Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Should I be afraid???

Reply
Thread Tools

Should I be afraid???

 
 
Bubba
Guest
Posts: n/a
 
      10-24-2007
Hello all.

I have a computer running both Win 2000 and Win XP. I've just recently
noticed that while running 2000, my firewall blocks MANY attempts to
access my computer. XP doesn't appear to be affected at all.

Every time I boot Win2000, these attempts start even before I have a
chance to log in. If I'm reading the firewall info correctly, several
attempts occur each minute and attempt to access different ports in
ascending order.

While trying to figure this out, I discovered that the source IP address
is the same set of numbers as my DNS client.

Does anyone know what this is or have any suggestions?

FYI, I have a linksys cable modem, linksys firewall router (about 5 years
old) and Zonealarm security suite (freshly updated). ZoneAlarm reports
no viruses. Also, I just tried a clean install of Win2000 and still had
this happen.

TIA,

Bubba
 
Reply With Quote
 
 
 
 
Leythos
Guest
Posts: n/a
 
      10-24-2007
In article <Xns99D3BAF712120bubba@216.196.97.131>, (E-Mail Removed) says...
> FYI, I have a linksys cable modem, linksys firewall router (about 5 years
> old) and Zonealarm security suite (freshly updated). ZoneAlarm reports
> no viruses. Also, I just tried a clean install of Win2000 and still had
> this happen.


You don't have a firewall, you have a NAT Router.

If you don't have ANY Port-forwarding enabled and you have UPnP
disabled, there then you might want to check for firmware updates
because no unsolicited traffic should be reaching your PC through the
NAT Router - unless you have Port-Forwarding, UPnP, or you put the
computer in the Linksys DMZ address location.

You could have any number of malware on the computer, but you really
need to determine if you are actually compromised.

Most Linksys have a LOG function, enable it and then download and
install WALLWATCHER so that you can see, in real time, what traffic is
entering and leaving your network.

Since you've wiped/reinstalled 2000, why not reset the NAT router to
factory defaults, then properly configure it to block UPnP and not use
the DMZ and make sure that you change the password.

--

Leythos - http://www.velocityreviews.com/forums/(E-Mail Removed) (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive.../t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.
 
Reply With Quote
 
 
 
 
goarilla
Guest
Posts: n/a
 
      10-25-2007
Bubba wrote:
> Hello all.
>
> I have a computer running both Win 2000 and Win XP. I've just recently
> noticed that while running 2000, my firewall blocks MANY attempts to
> access my computer. XP doesn't appear to be affected at all.
>
> Every time I boot Win2000, these attempts start even before I have a
> chance to log in. If I'm reading the firewall info correctly, several
> attempts occur each minute and attempt to access different ports in
> ascending order.
>
> While trying to figure this out, I discovered that the source IP address
> is the same set of numbers as my DNS client.


huh ? do you mean DNS server ?

> Does anyone know what this is or have any suggestions?
>
> FYI, I have a linksys cable modem, linksys firewall router (about 5 years
> old) and Zonealarm security suite (freshly updated). ZoneAlarm reports
> no viruses. Also, I just tried a clean install of Win2000 and still had
> this happen.
>
> TIA,
>
> Bubba

 
Reply With Quote
 
Bubba
Guest
Posts: n/a
 
      10-25-2007
Leythos <(E-Mail Removed)> wrote in
news:(E-Mail Removed):


> You don't have a firewall, you have a NAT Router.
>


Yeah, I was just reading a previous post on that topic. Sorry for my
ignorance. I thought I was fairly techincal but you guys have me beat by
a mile!


> If you don't have ANY Port-forwarding enabled and you have UPnP
> disabled, there then you might want to check for firmware updates
> because no unsolicited traffic should be reaching your PC through the
> NAT Router - unless you have Port-Forwarding, UPnP, or you put the
> computer in the Linksys DMZ address location.
>
> You could have any number of malware on the computer, but you really
> need to determine if you are actually compromised.
>
> Most Linksys have a LOG function, enable it and then download and
> install WALLWATCHER so that you can see, in real time, what traffic is
> entering and leaving your network.
>
> Since you've wiped/reinstalled 2000, why not reset the NAT router to
> factory defaults, then properly configure it to block UPnP and not use
> the DMZ and make sure that you change the password.
>


Thanks Leythos. I'm not familiar port-forwarding or UPnP, but I'll do
some research on them. I tried a firmware update last night but it
failed for some reason. I'll try it agian now.

I'll give the factory defaults a try again and look at Wallwatcher.

I just did a search on blocking UPnP and didn't find much. But what I
did find said to block ports 1900 and 5000. Is that what you mean?
 
Reply With Quote
 
Bubba
Guest
Posts: n/a
 
      10-25-2007
goarilla <"kevin DOT paulus AT skynet DOT be"> wrote in
news:471fdf84$0$29265$(E-Mail Removed):


>
> huh ? do you mean DNS server ?


>


Probably. I'm afraid I'm out of my depth here. But I'm learning!
 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      10-25-2007
In article <Xns99D3C9F769801bubba@216.196.97.131>, (E-Mail Removed) says...
> Leythos <(E-Mail Removed)> wrote in
> news:(E-Mail Removed):
>
>
> > You don't have a firewall, you have a NAT Router.
> >

>
> Yeah, I was just reading a previous post on that topic. Sorry for my
> ignorance. I thought I was fairly techincal but you guys have me beat by
> a mile!
>
>
> > If you don't have ANY Port-forwarding enabled and you have UPnP
> > disabled, there then you might want to check for firmware updates
> > because no unsolicited traffic should be reaching your PC through the
> > NAT Router - unless you have Port-Forwarding, UPnP, or you put the
> > computer in the Linksys DMZ address location.
> >
> > You could have any number of malware on the computer, but you really
> > need to determine if you are actually compromised.
> >
> > Most Linksys have a LOG function, enable it and then download and
> > install WALLWATCHER so that you can see, in real time, what traffic is
> > entering and leaving your network.
> >
> > Since you've wiped/reinstalled 2000, why not reset the NAT router to
> > factory defaults, then properly configure it to block UPnP and not use
> > the DMZ and make sure that you change the password.
> >

>
> Thanks Leythos. I'm not familiar port-forwarding or UPnP, but I'll do
> some research on them. I tried a firmware update last night but it
> failed for some reason. I'll try it agian now.
>
> I'll give the factory defaults a try again and look at Wallwatcher.
>
> I just did a search on blocking UPnP and didn't find much. But what I
> did find said to block ports 1900 and 5000. Is that what you mean?


Your NAT router, if you open the administration pages for it, has a
number of things that you can control - UPnP is one that you can
disable.

--

Leythos - (E-Mail Removed) (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive.../t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.
 
Reply With Quote
 
Bubba
Guest
Posts: n/a
 
      10-25-2007
Yup! I just found it. I tried to hurry back here tell you to ignore that
question but I didn't make it in time.

I'm trying some of the other thins you mentioned. I'll report back on any
progress soon.

Thanks again.
 
Reply With Quote
 
Bubba
Guest
Posts: n/a
 
      10-25-2007
Leythos <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

>
> You could have any number of malware on the computer, but you really
> need to determine if you are actually compromised.


Wouldn't the clean install negate that possibility? I only installed
SP4, factory supplied audio and video drivers, ZoneAlarm, Firefox, and
then finally the network card driver.


>
> Most Linksys have a LOG function, enable it and then download and
> install WALLWATCHER so that you can see, in real time, what traffic is
> entering and leaving your network.


Done. It doesn't see what ZoneAlarm is reporting but it's seeing plenty
of other things. That much traffic is kind of scary.


>
> Since you've wiped/reinstalled 2000, why not reset the NAT router to
> factory defaults, then properly configure it to block UPnP and not use
> the DMZ and make sure that you change the password.
>


All things done. ZoneAlarm still reports blocking attempts. But I do
feel safer now.

The only thing I couldn't do was update the firewall firmware. I go thru
the motions but it just doesn't take.

Also, I told ZoneAlarm to "Stop all internet activity" and a couple of
blocks still happened, but not at the same furious rate as before, and
then they stopped completely. Could this be something that Zonealarm
itself is doing? And why wouldn't any of this be happening on XP?

For all I know this has been happening for years and I just never
noticed. But now that I have noticed, it worries me.

Are there any other ideas? I'm thinking a new NAT router might be a good
way to go.


 
Reply With Quote
 
Bubba
Guest
Posts: n/a
 
      10-25-2007

>
> The only thing I couldn't do was update the firewall firmware. I go
> thru the motions but it just doesn't take.
>



I meant router firmware.
 
Reply With Quote
 
Sebastian G.
Guest
Posts: n/a
 
      10-25-2007
Bubba wrote:

> Hello all.
>
> I have a computer running both Win 2000 and Win XP. I've just recently
> noticed that while running 2000, my firewall blocks MANY attempts to
> access my computer. XP doesn't appear to be affected at all.
>
> Every time I boot Win2000, these attempts start even before I have a
> chance to log in. If I'm reading the firewall info correctly, several
> attempts occur each minute and attempt to access different ports in
> ascending order.


>


> While trying to figure this out, I discovered that the source IP address
> is the same set of numbers as my DNS client.
>
> Does anyone know what this is or have any suggestions?



Hm... getting more specific? Which ports? What packet contents? What
firewall are you running?
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
gems should *not be case sensitive.. or should they? botp Ruby 6 10-04-2010 11:42 PM
What the FAQs should and should not contain Josef 'Jupp' SCHUGT Ruby 0 08-19-2005 01:46 PM
Should I Bridge? =?Utf-8?B?Zmx1ZmZ5IHRoZSB3b25kZXIga2l0dGVu?= Wireless Networking 1 07-21-2005 01:25 AM
taking 70-290 should i be scared? What should i expect??? Raymond Munyan MCSE 31 12-01-2004 02:34 PM
How should control images should be handled? ~~~ .NET Ed ~~~ ASP .Net Building Controls 1 11-03-2004 12:30 PM



Advertisments