    To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

What You should Know about the Sasser Worm and its Variants
http://www.microsoft.com/security/incident/sasser.asp

Microsoft Security Bulletin MS04-011
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

W32.Sasser.Worm
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html

A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720

W32.Sasser.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/

Bruce Chambers

--
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
You can have peace.  Or you can have freedom.  Don't ever count on 
having both at once. -- RAH
"vivienne" <anonymous@discussions.microsoft.com> wrote in message 
news:B179D292-A846-40B1-A046-DDAC246C2B42@microsoft.com...
>I have tried to find out if my windows firewall is enabled.  I am 
>running AOL v7 and right clicking on the icon in Network and Internet 
>connections, then clicking properties results in nothing happening.
>
> Also, my friend's computer is infected with the Sasser worm. It is a 
> brand new computer and even though she paid a lot of money for extra 
> cover, this problem (of course) is not included in that cover.  The 
> daughter had been fiddling around on the computer and by the time I 
> got there I had to re-install Office.  When I tried to re-install 
> their dial-up ISP the software kept telling me that I had a later 
> (or it could have been earlier, it was very late by the time I had 
> given up) version of the browser already installed.  They use BT 
> Openworld Anytime as their ISP. 

---

• Next message: Saevio: "My Network Places MRU List/Cache"
• Previous message: Bruce Chambers: "Re: xp firewall"
• In reply to: vivienne: "Firewall"
• Next in thread: anonymous_at_discussions.microsoft.com: "Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: mail problems ... You would probably have to work on this with your ISP. ... email as the 10.x.x.x range is non-routeable over the Internet. ... > The firewall gets it's IP from an ISP's dhcp server. ... > At one point (after some fiddling with the DNS server) ... (RedHat) Re: what should I do when.... ... This would be good advice in a perfect world. ... If you put a system in the Internet, it will be scanned at least a few times a day. ... Contacting your ISP for every ssh brute force scan on you server with password auth disabled will likely just waste your time and theirs. ... firewall logs, from a specific ip based in Canada, the log ... (Security-Basics) [fw-wiz] [fw-wiz]: unable to ping behind the firewall ... I have a network with the following setup: ISP router connected directly to ... to a cisco pix firewall. ... we are getting internet access throught the firewall then switch then ... (Firewall-Wizards) Re: windowsxp ... What You Should Know About the Sasser Worm and Its Variants ... PSS Security Response Team Alert - New Worm Sasser ... Enable the Windows XP Internet Connection Firewall or a ... Disconnect the computer from the Internet. ... (microsoft.public.windowsxp.help_and_support) Are These Sasser Worm Symptoms? ... >I know what to do if I have the Sasser worm, ... >to get a firewall in by the end of the week. ... >signed on to the Internet, ... I am getting an inordinate number of pop-up ads. ... (microsoft.public.windowsxp.help_and_support)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)