Re: Couple of newbie Firewall questions

Cheddar wrote:
> Ok so I just installed Sygate Personal Firewall after using
> the standard XP pro version.
>
> I don't have a clue whats happening, so far I have allowed
> IE, Outlook and GrabIT access to the internet. Every couple
> of minutes though a warning box keeps popping up with the
> following message:
>
> F30002 DCE/RPC DCOM Buffer overflow exploit attempt
> detected.
>
> Is this the blaster virus that has caused so much hassle? I
> am not worried because I always do a windows update every
> week but I was just curious. It's very disconcerting having
> this firewall tell me everytime my PC is getting attacked.
> With the XP Firewall it never used to say anything.
>
> I'm getting more paranoid by the minute
>
>

I would immediately go to http://windowsupdate.microsoft.com and obtain
the security RPC DCOM patch, then I would then update your virus
signatures with your antivirus program, and do a complete scan for
viruses and trojans.

Just for added security, block ports 69, 135-139, 445 and 4444

- bhm

Bill Matherly Jr

Bill Matherly Jr wrote:
> Cheddar wrote:
>> Ok so I just installed Sygate Personal Firewall after
using
>> the standard XP pro version.
>>
>> I don't have a clue whats happening, so far I have
allowed
>> IE, Outlook and GrabIT access to the internet. Every
couple
>> of minutes though a warning box keeps popping up with the
>> following message:
>>
>> F30002 DCE/RPC DCOM Buffer overflow exploit attempt
>> detected.
>>
>> Is this the blaster virus that has caused so much hassle?
I
>> am not worried because I always do a windows update every
>> week but I was just curious. It's very disconcerting
having
>> this firewall tell me everytime my PC is getting
attacked.
>> With the XP Firewall it never used to say anything.
>>
>> I'm getting more paranoid by the minute
>>
>>
>
> I would immediately go to
http://windowsupdate.microsoft.com and
> obtain the security RPC DCOM patch, then I would then
update your
> virus signatures with your antivirus program, and do a
complete scan
> for viruses and trojans.
>
> Just for added security, block ports 69, 135-139, 445 and
4444
>

Well I already have the latest updates from MS so I dont see
it as a issue. It's just shocking to see the number of
attempts being made.

On or around Monday 18 August 2003 21:56, Cheddar, cunningly disguised as
, broke radio silence to inform
alt.computer.security of the following :

> Well I already have the latest updates from MS so I dont see
> it as a issue. It's just shocking to see the number of
> attempts being made.

Hi,

It's just a fact of Internet 'life' in my experience. You'll get used to it
in time.

When I'm in XP, I use Kerio (http://www.kerio.com) personal firewall, and
just allow my usual applications like IE, Eudora, UT2003 and WS-FTP Pro
access through the firewall, and then set the 'slider' to high.

In the case of Kerio firewall, this 'high' setting just allows the rules
already set and ignores everything else. This means I don't get a shed load
of alerts every two or three minutes. They're still there, it's just that I
don't see them.

A week or two ago I fired up Apache (web server) on one of my PC's to test a
web page. It worked ok. Great, I thought, and deleted it, shutting down the
server.

Since then, I get the same http requests from the same (NTL) machine at
least 10-15 times a day, sometimes more. I didn't realise my web design
skills were that good ... </joke>

Point is, I just created a rule in Kerio and left the 'slider' set to high.
This 'fan' can go on trying to view my (now non-existent) page forever, but
I won't be bothered by these antics.

This post probably hasn't helped you at all. I'm nooby too and new here, but
well, there ya go anyway.

Regards,

Akkrid.
--
Life can be so tragic at times. Here today ... here tomorrow ...