Firewall/security program

[DCCV44.2223]

Quote:

Originally Posted by Blu

I kept getting odd and random connections from odd IP addresses to me via port 135, so I wanted to block the port, windows firewall for some reason wasn't doing the job so I ended up ditching it for zone alarm,

Windows firewall (or any firewall for that matter) will block TCP 135, you probably have enabled a rule that allow TCP 135 traffic to pass through. Check your firewall settings, looks like you have XP so it's Control Panel > Windows Firewall > General {tab}, select "On" and check the "Don't Allow Exceptions" option.

TCP 135 is used by Windows RPC, a number of apps will modify Windows firewall rules during installation to open that port, some 3rd party firewall will duplicate those rules.

If your running a fully patched and up-to-date Windows, that's not really an easily exploitable port.

[_dangtx_]

time for you to pick a decent linksys router or asus one and flash it to ddwrt or such.

i wouldnt run naked even if you paid me. too much crap coming your way.

check the database before you flash it.

if you need help with the flash or if you brick it drop me a pm.

[JD]

Even once you get a router, I'd strongly suggest doing a full format and re-install.

And yes, any home router will give you 4 wired connections along with the ability to connect quite a few wireless devices.

[frontier204]

Yep it sounds like you were hacked; I agree with JD on clearing out your HDD and reinstalling the OS - if someone got in deep enough to have remote access it'll be an uphill battle to clean your PC. (e.g. verifying ALL the services and startup programs are still legit will take longer than reinstalling) Also, note that (unless configured to do so) a router's firewall will only block stuff INCOMING and not outgoing, so if you put a router in there viruses can still communicate and do nasty stuff like participate in DDOS botnets.

I'm not sure why Eastlink + no hardware firewall is particularly bad, although any computer directly exposed to the Internet is iffy because one wrong move and you open a port (e.g. you enable universal plug and play, or you enable "Network Discovery" + printer sharing) and script kiddies can get their little programs in. A computer with open service ports (e.g. the first 1024) is just about the easiest target for Internet hackers. Any defense like a router's firewall can add an extra layer they must break through, and then you're no longer the easiest target. (e.g. they'll generally get your neighbour with who "keeps the door unlocked" before they care about you )

Edit: I'll let you pick from the others' router suggestions because I haven't been particularly happy with my routers in the past... I don't like my current router WRT300N because it's been emitting a burning smell since I got it >4 months ago, and all the others I tried are outdated.

[enaberif]

Quote:

Originally Posted by frontier204

Yep it sounds like you were hacked; I agree with JD on clearing out your HDD and reinstalling the OS - if someone got in deep enough to have remote access it'll be an uphill battle to clean your PC. (e.g. verifying ALL the services and startup programs are still legit will take longer than reinstalling) Also, note that (unless configured to do so) a router's firewall will only block stuff INCOMING and not outgoing, so if you put a router in there viruses can still communicate and do nasty stuff like participate in DDOS botnets.

I'm not sure why Eastlink + no hardware firewall is particularly bad, although any computer directly exposed to the Internet is iffy because one wrong move and you open a port (e.g. you enable universal plug and play, or you enable "Network Discovery" + printer sharing) and script kiddies can get their little programs in. A computer with open service ports (e.g. the first 1024) is just about the easiest target for Internet hackers. Any defense like a router's firewall can add an extra layer they must break through, and then you're no longer the easiest target. (e.g. they'll generally get your neighbour with who "keeps the door unlocked" before they care about you )

ANY internet service provider is bad if you don't have a router.

Telus is smart in the sense the modem they give you has a built in router so you don't necessarily need one of your own.

Shaw.. Eastlink do not do this and you need to make sure you invest in a router or be screwed.

[burebista]

Quote:

Originally Posted by Blu

If it's a worm of sorts will a router still block that or no?

Nope, router firewall is OK for inbound but useless for outbound connections.
Your choice of CIS was right, mine works flawless at home and at work.
VritualRoot is Comodos's Sandbox temporary folder, nothing to worry.

If for some reasons you dislike CIS I suggest Online Armor or PrivateFirewall. Both are free.
IMO even Seven/Vista firewall is perfect for inbound but AV/Firewall is less important that a good and not too chatty HIPS, so that's why I'm using CIS, as a security suite it has one of best Firewalls on the market, probably one of the best and innovative HIPS (D+ with Sandbox) and a decent AV.
Or if you're paranoiac you can try Sandboxie. Run every internet facing apps in a virtual environment (sandbox) and nothing could harm your PC.

[enaberif]

Quote:

Originally Posted by burebista

Nope, router firewall is OK for inbound but useless for outbound connections.
Your choice of CIS was right, mine works flawless at home and at work.
VritualRoot is Comodos's Sandbox temporary folder, nothing to worry.

If for some reasons you dislike CIS I suggest Online Armor or PrivateFirewall. Both are free.
IMO even Seven/Vista firewall is perfect for inbound but AV/Firewall is less important that a good and not too chatty HIPS, so that's why I'm using CIS, as a security suite it has one of best Firewalls on the market, probably one of the best and innovative HIPS (D+ with Sandbox) and a decent AV.
Or if you're paranoiac you can try Sandboxie. Run every internet facing apps in a virtual environment (sandbox) and nothing could harm your PC.

If you got crap you need to worry about your outgoing connections happening on your computer you got larger issues than you think.

You should never have to worry about what is out going from your computer its the incoming that is dangerous.

[burebista]

For incoming you have Vista/Seven firewall. Rock solid.
For outgoing you must fear. Crap comes in unexpected ways.

[Perineum]

I've never had a firewall for outgoing. I choose not to have myself get infected in the first place.

[lcdguy]

personally i run a hardware firewall as well as software one. Mostly because i am on a shared lan and don't want any surprises. For the record i use the following.

Currently

Linksys WRt54GL W/ Tomato
Eset Nod32 Smart Security

Future

pfsense
Eset NOD32 Smart Security