Documentation exists, Google exists.
Well, that's the fun with PFWs on WinNT series: You both need it and shouldn't allow it.
You should think about what malware can do. Hint: the same as the user. If you can click OK, then the malware can too.
Who (what type of people/agency) is running those automated attacks?
thanks.
"netstat -anb" gives:
Active Connections
Proto Local Address Foreign Address State PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
828 [svchost.exe]TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
4 [System]TCP 127.0.0.1:25 0.0.0.0:0 LISTENING
3564 [Hamster.exe]TCP 127.0.0.1:110 0.0.0.0:0 LISTENING
3564 [Hamster.exe]TCP 127.0.0.1:119 0.0.0.0:0 LISTENING
3564 [Hamster.exe]TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
1204 [alg.exe]TCP 127.0.0.1:10110 0.0.0.0:0 LISTENING
1908 [avgemc.exe]TCP 192.168.1.2:139 0.0.0.0:0 LISTENING
4 [System]TCP 127.0.0.1:119 127.0.0.1:1449 ESTABLISHED 3564 [Hamster.exe]
TCP 127.0.0.1:1074 127.0.0.1:1075 ESTABLISHED 3572 [thunderbird.exe]
TCP 127.0.0.1:1075 127.0.0.1:1074 ESTABLISHED 3572 [thunderbird.exe]
TCP 127.0.0.1:1303 127.0.0.1:1304 ESTABLISHED 1776 [firefox.exe]
TCP 127.0.0.1:1304 127.0.0.1:1303 ESTABLISHED 1776 [firefox.exe]
TCP 127.0.0.1:1449 127.0.0.1:119 ESTABLISHED 708 [NewsReader3.exe]
TCP 192.168.1.2:1407 130.117.156.45:80 ESTABLISHED 1700 [fdm.exe]
TCP 127.0.0.1:1386 127.0.0.1:119 CLOSE_WAIT 708 [NewsReader3.exe]
UDP 0.0.0.0:1027 *:*
948 [svchost.exe]UDP 0.0.0.0:1310 *:*
948 [svchost.exe]UDP 0.0.0.0:500 *:*
636 [lsass.exe]UDP 0.0.0.0:445 *:*
4 [System]UDP 0.0.0.0:1307 *:*
948 [svchost.exe]UDP 0.0.0.0:1311 *:*
948 [svchost.exe]UDP 0.0.0.0:4500 *:*
636 [lsass.exe]UDP 0.0.0.0:1309 *:*
948 [svchost.exe]UDP 0.0.0.0:1308 *:*
948 [svchost.exe]UDP 0.0.0.0:1305 *:*
948Then I aborted it. Should I waited for it to end automatically?
I am worried about alg csrss ctfmon lsass services smss spoolsv svchost
I don't know what these are doing or which program is using these and why.
Also, in za programs window, the following is appearing that I don't recognize
Generic Host Process for Win32 Services (Access: Allow, Intenet: Ask)
Several other program keep on appearing in za, but I remove them periodically without making things work. Only the above one insists. If I remove that, net traffic stops.
I have windows explorer in (Ask) mode in za. Is it ok?
Jason Edwards wrote:
That is what I am trying to do. :)
yeah it is beetle 200BX ADSL2 modem.
They have usb option, but they had recommended that LAN connections are better. So I have installed a LAN card (realtek RTL 8139) and modem is on that.
Why? Why?
He might give one. But, he will charge a king's ransom for that.
How will that change things?
Is DSL firewall different from Dial-up firewall, if that is what you mean?
How does my changing my IP address by switching my modem off/on tantamount to obtaining software illegally?
sp2. Pro.
what is my ip is giving 59.144.133.214 as my ip address.
what is that ip address you mentioned? What do I do with that?
run cmd ipconfig /all just opens a command window and doesn't do nor show anything. I gave ipconfig/all in that command prompt and it gives:
Windows IP Configuration Host Name . . . . . . . . . . . . : microsof-62c105 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC Physical Address. . . . . . . . . : 00-0B-2B-0D-E3-24 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.1 Lease Obtained. . . . . . . . . . : Wednesday, March 22,
2006 9:48:43 PM Lease Expires . . . . . . . . . . : Thursday, March 23, 2006 9:48:43 PM
cut-paste don't work in command window. You want me to type that entire thing manually. No way. suggest some smaller url. :)
and what should I type? ipconfig /
on your
tcpview gives: (yeah, I have 9 windows open)
alg.exe:1204 TCP microsof-62c105:1031 microsof-62c105:0 LISTENING AVGEMC.EXE:1908 TCP microsof-62c105:10110 microsof-62c105:0 LISTENING FDM.EXE:1700 TCP microsof-62c105:1407 rapidshare.de:http ESTABLISHED FIREFOX.EXE:1776 TCP microsof-62c105:1303 localhost:1304 ESTABLISHED FIREFOX.EXE:1776 TCP microsof-62c105:1304 localhost:1303 ESTABLISHED FIREFOX.EXE:1776 TCP microsof-62c105:1443 63.209.100.245:http FIN_WAIT1 FIREFOX.EXE:1776 TCP microsof-62c105:1444 63.209.100.245:http FIN_WAIT1 Hamster.exe:3564 TCP microsof-62c105:smtp microsof-62c105:0 LISTENING Hamster.exe:3564 TCP microsof-62c105:pop3 microsof-62c105:0 LISTENING Hamster.exe:3564 TCP microsof-62c105:nntp microsof-62c105:0 LISTENING Hamster.exe:3564 TCP microsof-62c105:nntp localhost:1431 FIN_WAIT2 LSASS.EXE:636 UDP microsof-62c105:isakmp *:* LSASS.EXE:636 UDP microsof-62c105:4500 *:* NewsReader3.exe:708 TCP microsof-62c105:1386 localhost:nntp CLOSE_WAIT NewsReader3.exe:708 TCP microsof-62c105:1431 localhost:nntp CLOSE_WAIT SVCHOST.EXE:828 TCP microsof-62c105:epmap microsof-62c105:0 LISTENING SVCHOST.EXE:904 UDP microsof-62c105:ntp *:* SVCHOST.EXE:904 UDP microsof-62c105:ntp *:* SVCHOST.EXE:948 UDP microsof-62c105:1027 *:* SVCHOST.EXE:948 UDP microsof-62c105:1310 *:* SVCHOST.EXE:948 UDP microsof-62c105:1307 *:* SVCHOST.EXE:948 UDP microsof-62c105:1311 *:* SVCHOST.EXE:948 UDP microsof-62c105:1309 *:* SVCHOST.EXE:948 UDP microsof-62c105:1308 *:* SVCHOST.EXE:948 UDP microsof-62c105:1305 *:* SVCHOST.EXE:948 UDP microsof-62c105:1312 *:* SVCHOST.EXE:948 UDP microsof-62c105:1277 *:* SVCHOST.EXE:948 UDP microsof-62c105:1306 *:* System:4 TCP microsof-62c105:microsoft-ds microsof-62c105:0 LISTENING System:4 TCP microsof-62c105:netbios-ssn microsof-62c105:0 LISTENING System:4 UDP microsof-62c105:microsoft-ds *:* System:4 UDP microsof-62c105:netbios-ns *:* System:4 UDP microsof-62c105:netbios-dgm *:* thunderbird.exe:3572 TCP microsof-62c105:1074 localhost:1075 ESTABLISHED thunderbird.exe:3572 TCP microsof-62c105:1075 localhost:1074 ESTABLISHED
giving "telnet localhost" on command prompt gives Connecting to localhost...Could not open connection to the host, on port 23: connect failed
same result with "telnet http://localhost" and with "telnet ftp://localhost"
And how do you conclude that I am not listening to advice?
Am I trying all these commands, downloading and installing all these tools just for some fetish?
But, if you mean "uninstall za, switch on xp fw" to be an advise, then I would wait till I can understand how that would help me.
posted tcpview results above. I could not make sense from that.
Sure.
but za is not uptodate. I have stopped its "calling home". I had problems with its 6.1 free versions, so I am using its 4.5 free.
It's not as bad as I thought it might be, since your local IP address is
192.168...
Looks like you've already got one, so don't worry about it.
[snip]So all you have to do is install AVG and don't mess with the Windows firewall and everything should be fine as long as you allow Windows and other software to get whatever security updates are needed. If you want to mess up your computer and cause 1000 unnecessary problems for yourself then just install unnecessary firewall software such as ZA.
Don't use Internet Explorer. Don't run as administrator for general use, use a limited user account.
[snip]I won't bother.
Of course, if it makes sense to you.
[rest snipped]Jason
This is very difficult to answer. Jesters? Scriptkiddies? People, who want to attack something special and need a botnet? People who wanna have fun?
Yours, VB.
ran port scan at the above url. When "Done" came at the firefox status bar, it gave:
Probing port details, please standby ...
probing... probing... probing... probing... probing... probing... probing... probing... probing... probing... probing... probing... probing... probing... probing... probing... probing... probing... probing... probing... probing... probing... Scan Results for IP Address 207.142.144.59 Port Service Contents Description probing... probing... Hackerwhacker will output every port it scans
53 111 113 118 123 135 137 138 139 161 53 111 113 118 123 135 137 138 139 162 162 177 389 445 500 1900 2049 177 389 445 500 1900 2049 2049 1900 500 445 389 177 162 139 138 137 probing... 2049 1900 500 445 389 177 162 139 138 137 135 123 118 113 111 53 135 123 118 113 111 53 Probing port details, please standby ...probing... probing... probing... probing... probing... probing... probing... probing... probing... probing... probing... probing... Scan Results for IP Address 207.142.144.59 Port Service Contents Description probing... Legend for symbols used in test results ================================end
meaning: it didnt report any problem at all. Hope it is ok.
However, at the top of page it had "Scanning 59.144.142.207 for Open Ports", but below it had "Scan Results for IP Address
207.142.144.59"The 59... one is the one that is shown by whatismyip.
What is that different IP address? It is sure a numerical Anagram of my original IP address.
At the top of the page it reflected your system from information obtained from conducting a DNS PTR record lookup against IP 207.142.144.59 whereas below it simply reflected your system as an IP address.
Try free Sygate firewall v5.6
Sygate has big security drawbacks. For example, it installs a system service, which opens windows.
Yours, VB.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.