[timthepoolman]

Hope someone can help a newbie?
I have a new system (3 weeks) P4, 3.0 GHz runing XP SP2, all updated. With the system came Norton Internet Security, loaded & updated. I then joined a new ISP who supplied a ADSL router (iconnect Access621)
The router has a hardware firewall enabled, NIS firewall is on and I have tried with XP firewall on or off.
PROBLEM: I noticed the icon in notification area flashing activity even though I had no browser or email open. Double clicked it, the Activity - sent was running wild; current figures are: sent-1,359,939,568(!!); receieved-202,004,344.
I cannot imagine what has been sent, I have not loaded much data on this machine yet.
I ran Norton "check security" it advised that I was "exposed to hackers". More info showed ports open:
ICMP Ping
23 Telnet
113 Ident/Authentication
The solution proposed: Instal a personal firewall eg NIS (!!!)

I have been advised to close these ports: Neither Norton, system supplier or my ISP can tell me how to do this!!
Please Help, I believe that I am under attack even though I have done all the right things.
Thanks
Timthepoolman

[Advertisements]

Hello

Goto Start->run->cmd and type in netstat -a . This command will show you all connections that have been established or are in waiting. It will also show you which port the connection is listening on.

Now there are some api hooks, with which ports can be hidden from a netstat. For this I would suggest you get a firewall, like Zonealarm (which is not too hard to use).

Also if you know what ports most of you applications run on, you can just block the rest of the ports from your router. You can specify a range like 10000 - 65000 .

Also you need to check your processes and see if there is any suspicious one.

I'll hook you up with a tool called IceSword. It can detect processes and ports that are meant to be hidden from a user. See if it helps.

http://file-downloads.cjb.net/

and the filename is icesword_en1.12.rar.

Hope I didn't confuse you.

cheers

not_napster

PS : I forgot to address your port closing problem . You can close specific ports too on your router so that no incomming connection can access those ports.

If you can't figure it out, just let us know your router brand and model and your default gateway (start > run > cmd and type ipconfig to know the default gateway)

Edited by not_napster, 11 October 2005 - 03:06 PM.

[not_napster]

Hello

Goto Start->run->cmd and type in netstat -a . This command will show you all connections that have been established or are in waiting. It will also show you which port the connection is listening on.

Now there are some api hooks, with which ports can be hidden from a netstat. For this I would suggest you get a firewall, like Zonealarm (which is not too hard to use).

Also if you know what ports most of you applications run on, you can just block the rest of the ports from your router. You can specify a range like 10000 - 65000 .

Also you need to check your processes and see if there is any suspicious one.

I'll hook you up with a tool called IceSword. It can detect processes and ports that are meant to be hidden from a user. See if it helps.

http://file-downloads.cjb.net/

and the filename is icesword_en1.12.rar.

Hope I didn't confuse you.

cheers

not_napster

PS : I forgot to address your port closing problem . You can close specific ports too on your router so that no incomming connection can access those ports.

If you can't figure it out, just let us know your router brand and model and your default gateway (start > run > cmd and type ipconfig to know the default gateway)

Edited by not_napster, 11 October 2005 - 03:06 PM.

[timthepoolman]

Thanks Not Napster for your suggestions, however I just had a call from my bank to tell me that they have suspected fraud transactions on my account!!
I guess that shows that if you think something is wrong you should assume it probably is!!

I am going to reformat & throw NIS in the bin!!!

Any suggestions for a firewall that works? I had 3; router, NIS & XP!!!