Just 12 minutes

Just 12 minutes
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Anti-Virus Software    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Just 12 minutes Daave 02-03-2008
| |--> Re: Just 12 minutes Lord Turkey Cou...02-05-2008
| |--> Re: Just 12 minutes Lord Turkey Cou...02-07-2008
| |--> Re: Just 12 minutes Lord Turkey Cou...02-07-2008
| |--> Re: Just 12 minutes Lord Turkey Cou...02-05-2008
| | ---> Re: Just 12 minutes Lord Turkey Cou...02-05-2008
| | ---> Re: Just 12 minutes Lord Turkey Cou...02-05-2008
| | ---> Re: Just 12 minutes David W. Hodgin...02-05-2008
| | ---> Re: Just 12 minutes Lord Turkey Cou...02-06-2008
| |--> Re: Just 12 minutes David W. Hodgin...02-05-2008
| ---> Re: Just 12 minutes Lord Turkey Cou...02-05-2008
| | |--> Re: Just 12 minutes David W. Hodgin...02-05-2008
| ---> Re: Just 12 minutes Lord Turkey Cou...02-06-2008
| `--> Re: Just 12 minutes Lord Turkey Cou...02-06-2008
Posted by Kayman on February 4, 2008, 9:12 am
If you were  Registered and logged in, you could reply and use other advanced thread options
On Sun, 3 Feb 2008 23:16:51 -0500, Daave wrote:

>
> How do you close all ports without a firewall? Don't you need some ports
> open if you want to use the Web, e-mail, etc.?
>
Use Windows Firewall in conjunction with:
Seconfig XP 1.0
http://seconfig.sytes.net/
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139
and 445 (the most exploited Windows networking weak point) closed.)
OR
Configuring NT-services much more secure.
http://www.ntsvcfg.de/ntsvcfg_eng.html

Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

Posted by Daave on February 4, 2008, 10:19 am
If you were  Registered and logged in, you could reply and use other advanced thread options
> On Sun, 3 Feb 2008 23:16:51 -0500, Daave wrote:
>
>>
>> How do you close all ports without a firewall? Don't you need some
>> ports
>> open if you want to use the Web, e-mail, etc.?
>>
> Use Windows Firewall in conjunction with:
> Seconfig XP 1.0
> http://seconfig.sytes.net/
> Seconfig XP is able configure Windows not to use TCP/IP as transport
> protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135,
> 137-139
> and 445 (the most exploited Windows networking weak point) closed.)
> OR
> Configuring NT-services much more secure.
> http://www.ntsvcfg.de/ntsvcfg_eng.html
>
> Routinely practice Safe-Hex.
> http://www.claymania.com/safe-hex.html
> Hundreds Click on 'Click Here to Get Infected' Ad
> http://www.eweek.com/article2/0,1895,2132447,00.asp

Thanks for the info, Kayman!



Posted by Ant on February 4, 2008, 4:03 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
"Daave" wrote:

> Ant wrote:
>> I have since closed all ports so that even without a firewall I am no
>> longer open to these kind of attacks.
>
> Good idea.
>
> How do you close all ports without a firewall? Don't you need some ports
> open if you want to use the Web, e-mail, etc.?

Those ports are for out-going data and solicited incoming data on a
temporary basis for the specific requests. The point is to not have
unnecessary services running which are listening for requests on a
specific port.

For example, if you run a web server you need to accept requests for
service from anyone on (usually) port 80, so that port is always open
to receive traffic. If you are browsing the web you are *sending* to
the server's port 80 and receiving the page through a port above 1025
temporarily opended for that purpose.

Likewise, when using email or news, you are sending and receiving data
only when requested -- the ports are only open for the session.

In other words, you should block all incoming traffic unless you
specifically asked for it. If you have nothing listening for it in the
first place then there is nothing to block because another computer
cannot make a connection.

>> I also don't allow automatic updates; in fact I haven't updated past
>> Win2k SP2 (no longer supported). However, I wouldn't advise this for
>> most people.
>
> Interesting. Windows 2000 is up to SP4, I believe. What is your main
> reason for not keeping up-to-date with the patches?

There are various reasons which I've explained here before. However,
the main one now is that I can't be bothered with it, especially on a
dialup connection. My system is basic and configured well enough that
I don't have to worry about exploits. The more Windows advances, the
more bloat, fluff, complexity and bugs are added. I know exactly what
is running with my setup, why and what faults exit. If anything did
get through I'd spot it straight away and know how to deal with it.
Dissecting malware every day and knowing how Windows works at a low-
level helps a bit.



Posted by Art on February 4, 2008, 6:09 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Sun, 3 Feb 2008 23:16:51 -0500, "Daave"

>How do you close all ports without a firewall?

Here's something I wrote last year:
http://home.epix.net/~artnpeg/Win2KPro.html

Art

Posted by Lord Turkey Cough on February 5, 2008, 10:05 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

> "Daave" wrote:
>
>> but I'm just curious if someone who has an ordinary modem and is not
>> running a software firewall, etc. will be in danger of being infected
>> within 12 minutes as is commonly believed,
>
> I am that person! When the Swen worm first appeared some years ago I
> was infected within seconds of going online. I didn't know about it or
> the patch that had been released because I'd been abroad for a while
> and hadn't been keeping the system up to date.
>
>> and if so, what is the mechanism by which this can happen?
>
> It happens because in Windows NT, by default, there are certain
> network services running with ports open listening for incoming
> traffic. This is a very bad idea but as we know, Microsoft have
> tended to put ease of use ahead of security. Any vulnerabilities
> (bugs) in those services may be exploitable so that code is injected
> and run. There are machines (bots) constantly scanning IP address
> ranges looking for such opportunities.
>
> I have since closed all ports so that even without a firewall I am no
> longer open to these kind of attacks.

LOL yes as long as your are not connected to the internet which kind of
defeats the object.
Why not get well protected and unplug your modem etc???

>
>> In my scenario, the PC is just sitting idle. Or sitting at Windows
>> Update. :-)
>
> I also don't allow automatic updates; in fact I haven't updated past
> Win2k SP2 (no longer supported). However, I wouldn't advise this for
> most people.

You have gazillions of other software acessing the interenet when you
you do use the internet that can be infected.
You are just bocking one hole in a culander. Rather pointless.
>
>



Similar ThreadsPosted
Austin anti-virus firm has 6 minutes to make an impression (Austin American-Statesman) September 8, 2008, 2:09 am

The site map in XML format XML site map

Contact Us | Privacy Policy