Go Back   Hardware Canucks > SOFTWARE > O/S's, Drivers & General Software

    
Reply
 
LinkBack Thread Tools Display Modes
  #11 (permalink)  
Old January 28, 2011, 12:14 PM
Top Prospect
 
Join Date: Apr 2010
Location: Vancouver
Posts: 242
Default

Quote:
Originally Posted by Blu View Post
I kept getting odd and random connections from odd IP addresses to me via port 135, so I wanted to block the port, windows firewall for some reason wasn't doing the job so I ended up ditching it for zone alarm,
Windows firewall (or any firewall for that matter) will block TCP 135, you probably have enabled a rule that allow TCP 135 traffic to pass through. Check your firewall settings, looks like you have XP so it's Control Panel > Windows Firewall > General {tab}, select "On" and check the "Don't Allow Exceptions" option.

TCP 135 is used by Windows RPC, a number of apps will modify Windows firewall rules during installation to open that port, some 3rd party firewall will duplicate those rules.

If your running a fully patched and up-to-date Windows, that's not really an easily exploitable port.
__________________
iK
Reply With Quote
  #12 (permalink)  
Old January 28, 2011, 04:02 PM
Banned
F@H
 
Join Date: Aug 2007
Location: mtl
Posts: 12,694
Default

time for you to pick a decent linksys router or asus one and flash it to ddwrt or such.

i wouldnt run naked even if you paid me. too much crap coming your way.

check the database before you flash it.

if you need help with the flash or if you brick it drop me a pm.
Reply With Quote
  #13 (permalink)  
Old January 28, 2011, 06:10 PM
JD's Avatar
JD JD is offline
Moderator
F@H
 
Join Date: Jul 2007
Location: Toronto, ON
Posts: 6,969

My System Specs

Default

Even once you get a router, I'd strongly suggest doing a full format and re-install.

And yes, any home router will give you 4 wired connections along with the ability to connect quite a few wireless devices.
Reply With Quote
  #14 (permalink)  
Old January 28, 2011, 08:35 PM
Hall Of Fame
F@H
 
Join Date: Nov 2008
Location: Ottawa, ON
Posts: 1,230

My System Specs

Default

Yep it sounds like you were hacked; I agree with JD on clearing out your HDD and reinstalling the OS - if someone got in deep enough to have remote access it'll be an uphill battle to clean your PC. (e.g. verifying ALL the services and startup programs are still legit will take longer than reinstalling) Also, note that (unless configured to do so) a router's firewall will only block stuff INCOMING and not outgoing, so if you put a router in there viruses can still communicate and do nasty stuff like participate in DDOS botnets.

I'm not sure why Eastlink + no hardware firewall is particularly bad, although any computer directly exposed to the Internet is iffy because one wrong move and you open a port (e.g. you enable universal plug and play, or you enable "Network Discovery" + printer sharing) and script kiddies can get their little programs in. A computer with open service ports (e.g. the first 1024) is just about the easiest target for Internet hackers. Any defense like a router's firewall can add an extra layer they must break through, and then you're no longer the easiest target. (e.g. they'll generally get your neighbour with who "keeps the door unlocked" before they care about you )

Edit: I'll let you pick from the others' router suggestions because I haven't been particularly happy with my routers in the past... I don't like my current router WRT300N because it's been emitting a burning smell since I got it >4 months ago, and all the others I tried are outdated.
__________________
"The computer programmer says they should drive the car around the block and see if the tire fixes itself." [src]
Reply With Quote
  #15 (permalink)  
Old January 28, 2011, 08:38 PM
enaberif's Avatar
Hall Of Fame
 
Join Date: Dec 2006
Location: Calgahree, AB
Posts: 10,679
Default

Quote:
Originally Posted by frontier204 View Post
Yep it sounds like you were hacked; I agree with JD on clearing out your HDD and reinstalling the OS - if someone got in deep enough to have remote access it'll be an uphill battle to clean your PC. (e.g. verifying ALL the services and startup programs are still legit will take longer than reinstalling) Also, note that (unless configured to do so) a router's firewall will only block stuff INCOMING and not outgoing, so if you put a router in there viruses can still communicate and do nasty stuff like participate in DDOS botnets.

I'm not sure why Eastlink + no hardware firewall is particularly bad, although any computer directly exposed to the Internet is iffy because one wrong move and you open a port (e.g. you enable universal plug and play, or you enable "Network Discovery" + printer sharing) and script kiddies can get their little programs in. A computer with open service ports (e.g. the first 1024) is just about the easiest target for Internet hackers. Any defense like a router's firewall can add an extra layer they must break through, and then you're no longer the easiest target. (e.g. they'll generally get your neighbour with who "keeps the door unlocked" before they care about you )
ANY internet service provider is bad if you don't have a router.

Telus is smart in the sense the modem they give you has a built in router so you don't necessarily need one of your own.

Shaw.. Eastlink do not do this and you need to make sure you invest in a router or be screwed.
Reply With Quote
  #16 (permalink)  
Old January 29, 2011, 12:46 PM
burebista's Avatar
Allstar
 
Join Date: Sep 2007
Location: Romania
Posts: 599

My System Specs

Default

Quote:
Originally Posted by Blu View Post
If it's a worm of sorts will a router still block that or no?
Nope, router firewall is OK for inbound but useless for outbound connections.
Your choice of CIS was right, mine works flawless at home and at work.
VritualRoot is Comodos's Sandbox temporary folder, nothing to worry.

If for some reasons you dislike CIS I suggest Online Armor or PrivateFirewall. Both are free.
IMO even Seven/Vista firewall is perfect for inbound but AV/Firewall is less important that a good and not too chatty HIPS, so that's why I'm using CIS, as a security suite it has one of best Firewalls on the market, probably one of the best and innovative HIPS (D+ with Sandbox) and a decent AV.
Or if you're paranoiac you can try Sandboxie. Run every internet facing apps in a virtual environment (sandbox) and nothing could harm your PC.
__________________
If it ain't broke... fix it until it is.
Reply With Quote
  #17 (permalink)  
Old January 29, 2011, 12:51 PM
enaberif's Avatar
Hall Of Fame
 
Join Date: Dec 2006
Location: Calgahree, AB
Posts: 10,679
Default

Quote:
Originally Posted by burebista View Post
Nope, router firewall is OK for inbound but useless for outbound connections.
Your choice of CIS was right, mine works flawless at home and at work.
VritualRoot is Comodos's Sandbox temporary folder, nothing to worry.

If for some reasons you dislike CIS I suggest Online Armor or PrivateFirewall. Both are free.
IMO even Seven/Vista firewall is perfect for inbound but AV/Firewall is less important that a good and not too chatty HIPS, so that's why I'm using CIS, as a security suite it has one of best Firewalls on the market, probably one of the best and innovative HIPS (D+ with Sandbox) and a decent AV.
Or if you're paranoiac you can try Sandboxie. Run every internet facing apps in a virtual environment (sandbox) and nothing could harm your PC.
If you got crap you need to worry about your outgoing connections happening on your computer you got larger issues than you think.

You should never have to worry about what is out going from your computer its the incoming that is dangerous.
Reply With Quote
  #18 (permalink)  
Old January 29, 2011, 01:45 PM
burebista's Avatar
Allstar
 
Join Date: Sep 2007
Location: Romania
Posts: 599

My System Specs

Default

For incoming you have Vista/Seven firewall. Rock solid.
For outgoing you must fear. Crap comes in unexpected ways.
__________________
If it ain't broke... fix it until it is.
Reply With Quote
  #19 (permalink)  
Old January 29, 2011, 08:37 PM
Perineum's Avatar
Hall Of Fame
F@H
 
Join Date: Mar 2009
Location: Surrey, B.C.
Posts: 4,049

My System Specs

Default

I've never had a firewall for outgoing. I choose not to have myself get infected in the first place.
Reply With Quote
  #20 (permalink)  
Old January 30, 2011, 11:57 AM
lcdguy's Avatar
Hall Of Fame
F@H
 
Join Date: Mar 2007
Location: An undisclosed location
Posts: 2,048
Default

personally i run a hardware firewall as well as software one. Mostly because i am on a shared lan and don't want any surprises. For the record i use the following.

Currently

Linksys WRt54GL W/ Tomato
Eset Nod32 Smart Security

Future

pfsense
Eset NOD32 Smart Security
__________________
and now for something completely different

Reply With Quote
Reply


Thread Tools
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
Router + Firewall + NAS? Cheator Networking 7 January 9, 2009 02:43 PM
Firewall howpet O/S's, Drivers & General Software 4 November 29, 2008 09:36 PM
router for firewall. worth it? thenewguy001 Networking 17 May 29, 2008 04:10 PM
windows firewall problem... omgwtf Troubleshooting 9 May 26, 2008 08:03 PM
Which firewall you use??? ebdoradz O/S's, Drivers & General Software 28 January 6, 2008 10:03 AM