Should I be afraid???

Should I be afraid???
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Computer Software Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Should I be afraid??? Bubba 10-24-2007
Posted by Bubba on October 24, 2007, 7:22 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello all.

I have a computer running both Win 2000 and Win XP. I've just recently
noticed that while running 2000, my firewall blocks MANY attempts to
access my computer. XP doesn't appear to be affected at all.

Every time I boot Win2000, these attempts start even before I have a
chance to log in. If I'm reading the firewall info correctly, several
attempts occur each minute and attempt to access different ports in
ascending order.

While trying to figure this out, I discovered that the source IP address
is the same set of numbers as my DNS client.

Does anyone know what this is or have any suggestions?

FYI, I have a linksys cable modem, linksys firewall router (about 5 years
old) and Zonealarm security suite (freshly updated). ZoneAlarm reports
no viruses. Also, I just tried a clean install of Win2000 and still had
this happen.

TIA,

Bubba

Posted by Leythos on October 24, 2007, 7:51 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> FYI, I have a linksys cable modem, linksys firewall router (about 5 years
> old) and Zonealarm security suite (freshly updated). ZoneAlarm reports
> no viruses. Also, I just tried a clean install of Win2000 and still had
> this happen.

You don't have a firewall, you have a NAT Router.

If you don't have ANY Port-forwarding enabled and you have UPnP
disabled, there then you might want to check for firmware updates
because no unsolicited traffic should be reaching your PC through the
NAT Router - unless you have Port-Forwarding, UPnP, or you put the
computer in the Linksys DMZ address location.

You could have any number of malware on the computer, but you really
need to determine if you are actually compromised.

Most Linksys have a LOG function, enable it and then download and
install WALLWATCHER so that you can see, in real time, what traffic is
entering and leaving your network.

Since you've wiped/reinstalled 2000, why not reset the NAT router to
factory defaults, then properly configure it to block UPnP and not use
the DMZ and make sure that you change the password.

--

Leythos - spam999free@rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

Posted by Bubba on October 24, 2007, 8:51 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


> You don't have a firewall, you have a NAT Router.
>

Yeah, I was just reading a previous post on that topic. Sorry for my
ignorance. I thought I was fairly techincal but you guys have me beat by
a mile!


> If you don't have ANY Port-forwarding enabled and you have UPnP
> disabled, there then you might want to check for firmware updates
> because no unsolicited traffic should be reaching your PC through the
> NAT Router - unless you have Port-Forwarding, UPnP, or you put the
> computer in the Linksys DMZ address location.
>
> You could have any number of malware on the computer, but you really
> need to determine if you are actually compromised.
>
> Most Linksys have a LOG function, enable it and then download and
> install WALLWATCHER so that you can see, in real time, what traffic is
> entering and leaving your network.
>
> Since you've wiped/reinstalled 2000, why not reset the NAT router to
> factory defaults, then properly configure it to block UPnP and not use
> the DMZ and make sure that you change the password.
>

Thanks Leythos. I'm not familiar port-forwarding or UPnP, but I'll do
some research on them. I tried a firmware update last night but it
failed for some reason. I'll try it agian now.

I'll give the factory defaults a try again and look at Wallwatcher.

I just did a search on blocking UPnP and didn't find much. But what I
did find said to block ports 1900 and 5000. Is that what you mean?

Posted by Leythos on October 24, 2007, 8:58 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
>
>
> > You don't have a firewall, you have a NAT Router.
> >
>
> Yeah, I was just reading a previous post on that topic. Sorry for my
> ignorance. I thought I was fairly techincal but you guys have me beat by
> a mile!
>
>
> > If you don't have ANY Port-forwarding enabled and you have UPnP
> > disabled, there then you might want to check for firmware updates
> > because no unsolicited traffic should be reaching your PC through the
> > NAT Router - unless you have Port-Forwarding, UPnP, or you put the
> > computer in the Linksys DMZ address location.
> >
> > You could have any number of malware on the computer, but you really
> > need to determine if you are actually compromised.
> >
> > Most Linksys have a LOG function, enable it and then download and
> > install WALLWATCHER so that you can see, in real time, what traffic is
> > entering and leaving your network.
> >
> > Since you've wiped/reinstalled 2000, why not reset the NAT router to
> > factory defaults, then properly configure it to block UPnP and not use
> > the DMZ and make sure that you change the password.
> >
>
> Thanks Leythos. I'm not familiar port-forwarding or UPnP, but I'll do
> some research on them. I tried a firmware update last night but it
> failed for some reason. I'll try it agian now.
>
> I'll give the factory defaults a try again and look at Wallwatcher.
>
> I just did a search on blocking UPnP and didn't find much. But what I
> did find said to block ports 1900 and 5000. Is that what you mean?

Your NAT router, if you open the administration pages for it, has a
number of things that you can control - UPnP is one that you can
disable.

--

Leythos - spam999free@rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

Posted by Bubba on October 24, 2007, 9:26 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Yup! I just found it. I tried to hurry back here tell you to ignore that
question but I didn't make it in time.

I'm trying some of the other thins you mentioned. I'll report back on any
progress soon.

Thanks again.


The site map in XML format XML site map

Contact Us | Privacy Policy