Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Firewall settings


  • Please log in to reply

#1
timthepoolman

timthepoolman

    New Member

  • Member
  • Pip
  • 2 posts
Hope someone can help a newbie?
I have a new system (3 weeks) P4, 3.0 GHz runing XP SP2, all updated. With the system came Norton Internet Security, loaded & updated. I then joined a new ISP who supplied a ADSL router (iconnect Access621)
The router has a hardware firewall enabled, NIS firewall is on and I have tried with XP firewall on or off.
PROBLEM: I noticed the icon in notification area flashing activity even though I had no browser or email open. Double clicked it, the Activity - sent was running wild; current figures are: sent-1,359,939,568(!!); receieved-202,004,344.
I cannot imagine what has been sent, I have not loaded much data on this machine yet.
I ran Norton "check security" it advised that I was "exposed to hackers". More info showed ports open:
ICMP Ping
23 Telnet
113 Ident/Authentication
The solution proposed: Instal a personal firewall eg NIS (!!!)

I have been advised to close these ports: Neither Norton, system supplier or my ISP can tell me how to do this!!
Please Help, I believe that I am under attack even though I have done all the right things.
Thanks
Timthepoolman
  • 0

Advertisements


#2
not_napster

not_napster

    Member

  • Member
  • PipPip
  • 33 posts
Hello

Goto Start->run->cmd and type in netstat -a . This command will show you all connections that have been established or are in waiting. It will also show you which port the connection is listening on.

Now there are some api hooks, with which ports can be hidden from a netstat. For this I would suggest you get a firewall, like Zonealarm (which is not too hard to use).

Also if you know what ports most of you applications run on, you can just block the rest of the ports from your router. You can specify a range like 10000 - 65000 .

Also you need to check your processes and see if there is any suspicious one.

I'll hook you up with a tool called IceSword. It can detect processes and ports that are meant to be hidden from a user. See if it helps.

http://file-downloads.cjb.net/

and the filename is icesword_en1.12.rar.

Hope I didn't confuse you.

cheers

not_napster :tazz:

PS : I forgot to address your port closing problem :) . You can close specific ports too on your router so that no incomming connection can access those ports.

If you can't figure it out, just let us know your router brand and model and your default gateway (start > run > cmd and type ipconfig to know the default gateway)

Edited by not_napster, 11 October 2005 - 03:06 PM.

  • 0

#3
timthepoolman

timthepoolman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thanks Not Napster for your suggestions, however I just had a call from my bank to tell me that they have suspected fraud transactions on my account!!
I guess that shows that if you think something is wrong you should assume it probably is!!

I am going to reformat & throw NIS in the bin!!!

Any suggestions for a firewall that works? I had 3; router, NIS & XP!!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP