September 20th, 2003, 07:09 AM
My comp needs wheaties.
Hiya, just wanted to get some ideas on what a new guy should do to run a secure workstation, and maybe get some advice on how something happened. I recently had someone change my password on zonealarm 4.0, the only thing I could see in event viewer that might be related was that at the same time this was changed, telnet services/fast user switching was enabled. Could telnet bypass a firewall if I didnt disable the service behind it? Or is there a way to log onto zonealarm externally and change the password? Oh, I have it in practically paranoid mode all security settings are on high and its on an XPPRO machine.
September 20th, 2003, 08:17 AM
This may sound dumb, but make sure no one has PHYSICAL access to your computer. I don't think telnet will threaten you much; really, you shouldn't have it running in the first place.
Telnet is notorious for being exploited, cracked, etc. as data is not encrypted. If you MUST have it, set up a password and/or firewall it. It is very possible for someone to access your computer through a firewall, provided they connect and login using telnet.
P.S. Your comp's going to need a lot more than Wheaties to keep the baddies out. Maybe fruit loops... but not Wheaties...
It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.
September 20th, 2003, 12:27 PM
A sign I saw once while traveling through the Amish country:
“ Oats – 90 cents a pound
Oats, ground once through the horse – 10 cents a pound “
Such is a noob post.
PLEASE, PLEASE, PLAESE
be more specific.
You said someone changed your password on your firewall.
Well, did they have physical access to the computer as Showtime implied, or did it happen when no one could possibly have touched it??
What type of connection do you have?
Is it on a LAN?
What type of anti-virus are you using?
What steps did you take to secure the OS ?
How much and what type of computer knowledge do you have?
My suggestions ( FWIW )
Telnet was good in it's time, but sould never be running now ( IMHO ). It can be used by someone to connect to your system remotely, though if they knew what they were doing would set up an ssh connection
It sounds like you have been rooted! There is probably a back door on the system, reading everything you are, including this.
If you can, from another machine on the LAN ( if it is on a LAN ), run a port scan on the effected machine to find out what ports are open.
Run “netstat” from the MS prompt ( otherwise know as command line ), but the results may not be accurate ( If the machine has been compromised, so might that program and/or its findings )
Take the machine off-line, delete the anti-virus program, reinstall it from the original disk, burn upgrades to a cd from a know CLEAN machine and install them, see what you find. If you can't do that then try House Calls at antivirus.com ( would not recommend that if you have sensitive information on your system, but I don't trust anyone )
Do the same for Zone Alarm.
Search the forums here, you can find all kinds of information on cleaning, protecting XP.
Last suggestion, if all else fails, “fdisk” and reinstall the OS. But there is always the posibility that that you and I are both either too drunk or have too little knowledge to know what is really happening!
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes