Port probes

[Eonfire]

Hi again,

I've just been looking at the logs for my firewall and they seem wierd and am asking for your opinion on this.

Today i've had about 53 TCP port probes, 3 HTTP, 8 netBIOS probes, also Socks, MSRPC, Proxy, UDP, i don't even know what most of these are but do you get this type of activity too? One thing i read in a thread the other day was what ports to block from Trojans, but i forgot and went on the net to look for which ones to add into my firewall settings and obviously there's loads of them, but i'm wondering : do you add rules for each port that needs to be blocked? And finally, if so, i don't know how to add a range of ports for one rule, would i just add it like this : 135,136,137,138,139 ?

I'm guessing that's right but just to be safe i thought i'd ask.

[Tiger Shark]

Rather than block given ports because trojans can be reconfigured to use any port just block all inbound connections. It doesn't help with connections shovelling, (calling home"), but it stops all the "listeners"

[Eonfire]

Will blocking all inbound cause problems with using the net or outlook express, and if not where do i do this, in advanced settings for my firewall?

Oh, just one more thing, is there any place i can make my netBIOS more secure in windows options or in the registry? Ha, i hate having to ask all these questions without being able to help anyone aswell, i'll have to remember to come back and help future newbies out when i get some of this sussed.

[Tiger Shark]

Which firewall?

[Eonfire]

Sorry, it's blackICE but i'm not sure whether i should go back to sgygate or not, this one has IDS with it and i don't think sygate does, but i don't know if that makes any difference.

[Tiger Shark]

Shoot.... never played with that one but with it's reputation I have to believe that it comes with the default of no inbound connections.....

Any BlackIce geeks help us out here?

[disturb]

I have the same thing happing can you please tell me whan you find out what it is

[Eonfire]

Well i know for a fact that at least one person here uses blackICE because they said it in a thread the other day. No worries, the net has all information, it's just a matter of typing in the correct thing.

Oh, actually this place will have it i guess, i'll use the trusty search function.

[Falcon21]

Sygate has a good IDS. I add "135-139" instead of 135,136,137,138,139 to the rule.

[nihil]

Hi,

I have BlackIce free version and have disabled it, I don't rate it very highly, and neither do any reviews that I have seen.

Zone Alarm is the easiest to use, just set everything to "High". I know that a lot of people on this forum don't like it, probably because they cannot fiddle with settings?

Agnitum and Tiny also do free versions, and are a bit more sophisticated, I have not tried any others in a domestic environment. Remember there is one hell of a difference between the firewall requirements of a commercial server environment and a home computer running WinME, with sporadic dial-up connection to the net.

Go to: http://www.grc.com and run "shields up" to see what ports are open to the net. Ideally there should be none visible to incoming traffic, your machine should be in "stealth mode".

As for AV, I would not install Norton if you gave it to me free. The business product is OK but the home one has been a cause of a lot of problems for me. And you have to buy it!

AVG is a solid product, and I have never known it cause problems, but it is poor at detecting trojans. So is Norton for that matter.

Take a look at February's "Computer Shopper " for a review

I would suggest eTrustEZ Antivirus Protection from Computer Associates International. I recently tested it against AVG and threw a handful of trojans at them................ETrust found the same as Moosoft.....100%................AVG only found 33%

Whatever you use, remember that you must set:

1. Heuristics scanning on (or it almost certainly won't find Trojans)
2. Scan all files.
3. Scan compressed files.

Good luck