Sign in to follow this  
Guest daves0

To Elrond -------- Urgent!! Pls help.

Recommended Posts

Hi Elrond,after reading your post and having read all this virus attack stuff on flightsimmers I decided to download Outpost like you suggested. I installed it and started to look into it a bit. I am totally naive if it comes to those things. I have Norton Antivrus on my machine just in case and most of the time it is running when I am in the internet.After installing the program I click through the options. When I clicked attack detection a window opened and actually logged an intrusion every 30 seconds showing an IP and a portscan TCP 3021 and 3024. What the heck does this mean?. Am I attacked or is this maybe just something that has to do with online updating programs or something. I ticked block intruder's IP and hope that saves my ##### now.I am very concerned. Can you explain that stuff to me?BTW I am using AOL 7.0.Alex

Share this post


Link to post
Share on other sites
Help AVSIM continue to serve you!
Please donate today!

Hi Alex,Port scans aren't anything to worry about. Basically, someone somewhere is scanning your system to see if any ports are responding - usually looking for Trojans that are activated on your system with specific ports and the like.While port scanning is annoying, it doesn't mean you're under attack. It simply means someone is looking for a system they *can* attack. In an average day (since I'm on cable), I must get port scanned a couple hundred times.The good thing about Outpost and similar Firewalls is: they block any response to those scans. In effect, to the person scanning, it looks like the IP your system is currently assigned isn't actually being used. In other words, it looks like your system is completely turned off. They don't get a response, so they move on. If you weren't running a firewall, they'd get a response from all open ports they scan on your system. While that doesn't mean they'd start attacking any of them, it'd leave the possibility open. With Outpost running, it doesn't (but ports where you are running any servers will respond of course - like web servers, Instant Messengers, etc. This is what allows them to be servers).Basically the only thing you'll ever need to worry about is if Outpost pops up a dialog for some weird executable thats asking to connect to the outside. Be aware, however, Outpost will ask your permission to allow ANY application to contact the outside - such as Internet Explorer, FTP programs, Instant Messengers, etc. All of these are absolutely fine (and you'll have the option to "trust" them - or at least trust a part of them - in the future so Outpost doesn't bother you about them again). Its when weird exe's and the like that you don't recognize ask to call out that you should investigate. Again, this is pretty rare and usually doesn't mean something nefarious, but if you ever get a Trojan - this is what will happen.Likewise, when someone tries to connect to your system on a port that is unusual, you'll get a warning box as well. Like before, most of these occasions are completely normal (such as someone sending you a file through an instant messenger on a high port such as 12555, etc)... Its when it is a strange port and you're not running a server of any kind that you should pay attention.So, in this case, port scanning is nothing to worry about. Most ISP's frown on their users doing this. Now that you have Outpost, and if you're feeling saucy, you can grab their IP and report them to their ISP. Just be aware you'll get mighty tired of doing this after the umpteenth thousandth time... :-)Good luck,Elrondhttp://members.rogers.com/eelvish/Boycott-RIAA.gif]"A musician without the RIAA, is like a fish without a bicycle."[/font://http://members.rogers.com/eelvish/B...cle."[/b][/font

Share this post


Link to post
Share on other sites

One last thing Elrond. Should I run the firewall all the time, or only when I am connected to the internet, and most importantly, what will it do to my FS2002 framerates then?Alex

Share this post


Link to post
Share on other sites

I personally run it all the time... Even when I use dial-up for one reason or another. That way I don't forget to run it - could save that one instance when you just might have needed it.As for resources, it takes very, very little cpu. If you're running WinXP, you can hit CTRL-ALT-DEL and scroll down the list on the Process tab until you find Outpost.exe. As you'll see, it almost always uses 0% CPU cycles. Only when a connection is made or the like will it kick in for a few seconds.No app or game should be robbed of any performance with a firewall installed. Even when using multi-player functions. As usual, however (and my standard disclaimer :-)), Your Milage May Vary.Elrondhttp://members.rogers.com/eelvish/Boycott-RIAA.gif]"A musician without the RIAA, is like a fish without a bicycle."[/font://http://members.rogers.com/eelvish/B...cle."[/b][/font

Share this post


Link to post
Share on other sites

BTW, you should ALWAYS run Outpost in Block Most mode. Right-click on the Outpost icon, select "Policy" then select "Block Most" mode.By default, Outpost uses "Rules mode" so it can learn which of your applications need access to the Internet but the preset.lst file already contains the rules for most applications.If you encounter a specific application that cannot access the Internet, you can always temporarily switch to Rules mode to give the application access.

Share this post


Link to post
Share on other sites

Whatever it means I just had an Rst attack. After that I had to shutdown aol.exe as everything was degrading.This is all a totally new experience for me. Who knows what strange things I sometimes wondered about, do not have a system background.Alex

Share this post


Link to post
Share on other sites

Thx Joseph,also very interesting. At least I know now that the firewall is actually working.Guess I have been way to naive, the like "this will not happen to me I am not at those file sharing or cracking or porn sites".Seems I was wrong.Alex

Share this post


Link to post
Share on other sites

I didn't see the original thread so apologies if this has already been covered but I saw a site recently which gives info on ip addresses. You simply put the ip into their search engine and see what comes up. link to the site is http://www.ripe.net/perl/whois>Hi Elrond, >>after reading your post and having read all this virus >attack stuff on flightsimmers I decided to download Outpost >like you suggested. I installed it and started to look into >it a bit. I am totally naive if it comes to those things. I >have Norton Antivrus on my machine just in case and most of >the time it is running when I am in the internet. >>After installing the program I click through the options. >When I clicked attack detection a window opened and actually >logged an intrusion every 30 seconds showing an IP and a >portscan TCP 3021 and 3024. What the heck does this mean?. >Am I attacked or is this maybe just something that has to do >with online updating programs or something. I ticked block >intruder's IP and hope that saves my ##### now. >>I am very concerned. Can you explain that stuff to me? >>BTW I am using AOL 7.0. >>Alex

Share this post


Link to post
Share on other sites

This site is nothing more than fear mongering, backed by some extremely questionable (read: BS) technology.I can back that statement up offline. This isn't the place for it. There is no peer review of GRC products as any real security admin would take about 10 seconds reading about Steve Gibsons "nanoprobes" and close the site in fits of laughter. On top of that, there is an army of dittoheads on the site that feel attacks on Steve Gibson are because of him, and not the utter baloney he so sensationally posts on his site.For those of you who want real facts about protecting your PC - STAY AWAY FROM GRC.COM. Some of the stuff on there might be true, but then again the National Enquirer is true too, some of the time..Unfortunately I can't think of any good sites for security beginners..Maybe this is why Gibson does so well...maybe have a look at http://online.securityfocus.com for some stuff...even they have been bought by Symantec, so who knows how long we can trust them.. If I find anything better for home users, I will post.Cheers

Share this post


Link to post
Share on other sites

"such as Internet Explorer, FTP programs, Instant Messengers, etc. All of these are absolutely fine"Most of these are absolutely exploitable and NOT fine.If you'd like I can get a list of all the holes in IE, MSN Messenger, various ftp programs, some of which still exist right now.Cheers

Share this post


Link to post
Share on other sites

"Most of these are absolutely exploitable and NOT fine."Lets pick the right topics here. We're talking about programs to let communicate with the outside world here, not the exploits and security flaws they may contain.You are of course right: almost all internet software has security issues - Microsoft internet software more than any. Keeping yourself updated with the latest security fixes is of course par for the course and should be preached far and wide. But none of that has to do with Outpost firewall and the dialog boxes it'll show you as you run it.Take care,Elrondhttp://members.rogers.com/eelvish/Boycott-RIAA.gif]"A musician without the RIAA, is like a fish without a bicycle."[/font://http://members.rogers.com/eelvish/B...cle."[/b][/font

Share this post


Link to post
Share on other sites

I haven't heard of this Outpost program, but I did use a firewall called BlackIce for a while. For some reason, it interfered with my ability to actually establish a dial-up connection on the internet, even if I didn't have it running and excluded it from my startup programs. Once I uninstalled it, things were fine again. Does using Outpost have any such side effects?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this