Aces High Bulletin Board
Help and Support Forums => Technical Support => Topic started by: Sturm on April 12, 2001, 05:30:00 PM
-
I am sure quite a lot of you are running cable for internet connections. I just did a week long study on my PC of possible intrusions. What I have come up with is quite alarming. 57 intrusions that had the intent of gaining access. Now I am using Black Ice as a firewall, and I weeded out the usual intrusions from your ISP, but I was able to localize 57 of them as to possibly being harmful. If you are cable I highly suggest you go out and get some software that prevents intrusions, IE Firewalls. If you have any questions about there usage I can assist.
------------------
Sturm6 StaffelKapitän
JV44 Platzschutzstaffel
Airfield Defense Squadron
Campaigning for the rights of the ME-410.
-
Good advice Sturm. I am also using Blackice and since 4 November 2000 I've had a total of 2427 suspicious attacks on my system.
Seems like UDP Port Probes and Sub-Seven Probes are the most popular at the moment.
------------------
'The people in this forum, especially the ones who post a lot, are largely a pretty weird and borderline mentally disabled group. And ****** has managed to distinguish himself even among this "elite" group of fruitcakes.' : Funked
-
Any "always-on" connection or any connection with a fixed IP address carries that risk.
My DSL is an "always-on" connection, thats why I've had a firewall up from the moment that it was installed.
Good advice Sturm.
------------------
We few, we happy few, we band of brothers;
For he to-day that sheds his blood with me
Shall be my brother
Bring the Spitfire F.MkXIVc to Aces High!!!
Sisu
-Karnak
-
http://www.dslreports.com/secureme (http://www.dslreports.com/secureme)
-
While you'd be foolish not to run blackice or zonealarm on DSL or Cable, 99.999999% of all probes are just that, probes looking for a fool with file/printer sharing on...a real annoyance when ya have an internal network in your home and have them activew eeek.
-
I'm the IT manager for the Town I live in and we get 'attacked' hundreds of times per day. Typical for a static IP I think.
Protect yourself.
-
Geez, I guess I win the trophy. Im on Cable since last year and have been using BlackIce (I love it btw) on paranoid setting with only the AH server as a "trusted" address.
6792 attack serious attacks. Someone must like my po... err.. poetry collection.
-
Dont bind File and Printer Sharing to TCP/IP... kinda not healthy at all. Use NetBUI to deal with that.
-
Take into note that if you play h2h, Aces High gets mistaken for subseven probe (http://bbs.hitechcreations.com/smf/Smileys/default/wink.gif)
BlackIce is good, but it leaves your machine visible to the net so you get a huge amount more scans than you would get with a decent firewall. Try a combination of FW with blackice and you'll notice a drastic drop in the attacks..
-
Before i started using Black Ice , someone stole my IP# , I couldn't connect sometimes .
-
Do you leave zone alarm on while playing AH? Does it have any effect?
CRASH
-
I once terrorized a networking product manager with Sub 7. It was an attempt to get him behind promoting firewalls and IDS solutions.
Nuthing worse than some salamander at the other end of the country opening and closing your cd-rom drive all day ... or swapping your mouse buttons... or disabling the space bar on your keyboard intermittently. The really cool thing is to record from the laptop mic when you do it so you get to hear the swearing (http://bbs.hitechcreations.com/smf/Smileys/default/biggrin.gif)
-
I use DSL with Zonealarm and have up to 10 alerts per hour. It doesn't matter if you use cable, dsl or modem, there are always pings or port requests on your IP.
A firewall is an absolut must nowadays.
CRASH: I play AH with zonealarm, had not noticed any effects on the conectivity, neither on modem nor dsl.
But you must disable the popup on alert window. (http://bbs.hitechcreations.com/smf/Smileys/default/wink.gif)
-
Keep your firewall up when playing is a must, but it is not necessary to have an anti-virus program running at all when playing -it just slows it down without doing anything constructive. :) You won't get a virus unless you open anything downloaded.
-
Were there such things as virises back when this thread started?
eskimo
-
I don't know anything about firewalls.
My DSL ISP say they have a built-in firewall. Should I trust them when they say I am protected?
Also I know XP has a built in-firewall. How do I check if I have it enabled? Or how would I go about enabling it?
Also, are there any free firewalls that I can get? Or at least any firewalls that have free trial periods?
I'd like to try one of these retail firewalls to see if I'm being protected, but dont want to spend the extra money if my ISP is already providing adequate coverage.
Thx in advance.
-
Spiffykraits, you are incorrect. MSblaster, sobig, and a bunch of other worms don't require you to open anything. Telling people they don't have to have AV running all the time is irresponsible and incorrect.
-
Loser, get ZoneAlarm. It's free in its standard edition (I think the Pro edition costs 30 bucks or so). I dunno anything about the effectiveness of ISP firewalls, but it can't hurt to have too much protection. I wouldn't trust anything they say.
I've been using it for years. I feel like I should buy the Pro version just to support the company for providing the free one for so long.
ed:
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp
-
Or use a NAT type router. It gives your lan computer(s) a non routable IP address (like 192.168.0.2) and they cost less then $20 on sale with rebates. The Dlink DI-604 has worked well for me here. AH does not require any special ports to be opened and you don't have the overhead of software running on your computer.
-
Originally posted by ply
Or use a NAT type router. It gives your lan computer(s) a non routable IP address (like 192.168.0.2) and they cost less then $20 on sale with rebates. The Dlink DI-604 has worked well for me here. AH does not require any special ports to be opened and you don't have the overhead of software running on your computer.
Kind of incorrect, AH requires UDP ports 2000-~3000 open if you want to use UDP. Otherwise it switches to TCP and you get poor-mans-warp.
-
I once terrorized a networking product manager with Sub 7. It was an attempt to get him behind promoting firewalls and IDS solutions.
Nuthing worse than some salamander at the other end of the country opening and closing your cd-rom drive all day ... or swapping your mouse buttons... or disabling the space bar on your keyboard intermittently. The really cool thing is to record from the laptop mic when you do it so you get to hear the swearing I once terrorized a networking product manager with Sub 7. It was an attempt to get him behind promoting firewalls and IDS solutions.
I read this and it brought a fuzzy feeling to my stomic. You remind me of myself when I was messing with people in 8th grade 8 years ago Though I could've done without the FBI blacklist during highschool.
Wolfala
-
Originally posted by Sturm
I am sure quite a lot of you are running cable for internet connections. I just did a week long study on my PC of possible intrusions. What I have come up with is quite alarming. 57 intrusions that had the intent of gaining access. Now I am using Black Ice as a firewall, and I weeded out the usual intrusions from your ISP, but I was able to localize 57 of them as to possibly being harmful. If you are cable I highly suggest you go out and get some software that prevents intrusions, IE Firewalls. If you have any questions about there usage I can assist.
------------------
Sturm6 StaffelKapitän
JV44 Platzschutzstaffel
Airfield Defense Squadron
Campaigning for the rights of the ME-410.
You know I thought I made this post in a drunken stupor last night, very odd I tell you. But it seems someone knows more about me then I wish wtf? Then I saw the date and now I know it was me lol.
-
Originally posted by Chairboy
Spiffykraits, you are incorrect. MSblaster, sobig, and a bunch of other worms don't require you to open anything. Telling people they don't have to have AV running all the time is irresponsible and incorrect.
I'll take issue with that one. AV does not need to be running all the time.
If you protect ports 13x, and 443, from the get-go, then you have just plugged up the biggest security holes you can have.
With the above, MSBlast cannot get to your machine (unless a system on the LAN has it, then it is matter of blocking th 4xxx port that it used).
SoBig can only be had via email. When getting your email, by all means you should have the AV enabled.
The problem with AV programs running when you are playing a game, is they tend to false trigger on the network packets and will cause AH to CTD. Most of the time you cannot get past the login for AH if you have the AV running. Other times, you will get severe packet loss.
Run the AV when you need to, email, surfing the web, but when gaming, all the above programs should be shut down anyways. You can safely shut down the AV as well.
One other thing; AH requires ports 2000-5000. And you canont get a virus/worm on an open AH port. That would impossible. Worst case is a disco.
-
dont forget you guys dw. stuff from kaaza etc.... will sooner or later get you infected with somthing.
I am not rasing a finger here to tell you somthing, but beware of the worms yoy dw beside the music and films. :(
kaaza made hell for our campus last year with that :(
-
Originally posted by ply
Or use a NAT type router. It gives your lan computer(s) a non routable IP address (like 192.168.0.2) and they cost less then $20 on sale with rebates. The Dlink DI-604 has worked well for me here. AH does not require any special ports to be opened and you don't have the overhead of software running on your computer.
Gents, This is where it's at Black Ice Defender is more of a PIA with many False Positives. Zone Alarm isn't much better. The most efficient way is the router. You can buy a 1-Holer for no more $50.00. As Ply mentioned there are rebates. They are a Piece of Cake to set up. A quick explanation of what a router does? It tells the world you live in one place (WAN IP). When in fact you live in another (LAN IP).
Want a "Kick-Butt" AV progie?? Here ya go. http://www.grisoft.com/us/us_dwnl_free.php Only as intrusive as you want it to be. Easy configuration and Update.
GL,
-
I certainly feel safer behind a router/NAT firewall and it doesn't use any resources. I also run Sygate Personal Firewall (free) as it uses few resources and I have no problems running it with AH, but I do turn off Norton AV when playing games on Skuzzy's advise.
If you have or are considering using Black Ice, I would suggest reading these pages:
http://grc.com/lt/scoreboard.htm
Steve Gibson's best recomendation is a Linksys NAT router and Zone Alarm. I used to use ZA but it does have some issues running with AH. I always leave Sygate on in case anything gets through my Hardware NAT firewall. I didn't have the NAT router prior to the release of the latest worms/viruses and Sygate kept me safe, but I sleep better now with my Linksys router. Sygate also catches traffic trying to leave your puter. Yesterday it caught a spyware program trying to send info out. I found it and killed it.
DJ229 - AIR MAFIA
-
Hmmm Spyware!!
I like this
http://www.lavasoftusa.com/
and this
http://security.kolla.de/news.php?lang=en
I run em both one after the other right after I get through surfin the web. Usually what 1 misses the other catches. Catches and removes alot of spyware.
Got AVG runnin for virus and ZoneAlarm for firewall.
Turn AVG and ZoneAlarm off when I go AH.
Also had a router when I had dsl/cable but don't have either anymore so router is out of loop for now and settin in the closet boxed up.
-
Wrag,
This one was a little more complicated than that. I tried Spybot and thought it was a bit too intrusive and removed some things I didn't want removed. I do run Ad Aware daily and I probably removed this spyware numerous times without reading what it was. I used to just click the boxes and make them go away. These bastages are getting sneakier now. When I googled this spyware that Sygate found, it seems others had a similar experience. I BOUGHT Kiplingers Willpower and installed it last April. This Spyware didn't try to access the net till last month. I found it running as a process in Task Manager but not in services or startup. A drive search found an .exe installed in Prog Files. I assume it installed the spyware on every boot. I had been removing it with Ad Aware but it just kept coming back. I assumed I was getting it from the same website repeatedly. I uninstalled the .exe, removed the spyware with Ad Aware, and it hasn't come back. I would thank Kiplinger for the free spyware, if I could be sure it really came from them. I haven't installed any free progs this year and I don't do Kazza, etc.
DJ229 - AIR MAFIA
-
Originally posted by Chairboy
Spiffykraits, you are incorrect. MSblaster, sobig, and a bunch of other worms don't require you to open anything. Telling people they don't have to have AV running all the time is irresponsible and incorrect.
I use win98 not XP and any server function is turned off ncluding windows Media, and I don't use any MS Mail programs or Messenger either, I run Norton Anti-virus and Nortons firewall on my gateway PC which I use for games, and never have had a virus in the last two years affect my PCs. All have been caught before they can infect my network.
All mail is collected with a networked PC which has ZA running on it which is not visible on the Net directly. I do get plenty of virus attempts via attachments but these are locked and always scanned for virus.
I DO run antivirus when not playing and for any surfing the net and this is updated every week, but it is not necessary when playing (with win98) but I DO run the firewall all the time, which does block a lot of Trojan attempts and dozens of scans.
-
Originally posted by DAVENRINO
If you have or are considering using Black Ice, I would suggest reading these pages:
http://grc.com/lt/scoreboard.htm
Steve Gibson's best recomendation is a Linksys NAT router and Zone Alarm. I used to use ZA but it does have some issues running with AH. DJ229 - AIR MAFIA
I'll add a hearty "SECOND!" to that Steve Gibson motion!
I've been a fan of his since 1996, when he blew the lid off 'Bloatware' by reducing a 45 meg copy of Win 95 to a better , and more stable 460[?close anyway] KILOBYTES using Assembler.
(MS made him remove the proofs, but there is still a vague reference to it I believe).
Aside from being a programming genius, He's like Ralph Nader on Steroids! He's called "Bull S**T" and made it stick on so many erroneous claims, that the offenders either fixed it or quit!
You owe it to yourself to take the time to read his archives. He publishes his exchanges with the 'Big boys', and he hits em with so many facts they just stutter.
Sorry about getting carried away, But this guy should have a statue erected !!!
http://www.grc.com
(Oh yeah, I've been running ZoneAlarm Pro for almost 2 years now, and it's money well spent, IMO)
Also; Will a '10/100 Switch' do as well as a 'Router' ?
Thx
S!
-
Originally posted by SC-Mutt
Also; Will a '10/100 Switch' do as well as a 'Router' ?
Thx
S!
Sorry, I don't think the switch does much for security but routers with NAT firewall and multi-port switches are getting cheaper daily. I have an old hub/switch collecting dust since my router has 4 ports. It has it's own IP addy (the one exposed to the net that you pay your ISP for) and will also handle and/or assign multiple IP's. You can daisy chain your switch onto the router if you have a big network.
DJ229 - AIR MAFIA
-
I can tell you all, until recently I didnt think anybody would waste their time hacking my system. But now i know better.
From AV scans within 2 hours of one another. I get 1 virus, I had a lotta trubble getting rid of. 2 hours later I have 6 of the somma*****es on my system.
I have sygate FW running and AVG AV. Both free, but i believe I am gonna invest in a top grade AV program and get my router runniing probperly.
I believe the cable world is saturated with bugs, and If you dont have a firewall and AV system running you already have lovsan on your system.
-
Whitehawk,
FYI - Sygate/Noton AV plus all critical updates to XP kept me safe from the initial release of Lovsan but I do feel safer now with the Router.
DJ229 - AIR MAFIA
-
The only way I know of that someone can get through a NAT router is for you to open up TCP ports to one of your computers (telnet, www,etc) and not take the proper precautions, or set it so you can remotely administer it and have a weak password or worse, not change the default password. With the NAT router I don't have to worry about the latest MS upgrade breaking my firewall software. NAT routers will not stop a mail type virus. For those you need A/V software to scan the mail or be very carefull about opening attachments and clicking on links attached to email. Also you need to be carefull about software you install. It may contain spyware or worse, In this case your Black Ice software will at least let you know if a program is trying to access ports you have not given permission for. A NAT router will just pass it through since it is comming from your side and looks legit. If you tend to install everything you think might be cool to try, (or others that use your computer do) you probably should be running firewall software, A/V software and a program like Adaware to keep the demons out. I have nightmare stories from friends and family whose kids installed every thing they saw on the net, until things quit, then I get a call for help.
-
Don't confuse switches with hubs....
Switches are great for security within a network, but yeah they won't give you any real security like a router can.
SKurj
-
Maybe I didn't read well enough, but it seems y'all are using/recommending only software sollutions. I use a CISCO PIX 506 and have had absolutely zero problems. I think you get much better security and better/easier control with a hardware sollution. Even the cheapie LinkSys, EtherFast or D-Link router is better than software.
Also, before I got the PIX, I took an old P200 and made a Linux router (Free download *grin*) out of it. I'm told it's virtually impossible to get around. Not being a Linux 'groupie' though, I don't know much about it except that I had no problems whilst using it.
-
Originally posted by Dega
Maybe I didn't read well enough, but it seems y'all are using/recommending only software sollutions. I use a CISCO PIX 506 and have had absolutely zero problems. I think you get much better security and better/easier control with a hardware sollution. Even the cheapie LinkSys, EtherFast or D-Link router is better than software.
I think most everyone agrees with you . A hardware firewall is best and a hardware + software firewall is even better yet.
DJ229 - AIR MAFIA
-
Thanks for the input re: 'NAT Router vs. Switch' question.
"I have an old hub/switch collecting dust since my router has 4 ports. It has it's own IP addy"
Could you gimme the partic'lars on it? Sounds like it may just be the ticket if I can find something like it here in Warshington. :D
TIA
S!
-
Originally posted by eskimo2
Were there such things as virises back when this thread started?
eskimo
Hehe, got my first virus in '87. Luckily that was just before I got my first hard drive. I don't recall there being any antivirus software at the time.
-
Originally posted by SC-Mutt
Thanks for the input re: 'NAT Router vs. Switch' question.
"I have an old hub/switch collecting dust since my router has 4 ports. It has it's own IP addy"
Could you gimme the partic'lars on it? Sounds like it may just be the ticket if I can find something like it here in Warshington. :D
TIA
S!
I got this one locally at Comp USA cause I wanted a fast wireless connect for my laptop, too. It has four wired ports, also.
http://www.compusa.com/products/product_info.asp?product_code=299891&pfp=cat1
If ya don't need wireless, they get as cheap as $30 and you can always add a Wireless Access Point later.
http://www.compusa.com/products/product_info.asp?product_code=290331&pfp=BROWSE
I went with Linksys cause I read some good reviews and they are the biggest seller.
Costco even carries Wirless Netgear and Dlink routers.
DJ229 -AIR MAFIA
-
#2 looks like the answer for me. I'm on it like a puppy on a pork chop!
Thanks again!
S!
-
Originally posted by spiffykraits
Keep your firewall up when playing is a must, but it is not necessary to have an anti-virus program running at all when playing -it just slows it down without doing anything constructive. :) You won't get a virus unless you open anything downloaded.
Use can use webpages to exploit vunerabilities, if your system isn't patched or you're not running a antivrus program with script blocking...