Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Re: Couple of newbie Firewall questions

Reply
Thread Tools

Re: Couple of newbie Firewall questions

 
 
Bill Matherly Jr
Guest
Posts: n/a
 
      08-18-2003
Cheddar wrote:
> Ok so I just installed Sygate Personal Firewall after using
> the standard XP pro version.
>
> I don't have a clue whats happening, so far I have allowed
> IE, Outlook and GrabIT access to the internet. Every couple
> of minutes though a warning box keeps popping up with the
> following message:
>
> F30002 DCE/RPC DCOM Buffer overflow exploit attempt
> detected.
>
> Is this the blaster virus that has caused so much hassle? I
> am not worried because I always do a windows update every
> week but I was just curious. It's very disconcerting having
> this firewall tell me everytime my PC is getting attacked.
> With the XP Firewall it never used to say anything.
>
> I'm getting more paranoid by the minute
>
>


I would immediately go to http://windowsupdate.microsoft.com and obtain
the security RPC DCOM patch, then I would then update your virus
signatures with your antivirus program, and do a complete scan for
viruses and trojans.

Just for added security, block ports 69, 135-139, 445 and 4444

- bhm

 
Reply With Quote
 
 
 
 
Cheddar
Guest
Posts: n/a
 
      08-18-2003
Bill Matherly Jr wrote:
> Cheddar wrote:
>> Ok so I just installed Sygate Personal Firewall after

using
>> the standard XP pro version.
>>
>> I don't have a clue whats happening, so far I have

allowed
>> IE, Outlook and GrabIT access to the internet. Every

couple
>> of minutes though a warning box keeps popping up with the
>> following message:
>>
>> F30002 DCE/RPC DCOM Buffer overflow exploit attempt
>> detected.
>>
>> Is this the blaster virus that has caused so much hassle?

I
>> am not worried because I always do a windows update every
>> week but I was just curious. It's very disconcerting

having
>> this firewall tell me everytime my PC is getting

attacked.
>> With the XP Firewall it never used to say anything.
>>
>> I'm getting more paranoid by the minute
>>
>>

>
> I would immediately go to

http://windowsupdate.microsoft.com and
> obtain the security RPC DCOM patch, then I would then

update your
> virus signatures with your antivirus program, and do a

complete scan
> for viruses and trojans.
>
> Just for added security, block ports 69, 135-139, 445 and

4444
>


Well I already have the latest updates from MS so I dont see
it as a issue. It's just shocking to see the number of
attempts being made.



 
Reply With Quote
 
 
 
 
Akkrid
Guest
Posts: n/a
 
      08-18-2003
On or around Monday 18 August 2003 21:56, Cheddar, cunningly disguised as
http://www.velocityreviews.com/forums/(E-Mail Removed), broke radio silence to inform
alt.computer.security of the following :

> Well I already have the latest updates from MS so I dont see
> it as a issue. It's just shocking to see the number of
> attempts being made.


Hi,

It's just a fact of Internet 'life' in my experience. You'll get used to it
in time.

When I'm in XP, I use Kerio (http://www.kerio.com) personal firewall, and
just allow my usual applications like IE, Eudora, UT2003 and WS-FTP Pro
access through the firewall, and then set the 'slider' to high.

In the case of Kerio firewall, this 'high' setting just allows the rules
already set and ignores everything else. This means I don't get a shed load
of alerts every two or three minutes. They're still there, it's just that I
don't see them.

A week or two ago I fired up Apache (web server) on one of my PC's to test a
web page. It worked ok. Great, I thought, and deleted it, shutting down the
server.

Since then, I get the same http requests from the same (NTL) machine at
least 10-15 times a day, sometimes more. I didn't realise my web design
skills were that good ... </joke>

Point is, I just created a rule in Kerio and left the 'slider' set to high.
This 'fan' can go on trying to view my (now non-existent) page forever, but
I won't be bothered by these antics.

This post probably hasn't helped you at all. I'm nooby too and new here, but
well, there ya go anyway.

Regards,

Akkrid.
--
Life can be so tragic at times. Here today ... here tomorrow ...
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
MCDST 271 & 272 exams, a couple of questions from a newbie. Mark MCDST 3 03-06-2007 09:00 PM
A couple of NEWBIE questions... Nobody ASP .Net 4 11-20-2006 12:40 PM
Newbie questions - Couple of VC++ questions regarding dlls and VB6 Ali Syed C Programming 3 10-13-2004 10:15 PM
a couple of questions from a newbie to this group His Boy Elroy Computer Security 20 04-03-2004 07:27 PM
(.NET Newbie) DataGrid killing me !!! (a couple questions) BTHOMASinOHIO ASP .Net Datagrid Control 3 08-19-2003 07:17 PM



Advertisments