Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Computer Security (http://www.velocityreviews.com/forums/f38-computer-security.html)
-   -   Should I be afraid??? (http://www.velocityreviews.com/forums/t546733-should-i-be-afraid.html)

Bubba 10-24-2007 11:22 PM

Should I be afraid???
 
Hello all.

I have a computer running both Win 2000 and Win XP. I've just recently
noticed that while running 2000, my firewall blocks MANY attempts to
access my computer. XP doesn't appear to be affected at all.

Every time I boot Win2000, these attempts start even before I have a
chance to log in. If I'm reading the firewall info correctly, several
attempts occur each minute and attempt to access different ports in
ascending order.

While trying to figure this out, I discovered that the source IP address
is the same set of numbers as my DNS client.

Does anyone know what this is or have any suggestions?

FYI, I have a linksys cable modem, linksys firewall router (about 5 years
old) and Zonealarm security suite (freshly updated). ZoneAlarm reports
no viruses. Also, I just tried a clean install of Win2000 and still had
this happen.

TIA,

Bubba

Leythos 10-24-2007 11:51 PM

Re: Should I be afraid???
 
In article <Xns99D3BAF712120bubba@216.196.97.131>, a@b.c says...
> FYI, I have a linksys cable modem, linksys firewall router (about 5 years
> old) and Zonealarm security suite (freshly updated). ZoneAlarm reports
> no viruses. Also, I just tried a clean install of Win2000 and still had
> this happen.


You don't have a firewall, you have a NAT Router.

If you don't have ANY Port-forwarding enabled and you have UPnP
disabled, there then you might want to check for firmware updates
because no unsolicited traffic should be reaching your PC through the
NAT Router - unless you have Port-Forwarding, UPnP, or you put the
computer in the Linksys DMZ address location.

You could have any number of malware on the computer, but you really
need to determine if you are actually compromised.

Most Linksys have a LOG function, enable it and then download and
install WALLWATCHER so that you can see, in real time, what traffic is
entering and leaving your network.

Since you've wiped/reinstalled 2000, why not reset the NAT router to
factory defaults, then properly configure it to block UPnP and not use
the DMZ and make sure that you change the password.

--

Leythos - spam999free@rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive.../t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

goarilla 10-25-2007 12:12 AM

Re: Should I be afraid???
 
Bubba wrote:
> Hello all.
>
> I have a computer running both Win 2000 and Win XP. I've just recently
> noticed that while running 2000, my firewall blocks MANY attempts to
> access my computer. XP doesn't appear to be affected at all.
>
> Every time I boot Win2000, these attempts start even before I have a
> chance to log in. If I'm reading the firewall info correctly, several
> attempts occur each minute and attempt to access different ports in
> ascending order.
>
> While trying to figure this out, I discovered that the source IP address
> is the same set of numbers as my DNS client.


huh ? do you mean DNS server ?

> Does anyone know what this is or have any suggestions?
>
> FYI, I have a linksys cable modem, linksys firewall router (about 5 years
> old) and Zonealarm security suite (freshly updated). ZoneAlarm reports
> no viruses. Also, I just tried a clean install of Win2000 and still had
> this happen.
>
> TIA,
>
> Bubba


Bubba 10-25-2007 12:51 AM

Re: Should I be afraid???
 
Leythos <void@nowhere.lan> wrote in
news:MPG.2189a45392f13db39896e3@adfree.Usenet.com:


> You don't have a firewall, you have a NAT Router.
>


Yeah, I was just reading a previous post on that topic. Sorry for my
ignorance. I thought I was fairly techincal but you guys have me beat by
a mile!


> If you don't have ANY Port-forwarding enabled and you have UPnP
> disabled, there then you might want to check for firmware updates
> because no unsolicited traffic should be reaching your PC through the
> NAT Router - unless you have Port-Forwarding, UPnP, or you put the
> computer in the Linksys DMZ address location.
>
> You could have any number of malware on the computer, but you really
> need to determine if you are actually compromised.
>
> Most Linksys have a LOG function, enable it and then download and
> install WALLWATCHER so that you can see, in real time, what traffic is
> entering and leaving your network.
>
> Since you've wiped/reinstalled 2000, why not reset the NAT router to
> factory defaults, then properly configure it to block UPnP and not use
> the DMZ and make sure that you change the password.
>


Thanks Leythos. I'm not familiar port-forwarding or UPnP, but I'll do
some research on them. I tried a firmware update last night but it
failed for some reason. I'll try it agian now.

I'll give the factory defaults a try again and look at Wallwatcher.

I just did a search on blocking UPnP and didn't find much. But what I
did find said to block ports 1900 and 5000. Is that what you mean?

Bubba 10-25-2007 12:51 AM

Re: Should I be afraid???
 
goarilla <"kevin DOT paulus AT skynet DOT be"> wrote in
news:471fdf84$0$29265$ba620e4c@news.skynet.be:


>
> huh ? do you mean DNS server ?


>


Probably. I'm afraid I'm out of my depth here. But I'm learning!

Leythos 10-25-2007 12:58 AM

Re: Should I be afraid???
 
In article <Xns99D3C9F769801bubba@216.196.97.131>, a@b.c says...
> Leythos <void@nowhere.lan> wrote in
> news:MPG.2189a45392f13db39896e3@adfree.Usenet.com:
>
>
> > You don't have a firewall, you have a NAT Router.
> >

>
> Yeah, I was just reading a previous post on that topic. Sorry for my
> ignorance. I thought I was fairly techincal but you guys have me beat by
> a mile!
>
>
> > If you don't have ANY Port-forwarding enabled and you have UPnP
> > disabled, there then you might want to check for firmware updates
> > because no unsolicited traffic should be reaching your PC through the
> > NAT Router - unless you have Port-Forwarding, UPnP, or you put the
> > computer in the Linksys DMZ address location.
> >
> > You could have any number of malware on the computer, but you really
> > need to determine if you are actually compromised.
> >
> > Most Linksys have a LOG function, enable it and then download and
> > install WALLWATCHER so that you can see, in real time, what traffic is
> > entering and leaving your network.
> >
> > Since you've wiped/reinstalled 2000, why not reset the NAT router to
> > factory defaults, then properly configure it to block UPnP and not use
> > the DMZ and make sure that you change the password.
> >

>
> Thanks Leythos. I'm not familiar port-forwarding or UPnP, but I'll do
> some research on them. I tried a firmware update last night but it
> failed for some reason. I'll try it agian now.
>
> I'll give the factory defaults a try again and look at Wallwatcher.
>
> I just did a search on blocking UPnP and didn't find much. But what I
> did find said to block ports 1900 and 5000. Is that what you mean?


Your NAT router, if you open the administration pages for it, has a
number of things that you can control - UPnP is one that you can
disable.

--

Leythos - spam999free@rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive.../t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

Bubba 10-25-2007 01:26 AM

Re: Should I be afraid???
 
Yup! I just found it. I tried to hurry back here tell you to ignore that
question but I didn't make it in time.

I'm trying some of the other thins you mentioned. I'll report back on any
progress soon.

Thanks again.

Bubba 10-25-2007 02:46 AM

Re: Should I be afraid???
 
Leythos <void@nowhere.lan> wrote in
news:MPG.2189a45392f13db39896e3@adfree.Usenet.com:

>
> You could have any number of malware on the computer, but you really
> need to determine if you are actually compromised.


Wouldn't the clean install negate that possibility? I only installed
SP4, factory supplied audio and video drivers, ZoneAlarm, Firefox, and
then finally the network card driver.


>
> Most Linksys have a LOG function, enable it and then download and
> install WALLWATCHER so that you can see, in real time, what traffic is
> entering and leaving your network.


Done. It doesn't see what ZoneAlarm is reporting but it's seeing plenty
of other things. That much traffic is kind of scary.


>
> Since you've wiped/reinstalled 2000, why not reset the NAT router to
> factory defaults, then properly configure it to block UPnP and not use
> the DMZ and make sure that you change the password.
>


All things done. ZoneAlarm still reports blocking attempts. But I do
feel safer now.

The only thing I couldn't do was update the firewall firmware. I go thru
the motions but it just doesn't take.

Also, I told ZoneAlarm to "Stop all internet activity" and a couple of
blocks still happened, but not at the same furious rate as before, and
then they stopped completely. Could this be something that Zonealarm
itself is doing? And why wouldn't any of this be happening on XP?

For all I know this has been happening for years and I just never
noticed. But now that I have noticed, it worries me.

Are there any other ideas? I'm thinking a new NAT router might be a good
way to go.



Bubba 10-25-2007 02:48 AM

Re: Should I be afraid???
 

>
> The only thing I couldn't do was update the firewall firmware. I go
> thru the motions but it just doesn't take.
>



I meant router firmware.

Sebastian G. 10-25-2007 06:45 AM

Re: Should I be afraid???
 
Bubba wrote:

> Hello all.
>
> I have a computer running both Win 2000 and Win XP. I've just recently
> noticed that while running 2000, my firewall blocks MANY attempts to
> access my computer. XP doesn't appear to be affected at all.
>
> Every time I boot Win2000, these attempts start even before I have a
> chance to log in. If I'm reading the firewall info correctly, several
> attempts occur each minute and attempt to access different ports in
> ascending order.


>


> While trying to figure this out, I discovered that the source IP address
> is the same set of numbers as my DNS client.
>
> Does anyone know what this is or have any suggestions?



Hm... getting more specific? Which ports? What packet contents? What
firewall are you running?


All times are GMT. The time now is 09:20 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.