«

"Joe Bloggs" <> wrote in message
news:wRw%a.3597$_...
> Below is a summary of how to protect your computer better from this and
> other viruses/worms. This information is from the
> http://www.microsoft.com/security/ web site.
>
> For more specific information on the blaster worm see
> http://www.microsoft.com/security/incident/blast.asp - it includes steps
on
> how to remove the virus.
>
>
> __________________________________________________ ________________________
>
> Here is what to do to get protected and stay protected.
>
>
>
> 1. First, turn on the Internet Connection Firewall in Windows XP.
Having
> the firewall activated will protect your computer from this security issue
> as well as many many others. Even if your computer has already been
> infected, activating firewall software will help limit the effects of the
> worm on your computer.

<snip>

I'm using a machine running XP as a gateway for my LAN and that machine is
the only one with XP's firewall enabled. Is that enough? Or do I need a
firewall on all my machines? Should I also put something like Zonealarm or
Kerio on it?

TIA.
--
~misfit~



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.510 / Virus Database: 307 - Release Date: 14/08/2003

Hi there,

~misfit~ wrote:
>
> I'm using a machine running XP as a gateway for my LAN and that machine is
> the only one with XP's firewall enabled. Is that enough? Or do I need a
> firewall on all my machines? Should I also put something like Zonealarm or
> Kerio on it?

As long as your firewall is fully configurable. You should be able to
specify whether port probes are accepted, rejected, or dropped, and
which ones also...dropping is the best policy since any hacker probing
random IP addresses will not get a response back. Thats called
'stealthing'. Make sure logging is on, since a persistent hacker may
find a weakness somewhere...at least if you see what IP address they
attack from and what time, you can report the activity to their ISP
and the ISP will be able to take action of some sort against the hacker
(close their account, legal action etc...)

Kind regards,

Chris Wilkinson, Christchurch.

"Chris Wilkinson" <> wrote in message
news:...
> Hi there,
>
> ~misfit~ wrote:
> >
> > I'm using a machine running XP as a gateway for my LAN and that machine
is
> > the only one with XP's firewall enabled. Is that enough? Or do I need a
> > firewall on all my machines? Should I also put something like Zonealarm
or
> > Kerio on it?
>
> As long as your firewall is fully configurable. You should be able to
> specify whether port probes are accepted, rejected, or dropped, and
> which ones also...dropping is the best policy since any hacker probing
> random IP addresses will not get a response back. Thats called
> 'stealthing'. Make sure logging is on, since a persistent hacker may
> find a weakness somewhere...at least if you see what IP address they
> attack from and what time, you can report the activity to their ISP
> and the ISP will be able to take action of some sort against the hacker
> (close their account, legal action etc...)
>
> Kind regards,
>
> Chris Wilkinson, Christchurch.


Thanks Chris. I can't find any way to configure XP's built-in firewall
(please correct me if I'm wrong Nathan) so I may run another one on it as
well. The old 'belt and braces' policy.

Cheers,
--
~misfit~



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.510 / Virus Database: 307 - Release Date: 14/08/2003

From the Start menu, select the Help & Support section.
In the Search box, enter "Internet Connection Firewall overview" and execute
the search.

Have a read of the "Internet Connection Firewall overview" topic.
Specifically instructions to manually configure the firewall can be found
off the "Add a service definition" link (under the "How Internet Connection
Firewall (ICF) works" sub section). You can open up ports and turn on
logging...

Regarding the question about the firewall on the gateway - I believe the
answer is yes, only the firewall on the XP machine directly connected to the
internet requires the firewall to be enabled.
You might want to read further at: (which has a lot of information on home
networking including security).
http://www.microsoft.com/windowsxp/homenetworking/
http://www.microsoft.com/windowsxp/e...ies/july30.asp


"~misfit~" <misfit@'SPAMTRAP'orcon.net.nz> wrote in message
news:uIJ%a.119096$...
> Thanks Chris. I can't find any way to configure XP's built-in firewall
> (please correct me if I'm wrong Nathan) so I may run another one on it as
> well. The old 'belt and braces' policy.
>
> Cheers,
> --
> ~misfit~

Just tested my computer (at https://grc.com/x/ne.dll?rh1dkyd2) which is on a
LAN with the gateway machine running XP's firewall:

GRC Port Authority Report created on UTC: 2003-08-18 at 00:23:26

Results from scan of ports: 0, 21, 23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

0 Ports Open
0 Ports Closed
25 Ports Stealth
---------------------
25 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

I'm very pleased, chalk one up for Microsoft.
--
~misfit~




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.510 / Virus Database: 307 - Release Date: 14/08/2003

On Mon, 18 Aug 2003 12:50:41 +1200, "~misfit~"
<misfit@'SPAMTRAP'orcon.net.nz> wrote:

>Just tested my computer (at https://grc.com/x/ne.dll?rh1dkyd2) which is on a
>LAN with the gateway machine running XP's firewall:
>
>GRC Port Authority Report created on UTC: 2003-08-18 at 00:23:26
>
>Results from scan of ports: 0, 21, 23, 25, 79, 80, 110, 113,
> 119, 135, 139, 143, 389, 443, 445,
> 1002, 1024-1030, 1720, 5000
>
> 0 Ports Open
> 0 Ports Closed
> 25 Ports Stealth
>---------------------
> 25 Ports Tested
>
>ALL PORTS tested were found to be: STEALTH.
>
>TruStealth: PASSED - ALL tested ports were STEALTH,
> - NO unsolicited packets were received,
> - NO Ping reply (ICMP Echo) was received.
>
>I'm very pleased, chalk one up for Microsoft.

Ditto.

Chalk one up for Zone Alarm

(But do we really trust GRC?)

Steve B.

"~misfit~" wrote
> I do. Steve Gibson is the man IMO.

I haven't really liked him since he got a heap of stuff wrong a year or two
back, have taken what he says with a big grain of salt at least.

On Fri, 22 Aug 2003 02:15:25 +1200, "Steve Phillips"
<> wrote:

>
>"~misfit~" <misfit@'SPAMTRAP'orcon.net.nz> wrote in message
>news:S720b.120124$.. .
>> > (But do we really trust GRC?)
>>
>> I do. Steve Gibson is the man IMO.
>
>you poor lost soul.
>
>Steve Gibson is an idle for the clue challenged.

"Idle"? There's no doubt that he is an energetic self-promoter,
surely!!

"Idol" I think you mean!

Cheers,

Cliff
--

Signed and sealed with Great Seal of the Executive
Council of the Internet, by The Master of The Net.