Symantec Security Check, Outpost Firewall

Discussion in 'Computer Support' started by Mellowed, Nov 17, 2004.

  1. Mellowed

    Mellowed Guest

    SYSTEM
    Win XP SP2
    Outpost Ver 1.0.1817.1645

    I just ran the Symantec Security Check on my system. It shows one problem.

    Hacker Exposure, Port 135 open.

    I can't see any options to close this port in Outpost. Does anybody know
    how to fix this??
     
    Mellowed, Nov 17, 2004
    #1
    1. Advertising

  2. Mellowed wrote:
    > SYSTEM
    > Win XP SP2
    > Outpost Ver 1.0.1817.1645
    >
    > I just ran the Symantec Security Check on my system. It shows one problem.
    >
    > Hacker Exposure, Port 135 open.
    >
    > I can't see any options to close this port in Outpost. Does anybody know
    > how to fix this??
    >
    >
    >


    Outpost....Tools - Plug-ins - Attack Detection - Settings......tick the
    boxes.
     
    =?ISO-8859-1?Q?Brian_H=B9=A9?=, Nov 17, 2004
    #2
    1. Advertising

  3. Mellowed

    Mellowed Guest

    Thanks for the assist Brian. However, that did not solve the problem. I
    checked all 3 of the 'Block Intruders' boxes and rebooted, and re-ran the
    Symantec test. Got the same Port 135 open warning. I didn't check the
    Denial of Service box.

    I need some more ideas.


    "Brian H¹©" <> wrote in message
    news:EyLmd.3$...
    > Mellowed wrote:
    >> SYSTEM
    >> Win XP SP2
    >> Outpost Ver 1.0.1817.1645
    >>
    >> I just ran the Symantec Security Check on my system. It shows one
    >> problem.
    >>
    >> Hacker Exposure, Port 135 open.
    >>
    >> I can't see any options to close this port in Outpost. Does anybody know
    >> how to fix this??
    >>
    >>
    >>

    >
    > Outpost....Tools - Plug-ins - Attack Detection - Settings......tick the
    > boxes.
     
    Mellowed, Nov 17, 2004
    #3
  4. Mellowed

    °Mike° Guest

    Port 135 (DCOM) should be blocked by default. It sounds as
    though you have an application rule allowing this port -- application
    rules override global rules. I suggest that you check your
    rules for SVCHOST, and block it altogether. Also check
    Options / System / Global System Rules and make sure that
    Block Remote Procedure Call (TCP & UDP) are active.


    On Wed, 17 Nov 2004 16:51:18 GMT, in
    <akLmd.3061$>
    Mellowed scrawled:

    >SYSTEM
    >Win XP SP2
    >Outpost Ver 1.0.1817.1645
    >
    >I just ran the Symantec Security Check on my system. It shows one problem.
    >
    >Hacker Exposure, Port 135 open.
    >
    >I can't see any options to close this port in Outpost. Does anybody know
    >how to fix this??
    >
    >


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Nov 17, 2004
    #4
  5. Mellowed wrote:

    > Thanks for the assist Brian. However, that did not solve the problem. I
    > checked all 3 of the 'Block Intruders' boxes and rebooted, and re-ran the
    > Symantec test. Got the same Port 135 open warning. I didn't check the
    > Denial of Service box.
    >
    > I need some more ideas.
    >
    >
    > "Brian H¹©" <> wrote in message
    > news:EyLmd.3$...
    >
    >>Mellowed wrote:
    >>
    >>>SYSTEM
    >>>Win XP SP2
    >>>Outpost Ver 1.0.1817.1645
    >>>
    >>>I just ran the Symantec Security Check on my system. It shows one
    >>>problem.
    >>>
    >>>Hacker Exposure, Port 135 open.
    >>>
    >>>I can't see any options to close this port in Outpost. Does anybody know
    >>>how to fix this??
    >>>
    >>>
    >>>

    >>
    >>Outpost....Tools - Plug-ins - Attack Detection - Settings......tick the
    >>boxes.

    >
    >
    >


    The firewall will deny access to the port, keep an eye on your logs for
    a few days to a week.
    Outpost is very sensitive and times the intervals between hits to see if
    it's an attack or not.
     
    =?ISO-8859-1?Q?Brian_H=B9=A9?=, Nov 17, 2004
    #5
  6. Brian H¹© wrote:

    > Mellowed wrote:
    >
    >> Thanks for the assist Brian. However, that did not solve the
    >> problem. I checked all 3 of the 'Block Intruders' boxes and rebooted,
    >> and re-ran the Symantec test. Got the same Port 135 open warning. I
    >> didn't check the Denial of Service box.
    >>
    >> I need some more ideas.
    >>
    >>
    >> "Brian H¹©" <> wrote in message
    >> news:EyLmd.3$...
    >>
    >>> Mellowed wrote:
    >>>
    >>>> SYSTEM
    >>>> Win XP SP2
    >>>> Outpost Ver 1.0.1817.1645
    >>>>
    >>>> I just ran the Symantec Security Check on my system. It shows one
    >>>> problem.
    >>>>
    >>>> Hacker Exposure, Port 135 open.
    >>>>
    >>>> I can't see any options to close this port in Outpost. Does anybody
    >>>> know how to fix this??
    >>>>
    >>>>
    >>>>
    >>>
    >>> Outpost....Tools - Plug-ins - Attack Detection - Settings......tick
    >>> the boxes.

    >>
    >>
    >>
    >>

    >
    > The firewall will deny access to the port, keep an eye on your logs for
    > a few days to a week.
    > Outpost is very sensitive and times the intervals between hits to see if
    > it's an attack or not.


    But then again, see what Mike said ;-)
     
    =?ISO-8859-1?Q?Brian_H=B9=A9?=, Nov 17, 2004
    #6
  7. Mellowed

    Mellowed Guest

    Thanks Mike. 'Global System Rules' look OK. The only box not checked under
    'system' is 'Allow Inbound Identification'.

    The SVCHOST comment is interesting. I have both Inbound and Outbound
    communication. I don't think I have any rules about SVCHOST unless it is
    there by default. Of the many listings of SVCHOST, one says DCOM. The
    others list ports such as 123, 1082,1083, 1086, 1900 and 1042. I have no
    idea what all this means or why I even need SVCHOST.

    Are you suggesting that I try to block SVCHOST?. I'll do it if it won't
    turn my PC into a Pumpkin.



    "°Mike°" <> wrote in message
    news:...
    > Port 135 (DCOM) should be blocked by default. It sounds as
    > though you have an application rule allowing this port -- application
    > rules override global rules. I suggest that you check your
    > rules for SVCHOST, and block it altogether. Also check
    > Options / System / Global System Rules and make sure that
    > Block Remote Procedure Call (TCP & UDP) are active.
    >
    >
    > On Wed, 17 Nov 2004 16:51:18 GMT, in
    > <akLmd.3061$>
    > Mellowed scrawled:
    >
    >>SYSTEM
    >>Win XP SP2
    >>Outpost Ver 1.0.1817.1645
    >>
    >>I just ran the Symantec Security Check on my system. It shows one
    >>problem.
    >>
    >>Hacker Exposure, Port 135 open.
    >>
    >>I can't see any options to close this port in Outpost. Does anybody know
    >>how to fix this??
    >>
    >>

    >
    > --
    > Basic computer maintenance
    > http://uk.geocities.com/personel44/maintenance.html
     
    Mellowed, Nov 17, 2004
    #7
  8. Mellowed

    Mellowed Guest

    Thanks Brian. I'm trying Mike's suggestions.


    "Brian H¹©" <> wrote in message
    news:nAMmd.21$...
    > Brian H¹© wrote:
    >
    >> Mellowed wrote:
    >>
    >>> Thanks for the assist Brian. However, that did not solve the problem.
    >>> I checked all 3 of the 'Block Intruders' boxes and rebooted, and re-ran
    >>> the Symantec test. Got the same Port 135 open warning. I didn't check
    >>> the Denial of Service box.
    >>>
    >>> I need some more ideas.
    >>>
    >>>
    >>> "Brian H¹©" <> wrote in message
    >>> news:EyLmd.3$...
    >>>
    >>>> Mellowed wrote:
    >>>>
    >>>>> SYSTEM
    >>>>> Win XP SP2
    >>>>> Outpost Ver 1.0.1817.1645
    >>>>>
    >>>>> I just ran the Symantec Security Check on my system. It shows one
    >>>>> problem.
    >>>>>
    >>>>> Hacker Exposure, Port 135 open.
    >>>>>
    >>>>> I can't see any options to close this port in Outpost. Does anybody
    >>>>> know how to fix this??
    >>>>>
    >>>>>
    >>>>>
    >>>>
    >>>> Outpost....Tools - Plug-ins - Attack Detection - Settings......tick the
    >>>> boxes.
    >>>
    >>>
    >>>
    >>>

    >>
    >> The firewall will deny access to the port, keep an eye on your logs for a
    >> few days to a week.
    >> Outpost is very sensitive and times the intervals between hits to see if
    >> it's an attack or not.

    >
    > But then again, see what Mike said ;-)
     
    Mellowed, Nov 17, 2004
    #8
  9. Mellowed

    °Mike° Guest

    On Wed, 17 Nov 2004 21:02:10 GMT, in
    <m%Omd.3360$>
    Mellowed scrawled:

    >
    >Thanks Mike. 'Global System Rules' look OK. The only box not checked under
    >'system' is 'Allow Inbound Identification'.


    Do you have the following system rules?

    'Block Remote Procedure Call (TCP)'
    Protocol = TCP
    Direction = Inbound
    Local Port = DCOM (135)
    Block it

    'Block Remote Procedure Call (UDP)'
    Protocol = UDP
    Local Port = 135 (DCOM)
    Block it

    If not, create them, exactly as above.

    >The SVCHOST comment is interesting. I have both Inbound and Outbound
    >communication. I don't think I have any rules about SVCHOST unless it is
    >there by default. Of the many listings of SVCHOST, one says DCOM.


    That's port 135, and is leaving your system vulnerable.

    >The others list ports such as 123, 1082,1083, 1086, 1900 and 1042. I
    >have no idea what all this means or why I even need SVCHOST.
    >
    >Are you suggesting that I try to block SVCHOST?.


    In the 'Application' section, yes.

    >I'll do it if it won't turn my PC into a Pumpkin.


    It shouldn't. If you have problems, here is a basic guide:
    http://www.agnitum.com/support/outpostfaq.html#general20


    >"°Mike°" <> wrote in message
    >news:...
    >> Port 135 (DCOM) should be blocked by default. It sounds as
    >> though you have an application rule allowing this port -- application
    >> rules override global rules. I suggest that you check your
    >> rules for SVCHOST, and block it altogether. Also check
    >> Options / System / Global System Rules and make sure that
    >> Block Remote Procedure Call (TCP & UDP) are active.
    >>
    >>
    >> On Wed, 17 Nov 2004 16:51:18 GMT, in
    >> <akLmd.3061$>
    >> Mellowed scrawled:
    >>
    >>>SYSTEM
    >>>Win XP SP2
    >>>Outpost Ver 1.0.1817.1645
    >>>
    >>>I just ran the Symantec Security Check on my system. It shows one
    >>>problem.
    >>>
    >>>Hacker Exposure, Port 135 open.
    >>>
    >>>I can't see any options to close this port in Outpost. Does anybody know
    >>>how to fix this??
    >>>
    >>>

    >>
    >> --
    >> Basic computer maintenance
    >> http://uk.geocities.com/personel44/maintenance.html

    >


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Nov 17, 2004
    #9
  10. Mellowed

    Mellowed Guest

    No I don't have those rules. I do it now.


    "°Mike°" <> wrote in message
    news:...
    > On Wed, 17 Nov 2004 21:02:10 GMT, in
    > <m%Omd.3360$>
    > Mellowed scrawled:
    >
    >>
    >>Thanks Mike. 'Global System Rules' look OK. The only box not checked
    >>under
    >>'system' is 'Allow Inbound Identification'.

    >
    > Do you have the following system rules?
    >
    > 'Block Remote Procedure Call (TCP)'
    > Protocol = TCP
    > Direction = Inbound
    > Local Port = DCOM (135)
    > Block it
    >
    > 'Block Remote Procedure Call (UDP)'
    > Protocol = UDP
    > Local Port = 135 (DCOM)
    > Block it
    >
    > If not, create them, exactly as above.
    >
    >>The SVCHOST comment is interesting. I have both Inbound and Outbound
    >>communication. I don't think I have any rules about SVCHOST unless it is
    >>there by default. Of the many listings of SVCHOST, one says DCOM.

    >
    > That's port 135, and is leaving your system vulnerable.
    >
    >>The others list ports such as 123, 1082,1083, 1086, 1900 and 1042. I
    >>have no idea what all this means or why I even need SVCHOST.
    >>
    >>Are you suggesting that I try to block SVCHOST?.

    >
    > In the 'Application' section, yes.
    >
    >>I'll do it if it won't turn my PC into a Pumpkin.

    >
    > It shouldn't. If you have problems, here is a basic guide:
    > http://www.agnitum.com/support/outpostfaq.html#general20
    >
    >
    >>"°Mike°" <> wrote in message
    >>news:...
    >>> Port 135 (DCOM) should be blocked by default. It sounds as
    >>> though you have an application rule allowing this port -- application
    >>> rules override global rules. I suggest that you check your
    >>> rules for SVCHOST, and block it altogether. Also check
    >>> Options / System / Global System Rules and make sure that
    >>> Block Remote Procedure Call (TCP & UDP) are active.
    >>>
    >>>
    >>> On Wed, 17 Nov 2004 16:51:18 GMT, in
    >>> <akLmd.3061$>
    >>> Mellowed scrawled:
    >>>
    >>>>SYSTEM
    >>>>Win XP SP2
    >>>>Outpost Ver 1.0.1817.1645
    >>>>
    >>>>I just ran the Symantec Security Check on my system. It shows one
    >>>>problem.
    >>>>
    >>>>Hacker Exposure, Port 135 open.
    >>>>
    >>>>I can't see any options to close this port in Outpost. Does anybody
    >>>>know
    >>>>how to fix this??
    >>>>
    >>>>
    >>>
    >>> --
    >>> Basic computer maintenance
    >>> http://uk.geocities.com/personel44/maintenance.html

    >>

    >
    > --
    > Basic computer maintenance
    > http://uk.geocities.com/personel44/maintenance.html
     
    Mellowed, Nov 17, 2004
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gorf

    FIREWALL OUTPOST SETTINGS

    Gorf, Sep 14, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    483
    °Mike°
    Sep 14, 2003
  2. claude nine

    Outpost Firewall

    claude nine, Sep 25, 2003, in forum: Computer Support
    Replies:
    6
    Views:
    490
    claude nine
    Sep 26, 2003
  3. Mike T

    Outpost Firewall 2.0

    Mike T, Jan 3, 2004, in forum: Computer Support
    Replies:
    17
    Views:
    1,145
    Mike T
    Jan 6, 2004
  4. Scottie

    Outpost Firewall updates?

    Scottie, Apr 7, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    520
    pcbutts1
    Apr 7, 2004
  5. DZN

    Using Outpost Firewall

    DZN, Apr 28, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    488
Loading...

Share This Page