Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Firewall settings


  • Please log in to reply

#1
Sjeb

Sjeb

    Member

  • Member
  • PipPip
  • 20 posts
I hope it is okay to repost this here in this forum. I did not get a reply from the malware forum, please advise.

I have a question about the Norton log viewer. (Personal Firewall>System).
Is this log normal or should I be concerned

Log shows at boot (startup).
5:04:17 Firewall setting "Port Block Allow NetBios" changed. Old value 1. New value 0.
5:04:24 Internet Security has been turn off.
5:04:27 User logged in.
Next log: After I dial up to the internet
5:31:46 Protecting your connection to a newly detected network on adapter "wan(ppp/slip) Interface" (IP Address: I left this blank).

This is repeated every time I shut down and when restarted.

I posted Possible malware on 7-31 and malware was not suspected. I do not know if this is related to my Firewall log

That topic can be found here:
http://www.geekstogo...=0

Thanks Sjeb
  • 0

Advertisements


#2
Guest_Tony_*

Guest_Tony_*
  • Guest

I hope it is okay to repost this here in this forum. I did not get a reply from the malware forum, please advise.

I have a question about the Norton log viewer. (Personal Firewall>System).
Is this log normal or should I be concerned

Log shows at boot (startup).
5:04:17 Firewall setting "Port Block Allow NetBios" changed. Old value 1. New value 0.
5:04:24 Internet Security has been turn off.
5:04:27 User logged in.
Next log: After I dial up to the internet
5:31:46 Protecting your connection to a newly detected network on adapter "wan(ppp/slip) Interface" (IP Address: I left this blank).

This is repeated every time I shut down and when restarted.

I posted Possible malware on 7-31 and malware was not suspected. I do not know if this is related to my Firewall log

That topic can be found here:
http://www.geekstogo...=0

Thanks Sjeb

View Post



When i used to use norton security, the firewall used to say that was as well. I dont think that is anything to worry about....

Norton firewall does that for some reason. I think that it is part of its logging.

It always used tell me the username that logged onto the internet as well.... but as I said, I dont think that it is anything to worry about.

  • 0

#3
Jack123

Jack123

    Trusted Tech

  • Retired Staff
  • 944 posts
Topic: Norton Firewall
Date: 10th AUG- 2005

Are you on a system network?

That is what Norton is reporting on see note below & link to Norton explaining error. I would check it out.

NetBIOS. NetBIOS is used for Windows File & Print sharing. If port 139 is open, your computer is open to sharing files over the Internet. Other components of NetBIOS can expose your computer name, workgroup, user name, and other information. To learn more about preventing connections to your NetBIOS ports, see Norton web sitesbelow:


http://security.syma...QLVDKDNVRQQCZUF

I would suggest that you go to Gibson Research Corporation and run Shields UP Test for Internet Security Test..- Run the Shields UP Test for 1056 PORTS- It will check all these
Ports and give you a report on how secure your PC is while on the Internet. If you have your Norton Firewall settings correct – You should get a report saying all 1056 Ports are in STEALTH MODE and you are completely hidden from the INTERNET. If not you must correct your Firewall Settings.

http://www.grc.com

Jack123
  • 0

#4
Sjeb

Sjeb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thank you for your response.
I found that helpful. Gives some peace of mind. I ran the first three port test including (all Ports) 1056. All were found stealth. So that is good. As for the Symantec link and setting the netbois I am not sure what I am doing. All this is fairly new to me.
I do not know what the wins address is.
Or what LMHOST Lookup is.
Or DHCP server.
I'll have to try and learn more about this. I seen that ShieldsUp provided a lot of info there and I will go back for some of it.

Could it be that the log ("Port Block Allow NetBios" changed old value 0 New value 1) Means that it allowed that port to be blocked by changing the value from 0 to 1.

And also I wonder if the (Internet security has been turned off) would have somthing to do with the windows firewall and security center, since I have Nortons.

If you read the Post (Possible Malware) via link provided, it may help explain my concern.

Again: Thank you
Edit: I forgot to answer: No I am not on a Network.

Edited by Sjeb, 11 August 2005 - 08:03 PM.

  • 0

#5
Guest_Tony_*

Guest_Tony_*
  • Guest
When you do a firewall test, is the Netbios port stealthed?
  • 0

#6
Jack123

Jack123

    Trusted Tech

  • Retired Staff
  • 944 posts
I think that Norton set it to from a setting of "1" to "0" - from report that was in 1st Post. I think that NetBios Port is Port 139. The report that you get back show all 1056 Ports as a matrrix of little squares - that are colored - RED (OPEN) - BLUE (Closed) - GREEN (STEALTH).
And as you run Mouse over each square - it gives # and Function.

So Sjeb can tell if it was Stealthed or not.

Jack123
  • 0

#7
Sjeb

Sjeb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thank you both, Tony1983 and Jack123

Yes all ports reported (tested) to be Stealth Mode. All the blocks in the matrix were Green. And opps, you are correct regarding the value, old 1 new 0 as in the first post. I should note also; From control panel>Network conections> there are two moden type icons one for my ISP and the other "disabled" local Area Connection. Netbois is disabled in my Moden settings. Hope that I made sense.

Had you read my post "possible malware", linked in first post here. That is where my concern began.

Thanks, Sjeb
  • 0

#8
Guest_Tony_*

Guest_Tony_*
  • Guest

Thank you both, Tony1983 and Jack123

Yes all ports reported (tested) to be Stealth Mode. All the blocks in the matrix were Green. And opps, you are correct regarding the value, old 1 new 0 as in the first post. I should note also; From control panel>Network conections> there are two moden type icons one for my ISP and the other "disabled" local Area Connection. Netbois is disabled in my Moden settings. Hope that I made sense.

Had you read my post "possible malware", linked in first post here. That is where my concern began.

Thanks, Sjeb

View Post



Your totally welcome, we're happy that we can help
  • 0

#9
NOYB1

NOYB1

    New Member

  • Member
  • Pip
  • 1 posts
Kudos to you both Tony and Jack. I to have questioned why I keep seeing that value change. I do not understand why it is NOT permantlly changed and why the log must keep showing that everytime (does it change back and forth?? who knows?) Also I just had a thought about the log entry you get in the log that says Client firewall turned off. Have you made sure to permantlly turn Windows firewall off? One more thing, I have also checked Symantec's firewall rules, there is a first set of rules that cannot be changed and that the firewall says Earlier rules overide later ones for the same procotol. I notice the rule for NetBios listed up top AND later on, only difference I notice is why the blocking ONLY says to block UDP. Why not TCP as well?? hmm. I also ran the test as well from grc.com and came up all green(Thanks for the referal of that util) VERY HANDY!

Chris
  • 0

#10
Guest_Tony_*

Guest_Tony_*
  • Guest

Kudos to you both Tony and Jack.


Thank you.


I to have questioned why I keep seeing that value change. I do not understand why it is NOT permantlly changed and why the log must keep showing that everytime (does it change back and forth?? who knows?)


Is it only showing in the logs? If so to be honest I would not worry to mich about it, do you have the firewall to log everything (set to high loging or something?)

Also I just had a thought about the log entry you get in the log that says Client firewall turned off. Have you made sure to permantlly turn Windows firewall off?


Since you are using Norton Firewall, and if you did want to disable the windows firewall. Go to:

Start>Control Panel>network and Internet Connections>Windows Firewall

Once that is open, click on disable.

I notice the rule for NetBios listed up top AND later on, only difference I notice is why the blocking ONLY says to block UDP. Why not TCP as well??


TCP is the main protocal that you use to access web pages on the internet, and to use the internet and dail up or broadband. This is normal for that software to do that. (Thought I don't know why Norton does it, but must be for security reasons)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP