Aces High Bulletin Board
General Forums => Hardware and Software => Topic started by: Wes14 on January 27, 2007, 09:25:14 PM
-
this kinda humorous thing happened, went to disable norton so i could go on AH (with less Fps impact) right before i went to disable it
guess what?
Norton pops up about an attack on my pc..and then the "Attacking" pc sends the same thing over and over again and gets blocked
Attacking Pc's IP:81.177.23.211,80 (as identified by norton)
so lets also add a vote based in this story
disable antivirus/firewall and let the attacking pc put what it wants on yours
or keep it on and suffer performance loss
-
If you aren't out surfing porn and keep your PC clean, there is little need for a firewall. You most likely have a backdoor running on your PC or have given away your IP address without knowing it.
-
acually if i remember right it was a virus that creates a backdoor..i had one of those on my pc when i got the new norton and got rid of it
:noid dam nerdy ppl with too much time on their hands try to wreck my pc
(not talking about AH "Nerds")
-
True, but viruses don't just pick random IP addresses and send either. You have to pick them up.
My point is that if your PC is clean, there's no reason to run a firewall along with AH.
-
cant u run a firewall that allows AH's needed ports to run without being observed and basically block the rest while AH is running?
cause i dont think my pc is clean..i know that 41 processes aint normal either:noid
-
I always disabled my AV prog. & firewall with my old slow P/C. That being said a firewall shouldn't interfere with your AHII frame rate. If you have AHII set to pass through the firewall it won't be blocked at all.
As far as I know, no one has ever picked up a virus from playing AHII. My Nod32 stopped me from opening a link in these boards that someone posted one time, but that was the closest thing I've experienced. Of course that's with ANY public forum.
With the P/C I have now I can run a virus scan in the background while playing AHII & only suffer a slight frame rate drop, so there's no need for me to disable the real time protection since a quick update will barely cause a hiccup.
Edit: 41 processes is high
-
Originally posted by Brenjen
With the P/C I have now I can run a virus scan in the background while playing AHII & only suffer a slight frame rate drop, so there's no need for me to disable the real time protection since a quick update will barely cause a hiccup.
Edit: 41 processes is high
Ur machine must have alot more Horse-power them mine cause if im stubborn and leave Antivirus on my frame rate varies from 2 to low 30's
good thing im more of a tanker or i would be screwed:mad:
-
Some anti-virus programs are in and of themselves like viruses. I'm usinge AVG free edition (got fet up with norton and symantec BS) and I can leave it on while gaming with no impact. Mind you, I'm behind a firewall router, though.
-
Originally posted by Wes14
this kinda humorous thing happened, went to disable norton so i could go on AH (with less Fps impact) right before i went to disable it
guess what?
Norton pops up about an attack on my pc..and then the "Attacking" pc sends the same thing over and over again and gets blocked
Attacking Pc's IP:81.177.23.211,80 (as identified by norton)
so lets also add a vote based in this story
disable antivirus/firewall and let the attacking pc put what it wants on yours
or keep it on and suffer performance loss
I have been on the net since the DARPA days. I have never run a personal firewall or anti-virus program. I have never gotten a virus or a spyware program on my computer.
If you leave all the security MS provides for Windows at is defaults, then you are inviting trouble. If you do not do the security updates from MS, then you are inviting trouble.
Anti-virus programs only work as well as the last update to them. They are really no better than the operating system is as it pertains to keeping a virus off your computer. If you get a virus, it is through your own actions you got it. While there are worms and DOS programs out there which exposed issues in the operating system, those blatant ones have been closed up.
And there is nothing that will drive me right over the edge than someone running a software firewall which is improperly configured. If you set that stupid firewall to block all ports and then go one moronic step further and have it actually report any scan of any port, then you should be banned from using a computer.
Network software cannot connect to a TCP port which has NO LISTENERS on the port, or where there is no UDP protocol attached to a port.. It is quite impossible as that is how network software establishes connections.
Now, to see what the active ports are, so you can block the ones that need to be blocked, go to Start->Run->Command, then type "netstat -an" and press . Make sure nothing is running when you do this.
In the right column, anything showing the state of "LISTENING" should be blocked. The port is shown under the second column combined with the IP address of the LISTENER. Example: "10.0.0.1:139". This means 139 is a port needing to be blocked.
Then look at the UDP ports futher down and block them. You might as well turn off any reporting, as it will be pretty useless. Why? Lets look at port 139. That is a NETBIOS port. If you are on cable, and someone on your node turns on thier computer, and they are on the same IP subnet, your NETBIOS port is going to be hit. It is a perfectly legitimate hit initiated by Windows during boot up.
Speaking of NETBIOS, make sure you set your workgroup to something other than "WORKGROUP". Make it something unique. It is an easy security precaution to take and one that is often overlooked. If you have other computers on your LAN, then make sure to change all of them to the same workgroup. Leaving the default worgroup name and enabling file sharing is a quick way to get nailed by some script kiddy.
I really hate the way software firewalls have been presented to users. All the documentation and marketing garbage is designed to make you paranoid. And in doing so, 99% of people who use them have no idea how to use them properly.
Take the above example. This guy is supposedly getting a connection attempt to port 80. Duh. Port 80 is your browser. Guess what? Your browser will ignore than connection attempt. No need to block that port.
Taking it a step further. If your browser is not open, then nothing would have happened. The connection would not even have shown up at all. The 'attack' as it is described, continues as the stupid firewall is actually allowing the connection to be made then terminating it. So the remote guy is trying to figure out if this is a WEB server or not. All you have done is expose your computer to more attacks by blocking a port which did not need to be blocked.
-
here this will help ya learn
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym (http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym)
Do the security check, then check your results ,if your pc / routor /or gateway is configured correctly you should see at least all "closed" ..
port 139 netbios is another important port that should be closed or in stealth (not seen on the net )
when running the test every pc ive tested with at this site has always failed the Anti virous part ... but then this test cant test AV anyway .
i pass with closed and Stealthed ports. none are open ... and all i run is a routor/gateway and AV program .. no software firewalls on any of my pc's.
befor i ran a routor I did all my config manually in windows and could pass with all closed ports ... this wasnt to hard to do it just took time studying and testing at the symantec site til i figured it out.
with a properly configed setup the only way you can catch a virous is if YOU Open it /let it in. also a proper setup stops all the ping traffic your getting thats setting off your Firewall and slowing down your connect / AH Frame rates..
-
Hey Rosco. That Symantec link will not even start on my computer. Apparently they do not like my security settings.
Looking at what they are doing, I will say this. If your computer will not run the tests, then your computer is probably pretty well protected from most things.
Apparently, Symantec does not consider Java a security threat. I find that a bit funny.
-
yea Ive got to turn on java to get it to run ... witch of course if it dont run your most likely pritty safe ..
But thats the site i used to learn off of ...so if it can work for a idiot like me ... lol
Poor java .. it is a threat and it isnt .. alot of games still run thru java still ... and we remember java chat rooms ..boy were those a virous waiting to happen.
Im pretty sure Wes14 wont pass and hopefully he'll spend the time studying and learning from it .
-
This is where I do not agree with Skuzzy at all. A personal firewall is the only means for a general user to maintain any control over the network activity of the computer.
All the security measures and windows updates in the world won't help you if you get hit by a trojan the second you make a fresh install and enable ethernet. This happened to me personally when I installed my first new computer using a cable connection the first time. Right after the setup installed the ethernet drivers, pop goes the trojan in. Luckily I realized what had happened and could reformat, reinstall and leave the ethernet cable disconnected. Later investigation revealed that the cable service was riddled with portscanning trojans just waiting for a fresh un-nated machine to be connected. The service provider knew the situation but by law they were not allowed to analyze any client activity and therefore were not allowed to inform customers their machines were infected and spreading.
Sure you can preconfigure everything so that your computer is patched and closed down before the first internet connection. If you're an expert and have prepared everything ready with an already working computer..
The Joe Schmoe will just barely know how to click that setup icon and press 'next' untill the software firewall is installed in order to keep the port scans out. In fact, even that is too difficult for at least 20% of the users.
Same goes with trojans. If Joe gets one on his box, the firewall will be the only thing stopping it from connecting out and spreading, or even worse, dropping 10 new trojans to the box immediately.
Having said that I have to admit that even the personal firewall is rarely the answer as users will not know which connections they should allow and which not. And they are not willing to find out when they don't. But still I prefer to keep everyone I know behind a firewall instead of being out in the open.
-
The problem I have with personal firewalls has to do with people not configuring them properly.
I know exactly what problem you had MrRipley. Earlier versions of XP had that exploit available.
I run a dedicated firewall at home. Dedicated firewalls are much better than any personal software firewall will ever be. I did not clarify that in my first post. I have never used a personal software firewall and never will.
And I will argue most people do not have a clue as to how networking actually works which leads to mis-configuraing a firewall based on the rantings and ravings of some clown's marketing spiel.
-
Skuzzy
the "attack" was on port 5117 if i remember right
Roscoroo
i ran the test..everything seemed to pass
-
Which means your computer opened up port 80 on the remote IP address you listed and it was attempting to connect back to port 5xxx on your computer. Typical browser type connection.
-
so that means my pc acually "told" the ther one to attempt to send a virus:confused:
-
I ran the Symantec security scanner & passed all but the ones that required active X control. It couldn't test those with my current configuration in Explorer or Firefox :D
I tried the "netstat -an" that Skuzzy said to do to look for listening ports but the command prompt will only pop-up for a millisecond, it doesn't stay up long enough for me to look at what it says. I'm sure it's because of some setting somewhere.
I like informative posts like that because I am an average user & I don't know anything about internet protocol or networking or ports or any of that crap. I just know my AV & AS progs work, I don't use the Windows firewall & I have never had a problem. I'm sure if some "script kiddy" (lol) wanted to do me in I'd be easy prey. :lol It's funny because my first P/C was a Tandy TRS-80 & I wrote 30 pages of code one time to make a u.f.o. descend from the top of the screen to the bottom with a little rumble sound; it lasted all of two seconds & took me two hours to type in the code. Here I am with modern P/C's & I feel like an idiot because of all the tech that passed me by in the late 80's & early 90's when I had a life.:(
-
Originally posted by Brenjen
I ran the Symantec security scanner & passed all but the ones that required active X control. It couldn't test those with my current configuration in Explorer or Firefox :D
I tried the "netstat -an" that Skuzzy said to do to look for listening ports but the command prompt will only pop-up for a millisecond, it doesn't stay up long enough for me to look at what it says. I'm sure it's because of some setting somewhere.
I like informative posts like that because I am an average user & I don't know anything about internet protocol or networking or ports or any of that crap. I just know my AV & AS progs work, I don't use the Windows firewall & I have never had a problem. I'm sure if some "script kiddy" (lol) wanted to do me in I'd be easy prey. :lol It's funny because my first P/C was a Tandy TRS-80 & I wrote 30 pages of code one time to make a u.f.o. descend from the top of the screen to the bottom with a little rumble sound; it lasted all of two seconds & took me two hours to type in the code. Here I am with modern P/C's & I feel like an idiot because of all the tech that passed me by in the late 80's & early 90's when I had a life.:(
First type 'cmd' without quotes and enter. THEN type 'netstat -an' and it won't close on it's own.
Skuzzy: The problem with your logic is that the average Joe will surely not have a dedicated firewall. If there needs to be a choice between no firewall and a personal firewall, which would you recommend?
-
Start / Run / "cmd" enter
netstat -anb (the b option lists the executable responsible for the connection)
-
Originally posted by MrRiplEy[H]
First type 'cmd' without quotes and enter. THEN type 'netstat -an' and it won't close on it's own.
Skuzzy: The problem with your logic is that the average Joe will surely not have a dedicated firewall. If there needs to be a choice between no firewall and a personal firewall, which would you recommend?
I would not make a recommendation.
And the reason being is I would have to preface it with, "if you are going to install a personal firewall, please learn how to use it, for the lub of all that is good, please learn how to configure it properly and understand how it works."
-
Ah, thanks. I got the ports to show up typing in CMD first (DOH!):rolleyes:
-
checked the ports in the cmd prompt
all of them have legit reasons to be runnign and port 5117 isnt on the list
:huh
so if it can work for a idiot like me
Almost bet $5 that u know about pc's then me
Roscoroo
Edit:found out that norton has blocked the site/server that the pc was on from that Port
-
Originally posted by MrRiplEy[H]
This is where I do not agree with Skuzzy at all. A personal firewall is the only means for a general user to maintain any control over the network activity of the computer.
I agree with Skuzzy. Personal Firewall software these days is pretty much snake oil.
First of all most if not all PF's are 'leaky' and it is possible for malware to drill through them. So all the PF holds back is legit programs.
Second of all most good AV software protects you from the common attacks PF's used to cover (ie buffer overflow exploits).
Google "personal firewall leak test" and you'll find some nasty reading.
Maybe if you have a direct net connection and are not behind a router/firewall with even basic NAT - then perhaps I'd consider using one.
-
"Google "personal firewall leak test" and you'll find some nasty reading.
Maybe if you have a direct net connection and are not behind a router/firewall with even basic NAT - then perhaps I'd consider using one."
im on cable modem broadband..the sucky thing is that my router thingy doesnt have a built in Firewall,and that Personal Firewall leak test went right thru my firewall (UDP wise) so i fixed that up a lil bit
ill amost say that my AV and FW r amost rock solid TCP wise not sure on UDP ports yet
thanks for pointing out the Firewall leak test Vulcan:aok
-
Originally posted by Wes14
"Google "personal firewall leak test" and you'll find some nasty reading.
Maybe if you have a direct net connection and are not behind a router/firewall with even basic NAT - then perhaps I'd consider using one."
im on cable modem broadband..the sucky thing is that my router thingy doesnt have a built in Firewall,and that Personal Firewall leak test went right thru my firewall (UDP wise) so i fixed that up a lil bit
ill amost say that my AV and FW r amost rock solid TCP wise not sure on UDP ports yet
thanks for pointing out the Firewall leak test Vulcan:aok
A cheap cable firewall/router will cost you less than $50 with Stateful Packet Inspection.
-
I never had to disable anything to play AH. My guess is that there is a setting not set correctly if it prevents you to play AH.
-
the way it currently set up normally locks the internet browsers from using the internet more then AH
now if a rare occasion where AV/Firewall mistakes something on AH as a virus (about once a month) then im SOL for 24 hours to a few days from AH cause it will lock the ports that AH is needed to run on:furious
-
Eh. (http://www.thinkgeek.com/computing/accessories/75f3/)
-
Originally posted by OOZ662
Eh. (http://www.thinkgeek.com/computing/accessories/75f3/)
O.o that is some fancy lil piece of equipment:noid
-
that looks interesting, I'm going to have to read up on it.
-
Skuzzy you should post a "sticky" on here detailing exactly what firewall settings to make should one decide to use one. Also what Windows settings, etc to set and any other recommendations you have to make the computer more secure, and still AH friendly.
-
Originally posted by OOZ662
Eh. (http://www.thinkgeek.com/computing/accessories/75f3/)
Looks like a lot of marketing gibberish to me.
Just look for an ethernet firewall thats lists "SPI" and "ICSA" certified for $50-$100 and you're right.
However, if you want go totally over the top this is what I use: http://www.sonicwall.com/support/pdfs/DS_1204_PRO1260.pdf
-
Originally posted by Vulcan
I agree with Skuzzy. Personal Firewall software these days is pretty much snake oil.
First of all most if not all PF's are 'leaky' and it is possible for malware to drill through them. So all the PF holds back is legit programs.
Second of all most good AV software protects you from the common attacks PF's used to cover (ie buffer overflow exploits).
Google "personal firewall leak test" and you'll find some nasty reading.
Maybe if you have a direct net connection and are not behind a router/firewall with even basic NAT - then perhaps I'd consider using one.
First of all a personal firewall does not keep any legit program back as it is extremely easy to configure it on need basis.
I've done the GRC leak test and none of the personal firewalls Ive used have leaked. I've used tiny personal and comodo for several years. They check the apps for md5 information and parent applications and if either one changes they get reported.
I refuse to run any computer without a PF installed, without it I have no control over the network traffic. I've caught spyware and trojans with PF that antivirus happily let through. Only indication was an unknown process trying to access internet - which was reported by the PF.
I tried the tests at firewallleaktester.com and some were picked by NOD32 and others with Comodo. The 'result' page was outdated, it showed comodo as leaking to exploits that were correctly blocked in current version.