I'm assuming something I cannot know. If that's "calling you a liar" then yes, I am calling you a liar.
Irrelevant, because the infection routes could have been mitigated by other means as well (e.g. applying patches, unbinding services from the external interfaces, ...).
You quoted it. A computer may be infected *because* it is running a personal firewall. A prominent example of this happening is the Witty worm.
cu
59cobalt
To read error messages. :-) Something is blocking the ping (ICMP echo request or its reply). This is genereally bad, but at least you can circumvent it by adding "-P0" as parameter.
Well, here are a few of the port results. STATE SERVICE filtered unknown open http proxy filtered blackice icecap filtered blackice alerts filtered https Get the same results for these ports whether firewall is enabled or not. Get the same results regardless of IP (xxx.xxx.xx.3, xxx.xxx.xx.5). what have I learned?
That port numbers would be fine.
That your Tivo is running a HTTP Proxy?
That someone is filtering HTTPS traffic? WTF?
Hmmm, let me word this differently. I presume 'filtered' and 'open' are generally good. I presume a 'filtered' https is unusual. I presume services of 'unknown' and 'blackice' are acceptable. If any of these are symptoms of my problem, please advise.
Eh, no. At least for -sS und -sT an RFC-conformant 'closed' is the ideal. And 'open' means that a service is running and every service is a potential target.
Yes.
If you don't know what and why it's filtering, this is generally a network problem.
After re-reading some of your responses to my earlier questions, I decided that by "services", you mean "Windows network services". I have over 104 services running on my machine, but these aren't network services.
Once I figured that out, I googled "Windows network services" but didn't come across anything describing how to determine which ones are unnecessary. I assume I can disable them in the Properties dialog for the machine's Ethernet adapter. But how do I figure out which are unnecessary, other than disabling one at a time then trying to find every application that accesses the Internet and LAN and testing to see if it works normally? Is that all I have to do to get an empty netstat output, or is there something else needed to accomplish that "kinda trivial" job?
104 = type:service and type:driver? Anyway else this is pretty bloated. I've got 19 plus 4 custom.
Hm... "Windows (XP|Server 2003) Security Guide"? "Security settings in Windows XP and Windows Server 2003 - Threats and Countermeasures"? This is damn fine online documentation.
Or, specifically for services, . Or, less specific about the network part, you'll find a lot at .
That's about binding specific network protocols and services.
Better take a look at Control Panel, Administrative Tools, Services and ~ Component Configuration \\ Computer.
Still you'll need to get a grip on disabling SMB and sometimes RPC, which sadly tacks down to registry fumbling and/or the 'rpccfg' tool from Windows Resource Kit.
Reading and trying to understand the description and/or the relevant online documentation/information. Then for sure you'll understand that disabling the RPC or DCOM service is no good idea to disable RPC/DCOM network service. You just want to disable the binding to network devices, as this will usually be satisfied by disabling DCOM in the Component Services MMC applet.
However, there's one wrong description: The DNS Client Service (internal name: DnsCache) isn't needed for DNS resolving, just for caching the answers. For performance reasons, it should be left enabled.
The Ntsvcfg script will usually do the job.
It seems that you have problems with logics. Ansgar is reminding you to the fact, that if you detected no infections this does not mean there aren't infections.
He is not calling you a liar, he reminds you to the fact that you may have faced no infections, and that you may have faced infections but didn't realize that.
You asked me, what my point was: this was it, too.
Yours, VB.
nmap -p 1000
Yours, VB.
So you are saying that some part of my software may not be working properly because of an infection that I am not aware of?
With this in mind I have carried out exhaustive tests on all the software that I use (there are some programs that I never use) and cannot find any odd behaviour. Everthing appears to be working as it should, offline and online.
If you have any other suggestions on how to trace abnormal software behaviour, I would be pleased to know.
Regards, Alan
You should worry much more about an infection that doesn't affect your software in any noticable way, if at all.
Did you read that fine essay about usermode rootkits? Essentially it's about not trying to hide at all, because this would be suspicious and detectable, but unsuspiciously hiding in public (unsuspicious filenames as already utilized by some malware, DLL injection, non-persistence).
Comparing checksums against a known safe base?
Beside the only secure way I know (comparing the data on the storage device with a reference set of a copy or at least crypto-hashes), you'll find more information about that topic here:
Thanks VB.
Regards, Alan
Yes, indeed, but I'd make myself ill with all the worrying ;-)
Regards, Alan
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.