Port probes
Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Port probes

  1. #1
    Member
    Join Date
    Jan 2004
    Posts
    81

    Port probes

    Hi again,

    I've just been looking at the logs for my firewall and they seem wierd and am asking for your opinion on this.

    Today i've had about 53 TCP port probes, 3 HTTP, 8 netBIOS probes, also Socks, MSRPC, Proxy, UDP, i don't even know what most of these are but do you get this type of activity too? One thing i read in a thread the other day was what ports to block from Trojans, but i forgot and went on the net to look for which ones to add into my firewall settings and obviously there's loads of them, but i'm wondering : do you add rules for each port that needs to be blocked? And finally, if so, i don't know how to add a range of ports for one rule, would i just add it like this : 135,136,137,138,139 ?

    I'm guessing that's right but just to be safe i thought i'd ask.
    \"What is is not, what is not is - - if this is not yet clear to you, you\'re still far from the truth.\"

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Rather than block given ports because trojans can be reconfigured to use any port just block all inbound connections. It doesn't help with connections shovelling, (calling home"), but it stops all the "listeners"
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Member
    Join Date
    Jan 2004
    Posts
    81
    Will blocking all inbound cause problems with using the net or outlook express, and if not where do i do this, in advanced settings for my firewall?

    Oh, just one more thing, is there any place i can make my netBIOS more secure in windows options or in the registry? Ha, i hate having to ask all these questions without being able to help anyone aswell, i'll have to remember to come back and help future newbies out when i get some of this sussed.
    \"What is is not, what is not is - - if this is not yet clear to you, you\'re still far from the truth.\"

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Which firewall?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Member
    Join Date
    Jan 2004
    Posts
    81
    Sorry, it's blackICE but i'm not sure whether i should go back to sgygate or not, this one has IDS with it and i don't think sygate does, but i don't know if that makes any difference.
    \"What is is not, what is not is - - if this is not yet clear to you, you\'re still far from the truth.\"

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Shoot.... never played with that one but with it's reputation I have to believe that it comes with the default of no inbound connections.....

    Any BlackIce geeks help us out here?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Senior Member
    Join Date
    Feb 2004
    Posts
    197

    Talking

    I have the same thing happing can you please tell me whan you find out what it is

  8. #8
    Member
    Join Date
    Jan 2004
    Posts
    81
    Well i know for a fact that at least one person here uses blackICE because they said it in a thread the other day. No worries, the net has all information, it's just a matter of typing in the correct thing.

    Oh, actually this place will have it i guess, i'll use the trusty search function.
    \"What is is not, what is not is - - if this is not yet clear to you, you\'re still far from the truth.\"

  9. #9
    Senior Member Falcon21's Avatar
    Join Date
    Dec 2002
    Location
    Singapore
    Posts
    252
    Sygate has a good IDS. I add "135-139" instead of 135,136,137,138,139 to the rule.

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi,

    I have BlackIce free version and have disabled it, I don't rate it very highly, and neither do any reviews that I have seen.

    Zone Alarm is the easiest to use, just set everything to "High". I know that a lot of people on this forum don't like it, probably because they cannot fiddle with settings?

    Agnitum and Tiny also do free versions, and are a bit more sophisticated, I have not tried any others in a domestic environment. Remember there is one hell of a difference between the firewall requirements of a commercial server environment and a home computer running WinME, with sporadic dial-up connection to the net.

    Go to: http://www.grc.com and run "shields up" to see what ports are open to the net. Ideally there should be none visible to incoming traffic, your machine should be in "stealth mode".

    As for AV, I would not install Norton if you gave it to me free. The business product is OK but the home one has been a cause of a lot of problems for me. And you have to buy it!

    AVG is a solid product, and I have never known it cause problems, but it is poor at detecting trojans. So is Norton for that matter.

    Take a look at February's "Computer Shopper " for a review

    I would suggest eTrustEZ Antivirus Protection from Computer Associates International. I recently tested it against AVG and threw a handful of trojans at them................ETrust found the same as Moosoft.....100%................AVG only found 33%

    Whatever you use, remember that you must set:

    1. Heuristics scanning on (or it almost certainly won't find Trojans)
    2. Scan all files.
    3. Scan compressed files.

    Good luck

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •