Re: Couple of newbie Firewall questions

Discussion in 'Computer Security' started by Bill Matherly Jr, Aug 18, 2003.

  1. Cheddar wrote:
    > Ok so I just installed Sygate Personal Firewall after using
    > the standard XP pro version.
    >
    > I don't have a clue whats happening, so far I have allowed
    > IE, Outlook and GrabIT access to the internet. Every couple
    > of minutes though a warning box keeps popping up with the
    > following message:
    >
    > F30002 DCE/RPC DCOM Buffer overflow exploit attempt
    > detected.
    >
    > Is this the blaster virus that has caused so much hassle? I
    > am not worried because I always do a windows update every
    > week but I was just curious. It's very disconcerting having
    > this firewall tell me everytime my PC is getting attacked.
    > With the XP Firewall it never used to say anything.
    >
    > I'm getting more paranoid by the minute :)
    >
    >


    I would immediately go to http://windowsupdate.microsoft.com and obtain
    the security RPC DCOM patch, then I would then update your virus
    signatures with your antivirus program, and do a complete scan for
    viruses and trojans.

    Just for added security, block ports 69, 135-139, 445 and 4444

    - bhm
    Bill Matherly Jr, Aug 18, 2003
    #1
    1. Advertising

  2. Bill Matherly Jr

    Cheddar Guest

    Bill Matherly Jr wrote:
    > Cheddar wrote:
    >> Ok so I just installed Sygate Personal Firewall after

    using
    >> the standard XP pro version.
    >>
    >> I don't have a clue whats happening, so far I have

    allowed
    >> IE, Outlook and GrabIT access to the internet. Every

    couple
    >> of minutes though a warning box keeps popping up with the
    >> following message:
    >>
    >> F30002 DCE/RPC DCOM Buffer overflow exploit attempt
    >> detected.
    >>
    >> Is this the blaster virus that has caused so much hassle?

    I
    >> am not worried because I always do a windows update every
    >> week but I was just curious. It's very disconcerting

    having
    >> this firewall tell me everytime my PC is getting

    attacked.
    >> With the XP Firewall it never used to say anything.
    >>
    >> I'm getting more paranoid by the minute :)
    >>
    >>

    >
    > I would immediately go to

    http://windowsupdate.microsoft.com and
    > obtain the security RPC DCOM patch, then I would then

    update your
    > virus signatures with your antivirus program, and do a

    complete scan
    > for viruses and trojans.
    >
    > Just for added security, block ports 69, 135-139, 445 and

    4444
    >


    Well I already have the latest updates from MS so I dont see
    it as a issue. It's just shocking to see the number of
    attempts being made.
    Cheddar, Aug 18, 2003
    #2
    1. Advertising

  3. Bill Matherly Jr

    Akkrid Guest

    On or around Monday 18 August 2003 21:56, Cheddar, cunningly disguised as
    , broke radio silence to inform
    alt.computer.security of the following :

    > Well I already have the latest updates from MS so I dont see
    > it as a issue. It's just shocking to see the number of
    > attempts being made.


    Hi,

    It's just a fact of Internet 'life' in my experience. You'll get used to it
    in time.

    When I'm in XP, I use Kerio (http://www.kerio.com) personal firewall, and
    just allow my usual applications like IE, Eudora, UT2003 and WS-FTP Pro
    access through the firewall, and then set the 'slider' to high.

    In the case of Kerio firewall, this 'high' setting just allows the rules
    already set and ignores everything else. This means I don't get a shed load
    of alerts every two or three minutes. They're still there, it's just that I
    don't see them.

    A week or two ago I fired up Apache (web server) on one of my PC's to test a
    web page. It worked ok. Great, I thought, and deleted it, shutting down the
    server.

    Since then, I get the same http requests from the same (NTL) machine at
    least 10-15 times a day, sometimes more. I didn't realise my web design
    skills were that good ... </joke>

    Point is, I just created a rule in Kerio and left the 'slider' set to high.
    This 'fan' can go on trying to view my (now non-existent) page forever, but
    I won't be bothered by these antics.

    This post probably hasn't helped you at all. I'm nooby too and new here, but
    well, there ya go anyway.

    Regards,

    Akkrid.
    --
    Life can be so tragic at times. Here today ... here tomorrow ...
    Akkrid, Aug 19, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dale Brisket

    A couple of T-Bird questions

    Dale Brisket, Oct 2, 2005, in forum: Firefox
    Replies:
    2
    Views:
    437
    Dale Brisket
    Oct 2, 2005
  2. Thomas
    Replies:
    0
    Views:
    417
    Thomas
    Jan 30, 2004
  3. Andrew Hodgson
    Replies:
    4
    Views:
    495
    Andrew Hodgson
    Feb 6, 2006
  4. His Boy Elroy

    a couple of questions from a newbie to this group

    His Boy Elroy, Apr 1, 2004, in forum: Computer Security
    Replies:
    20
    Views:
    797
    His Boy Elroy
    Apr 3, 2004
  5. Mark
    Replies:
    3
    Views:
    336
Loading...

Share This Page