|
Posted by on March 17, 2007, 11:27 am
If you were Registered and logged in, you could reply and use other advanced thread options > On Mar 7, 5:03 pm, development...@walla.com wrote:
>
>
>
> > Hi all
>
> > The problem I have is this: every few hours, one of the computers (any
> > one,
> > not a particular one) will have a partial failure of internet
> > service-
> > I can't browse the web but email, skype and FTP still work. After
> > 30 minutes the problem rights itself. The other computers in the
> > network don't usually experience this problem in the same time (i.e.
> > they are fine except the one that does't work). I thought my router
> > has a hardware problem but then I noticed that every time the problem
> > happens, just before it my NIS 2003 reports a "portscan" of
> > 192.168.1.1 (domain 53-> this means port 53, I gather).
> > I have a 3COM router and win2k home network of PC's.
>
> > Apparently it is because the NIS2003 autoblocks the 192.168.1.1 for 30
> > minutes after each
> > 'attack'. I can only assume that this is some kind of periodicDNS
> > ping by the system.
>
> > With the aid of this useful
site,http://homepage.ntlworld.com/robin.d.h.walker/cmtips/security.html#fw...
>
> > I learnt that for cable modems I might have to add the Default gateway
> > (192.168.1.1)
> > (the site refers to the 'modem' address but If I have a router I am
> > guessing that is the same)
> > to the trusted zone (perhaps at least for port 53?)
> > Or I could set up a rule for NIS2003 to trust all traffic on port 53,
> > does anyone know which is safer?
>
> > If I set 192.168.1.1 to be a trusted address, doesn't that mean that
> > attacks could originate
> > from there?
>
> > I can set it to allow only port 53 from 192.168.1.1, but is thisDNS
> > request TCP,UDP, both or ICMP?
>
> > What would be the least security vulnerable solution?
>
> > Thanks...!
>
> > (..)
> > Below is additional configuration info.
>
> > I have tried to have the PC's configured statically (withDNS
> > servers)
> > as well as DHCP automatic config, it doesn't imrove the issue.
> > If I disable NIS 2003 and then immediately enable it, internet
> > service
> > resumes...
> > I scanne all open ports with a web security site and it reports that
> > only port 113 is closed (the rest are stealthed).
>
> > NIS (Norton internet security) 2003. All
> > PC's in the network have Win2k, SP5 IE6 SP1, and NIS 2003 with all of
> > the updates. L2TP Cable internet is through 3Com wireless
> > Officeconnect 3CRWE554G72T router.
>
> FWIW, I used to be a field service technician and one of the biggest
> hassles I faced were PCs with NIS installed. IMO, any computer that
> has NIS installed, and the user is a techie-geek like me, would be
> better off using something much less frustrating than NIS, usually,
> independant software that isn't integrated together like NIS. NAV is
> great... but the package suite is way too fluffy and bloats the OS
> pretty bad. Needless to say, to uninstall it sometimes causes even
> MORE problems...
>
> good luck- Hide quoted text -
>
> - Show quoted text -
Thank you for replying. However all I would like to know whether this
phenomenon is an attack or it can be safely given an "allow" rule in
NIS. I get it 10-15 times a day now,
all from 192.168.1.1 (the router address of course) and every time
from a different port (1000-5000). If I tell NIS to allow all traffic
from said IP, that is the same as disabling NIS altogether, isn't it?
Thanks
| 
XML site map