Jump to content
Sign in to follow this  
Guest daves0

To Elrond -------- Urgent!! Pls help.

Recommended Posts

Guest

I agree that Steve is so full of himself its not funny. But, Shields Up is still a good way to verify your firewall is working properly - its nothing more than an average, everyday automated port scanner. I highly recommend it for firewall testing.Another good site for those just getting in the waters is Practically Networking. Some of their guides are indispensable, such as their port listings pages:http://www.practicallynetworked.com/sharin...p_port_list.htmGood to know what apps use what ports when your looking at a firewall port listing.Take care,Elrondhttp://members.rogers.com/eelvish/Boycott-RIAA.gif]"A musician without the RIAA, is like a fish without a bicycle."[/font://http://members.rogers.com/eelvish/B...cle."[/b][/font

Share this post


Link to post
Share on other sites
Guest

The only side-effects are if you disallow a specific program from contacting the outside world, but really wanted to grant it permission. Easily fixed, of course, by hitting the configuration and removing that app from the "protected" list (I get this support call quite frequently).Otherwise, there are no problems I've had with Outpost on the hundreds of systems I've installed it on. BlackIce was/is notorious for its poor handling of a variety of systems (I haven't used it in ages however) - sometimes the BlackIce would stop working as well, with nary a dialog to let you know it was down. Not very good to say the least.While I prefer Outpost, both it and ZoneAlarm have proven to be pretty solid and effective (and free).http://www.agnitum.com/products/outpost/index.htmlTake care,Elrondhttp://members.rogers.com/eelvish/Boycott-RIAA.gif]"A musician without the RIAA, is like a fish without a bicycle."[/font://http://members.rogers.com/eelvish/B...cle."[/b][/font

Share this post


Link to post
Share on other sites
Guest JonP01

Thanks Elrond. If you recommend it, I'm getting it! I don't know anyone else who is so ready to explode with such a galaxy of computer knowledge whilst being so humble about knowing so much :-lol I actually had the BlackIce problem when I put it on Mum's machine as well. So that makes two dial-up machines without firewalls at the moment.

Share this post


Link to post
Share on other sites
Guest

Sorry I missed this one Alex...You shouldn't have needed to reboot after that scan. An "Rst attack" is nothing more than another way a person can scan your system - there are more than one ways. It sounds like you had someone doing whats called a SYN scan, or half-open scan. Basically, its an attempted stealthier way to port scan by sending a request to open a port on your system and expecting a reply saying that port is open, then quickly sending a reset packet (RST) requesting to close the port again. Since you are running Outpost, it caught it and told you about it - but did not reply to the scanning software. As such, they basically failed.Stealthy SYN scans are the most common these days. I really can't guess why it would have degraded your connection as it does nothing untoward on your system... The entire process of the scan only takes a few seconds at most then its done. With or without a firewall, you are scanned all the time. Its just that now you have a firewall, your system "sounds" dead to those scans. Next time your system feels like its degrading again, hit CTRL-ALT-DEL and check the Processes tab. If you click the CPU column, you can sort all the processes by the CPU percentage each one is using. You'd then be able to see what program is taking up so many CPU cycles. I highly doubt it would be Outpost.exe however, for more than a few seconds at a time.Sorry I couldn't be of more help, but I truly don't think you have anything to worry about in this instance.Take care,Elrondhttp://members.rogers.com/eelvish/Boycott-RIAA.gif]"A musician without the RIAA, is like a fish without a bicycle."[/font://http://members.rogers.com/eelvish/B...cle."[/b][/font

Share this post


Link to post
Share on other sites
Guest gasebah

Ok, thx fr all the support Elrond. Another instance that makes me like this forum.Alex

Share this post


Link to post
Share on other sites

BlackIce Defender should not have any side effects. I am running it for over 4 years now, always on, never had any problems with it. Must have been a wrong setting on your system or in BlackIce somewhere ;-) :-outta Francois :-wave________________________Francois A. "Navman" DumasAssociate Editor &Forums AdministratorAVSIM Online!email: fdumas@avsim.com________________________


Francois A. 'Navman' Dumas

 

Posted Image

 

EuropeRides

... and the man's Blog

Share this post


Link to post
Share on other sites
Guest

I'm sure you're right Francois. Since its been so long since I looked at BlackIce (pre ZoneAlarm intro actually, so more than a few years), I have no doubt they have done some great improvements on its stability. Above I was speaking of my previous experience with it... Back when I was using it, each Windows update broke the firewall and caused all kinds of havoc - patches were released on an almost daily basis. But again, that was quite a while ago.In the end however, its still not a very good firewall unfortunately. First is it doesn't block TCP pings. Because of this, almost all port scans that are worth their salt show your system as available. Its much better if it completely blocks any response at all. Second, and more important, it doesn't block any outgoing communication at all. Any possible spyware - unintended or even "legal" code from the likes of Microsoft, etc - will not be checked. Same goes for any Trojan that might have possibly been installed along with any downloads, emails or the like.Most of the firewalls today fully support blocking both incoming and outgoing attacks - including both Outpost and ZoneAlarm (Norton Internet Security and the more commercial offerings of its ilk do as well). Unfortunately, unless I've missed some security updates concerning BlackIce, it is still missing this very important feature.For most users, it probably wouldn't matter in the long run (besides blocking any built-in spyware that you might not wish - such as Windows Media Player or Real Media's penchant to report every CD and DVD player you play, etc). Trojans and the like are fairly rare unless you are an extremely heavy email users. But its the avoidance of that "one time" where you smack your head and *wish* you had outbound protection that makes the difference for me. Lord knows I've done that enough in my life... :-)I don't mean to discourage you in the least from a tool you feel comfortable with however. I just wanted to point out the possible pitfalls.Take care,Elrondhttp://members.rogers.com/eelvish/Boycott-RIAA.gif]"A musician without the RIAA, is like a fish without a bicycle."[/font://http://members.rogers.com/eelvish/B...cle."[/b][/font

Share this post


Link to post
Share on other sites
Guest

You're too nice Jon... :-)I *am* humble about any knowledge I have... Its easy to be humble in this business as there is *always* someone right around the corner to be humbled by - someone who simply blows my socks of with his/her detailed knowledge of something or another that I wish I knew more about...! Ahhh, but we must keep trying.But thanks for the compliment Jon,Elrondhttp://members.rogers.com/eelvish/Boycott-RIAA.gif]"A musician without the RIAA, is like a fish without a bicycle."[/font://http://members.rogers.com/eelvish/B...cle."[/b][/font

Share this post


Link to post
Share on other sites

I know and appreciate your concerns, Elron. Actually, we had this discussion a while ago and after that I installed Outpost.... then mys system crashed (yes again, I am notorious for achieving that in a regularly fashion ), I lost Oupost and just re-installed my 'known' software. As soon as I find a few minutes laying around on the floor I will make the effort and find and install Oupost again. My floor is currently littered with other things.... most of them having something to do with flight simming..... :-) :-outta Francois :-wave________________________Francois A. "Navman" DumasAssociate Editor &Forums AdministratorAVSIM Online!email: fdumas@avsim.com________________________


Francois A. 'Navman' Dumas

 

Posted Image

 

EuropeRides

... and the man's Blog

Share this post


Link to post
Share on other sites
Guest

I was thinking this felt like Deja Vu! I'm glad it wasn't just me then. :-)What I don't understand is: why don't you have LOADS of spare time kicking around on that floor? If AVSIM can pay for your lavish fishing trips like they do (I saw all that expensive foreign beer!), you'd think they'd include a nice twelve week holiday package in your employment contract! Good Lord...:-)Elrondhttp://members.rogers.com/eelvish/Boycott-RIAA.gif]"A musician without the RIAA, is like a fish without a bicycle."[/font://http://members.rogers.com/eelvish/B...cle."[/b][/font

Share this post


Link to post
Share on other sites

:-lol :-lol Elrond, I agree 100% on all points except one........ that is not foreign beer... it is local !!!';-) :-outta Francois :-wave________________________Francois A. "Navman" DumasAssociate Editor &Forums AdministratorAVSIM Online!email: fdumas@avsim.com________________________


Francois A. 'Navman' Dumas

 

Posted Image

 

EuropeRides

... and the man's Blog

Share this post


Link to post
Share on other sites
Guest daves0

Hi,This hasn't been addressed on this thread, but my inquiry fits into the overall thrust of this thread, I think....I'm using a router to network my cable modem. I have WIN XP on this sytem. I've heard that the router sets up its own address, which essentially blocks the outside from seeing the system...is this true???Do I still need a firewall?Now, to take this another step...XP comes with its own built in firewall. Is this firewall adequate to prevent intrusion?

Share this post


Link to post
Share on other sites
Guest

I do not use a windows firewall i only run unix for my servers and firewalls with that being said I can suggest a couple of things you can do to give yourself a idea of a "attack" or just a false postive(meaning it appears to be attack but really it's not).If your on dial up I would not worry to much but a firewall unless you stay on line.Here are some ips and subnets you can have the firewall always drop as they are private ips private ips and subnets (basic)10.0.0.0/8127.0.0.0/8172.16.0.0/12192.168.0.0/16router ips (basic) 224.0.0.2224.0.0.4224.0.0.5224.0.0.6224.0.0.9224.0.0.13224.0.0.15there are many more but those are the basic ones you can drop and log the last thing i would totally block is port 1433 becuse there is annoyng sql worm going around .By default all ports all blocked that are not opened but i like to make sure this one is droped and logged if you want a good portscaning tool for windows I believe webroot makes a good www.webroot.com the also make window washer which i think is the best addon in the world .The portscanning tool should run always in the back ground and when triggered it will drop the host completly away from your ip.I use portsentry for this but it only works under unix .when a port gets triggered it gives me the ip a reverse dns lookup + the ports scanned the it put's the ip in to my /etc/host.deny file and routes that ip to gateway that does not exsist like 555.555.555.555.If the ip in my /etc/host.deny file is tring to hit me again he is usually getting a now "dead host" and i see this in my syslog :) http://www.psionic.com/products/ (for unix only)Richard Dillon KATLSr First Officer www.jetstarairlines.com"Bill Grabowski's"ERJ-145 panel Beta TeamMD-11 panel Beta Team____________________________"Lets Roll" 9/11 Specs AMD 1600 XP 512MB DDR GF3 ti 200 64MB SBliveCh Products Yoke and Pedals(usb)Windows 2000 SP2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Tom Allensworth,
    Founder of AVSIM Online


  • Flight Simulation's Premier Resource!

    AVSIM is a free service to the flight simulation community. AVSIM is staffed completely by volunteers and all funds donated to AVSIM go directly back to supporting the community. Your donation here helps to pay our bandwidth costs, emergency funding, and other general costs that crop up from time to time. Thank you for your support!

    Click here for more information and to see all donations year to date.
×
×
  • Create New...