Trying out Norton Personal Firewall

[jinxy]

I still use Norton internet security 2002 although i have updated to the latest anti virus which does seem to be much more thorough than the earlier version.

I use a router now also so i don't get the 50 odd attemps to connnect showing up on the log anymore. But i changed isp from aol to tiscali and where i was being scanned for sub7 and others a rediculouse amount of times. The router logs show the occational scan only now. Still ever with the router doing what seems to be a good job i use norton firewall to control what connects out of my pc.

[foxyloxley]

I get hit approx 3 or 4 times a day with a request ?? to install a 'Phinneas Phucker' trojan.
NAV 2004 NetSec puts up the alert, and allows me to see who /where the attack is coming from, it's a geography lesson every day. Taiwan, USA, Canada, PacRim, EEC the list goes on. NAV stops them dead, which is lucky for me, as my set up knowledge is poor on a good day ?? As for the price, $60 would be nice in the UK, where I paid £60 ($90 ish) But overall I am happy with the performance so far. Although I don't have any experience of other systems, I would have to credit the NAV product for doing exactly what it says on the pack (British TV advert humour ??)

[KorpDeath]

My condolences to you all. Good luck though. Really.



hehehe

[dopeydadwarf]

Mostly I wanted to see if anything would get done...i've never called one of them up to complain before...i just wanted to know if someone gives a **** out there.

Don't even waste your time contacting ISP out of the US. If you live in the US for example. It seems as if a dsl box is a nice bot to own. The majority of the scans I receive are from india, and various places in Europe.

Funny thing however, when I throw some **** back at them 7 out of 10 of them have open ports. Like the classic 12345, 666, 6969, and a few others. Stuff like BO, Netbus, and subseven. It might suprise you how often you get scanned for a trojan by a box already owned by the same or a even different trojan.


If you are gonna use Windows, Norton is about your best bet. It might be a bit costly, but you get what you pay for. With windows and the "user friendly generation" you have the luxury of paying for everything.

2 cents.


Be safe and stay free

[foxyloxley]

I've just been hit (again) with an EMail + attachment.
NAV NetSec 2004 has deleted the attachment, and left me a message
telling me so. Pretty cool really, straight from the box, with no input from me, bar the initial set-up routine. So I'm still a happy bunny ? Even though I've had my share of problems in the not so distant past.

[Cybr1d]

ARIGHTY.... Well I just had cheyenne pound my firewall with whatever he could find...but to no avail. These are the tools he used: LanGuard, and some other ones that he couldn't tell me at the time cuz he went offline. Probably he will post them here.

Languard was very noisy...and the firewall alerted me of its presence. It also told me the name of the hotel and the address that cheyenne was staying in...for his network convention .

Also had jarrod try the same with some of his tools...still none of them could break in. I'm not going to make this an open hunting season lol...so don't ask me for my IP to try to hack it LOL.


Jarrod's going to try some stronger tools later on when he gets a chance

[phishphreek]

Cybr1d: Did you have autoblock turned on?

I'm staying in a hotel this weekend too... and some kiddie was trying to get in my laptop. NIS blocked them rather quickly. Though, since this hotel uses dhcp, he just changed IP addresses. Rather annoying actaully. I used nbtstat just to find out a bit about his machine and found out they had the messenger service running. I sent him a nice little "friendly" messege telling them that I knew that they were up to. It stopped right away.

[Cybr1d]

LOL well the firewall its enabled...autoblock is on by default (i guess) or else it would defy the purpose. I'm using a router and a firewall though...so half the crap gets dropped at the router...and then whatever is left goes to the firewall. I need to learn more about how you found his messenger service and how u send him a msg.

[phishphreek]

you can find out some info if they have netbios enabled and not blocked.

from a command line

C:\Documents and Settings\user>nbtstat -a 192.168.xx.xx

Local Area Connection:
Node IpAddress: [192.168.xx.xx] Scope Id: []

NetBIOS Remote Machine Name Table

Name Type Status
---------------------------------------------
COMPNAME <00> UNIQUE Registered
WORKGROUP <00> GROUP Registered
COMPNAME <03> UNIQUE Registered
USERNAME <03> UNIQUE Registered

MAC Address = 00-0D-xx-xx-xx-xx

In the above example, I enabled my netbios and messenger for this.
The kiddie is no longer online.

You see the name, type and status.

You can lookup the hex codes to see what services they have open and running.

http://www.cotse.com/nbcodes.htm

We see that <03> is the messenger service.

Using the net send command, we can send them a message.

net send ipaddress message

Nothing fancy really...

I'd be a little concerned that only "half" the crap is stopped by your router...

Mine stops everything and I have NIS just as a backup. Hotels, etc.
I've never seen an attack that didn't get initiated by me on my private network.
It all gets blocked at the router. NIS is JUST for backup.

[Cybr1d]

I said half as a generalization....I actually do not know for sure how much it blocks...all I know is that nothing is getting through...and all my ports are in stealth mode. Thnx for the information...it will prove very useful when I actually need to use it.