I have now received a total of 9 alerts since installing it about 3.5 hours
ago. A couple of those alerts were where the specific ip had tried pinging
me multiple times. Very interesting. Makes me wonder what all has gone on
before I had a firewall.
I hope having the firewall doesn't degrade my online racing quality.
Don Burnette
> > Yes it's normal Don, but it's not really "hacking". You see, most of
the
> > script kiddies (because they aren't really hackers, just kids thinking
> they
> > are hackers) do that. It's like going to somebody's house and testing
the
> > door knob. If it's locked, they move to the next house. If not, then
> they
> > have a potential case of a non-safe computer. They are just sending you
> > packets, it is not illegal.
> > Zone Alarm protects you against that because it/you decide what port
(door
> > knob) you want to leave open and which one you want locked up. They do
it
> > all the time, I receive in average 10-12 alerts per day. Sometimes
more,
> > sometimes less. Unless you are not safe (check out grc.com which itself
> > just had a Dos lol), you shouldn't pay attention to them.
> I have now received a total of 9 alerts since installing it about 3.5
hours
> ago. A couple of those alerts were where the specific ip had tried pinging
> me multiple times. Very interesting. Makes me wonder what all has gone on
> before I had a firewall.
> I hope having the firewall doesn't degrade my online racing quality.
> Don Burnette
Kernel32.dll 4.10.1998 Microsoft Corporation Win32 Kernel core component
C:\WINDOWS\SYSTEM\Kernel32.dll 4.3 Microsoft(R) Windows(R) Operating System
MSGSRV32.EXE 4.10.1998 Microsoft Corporation Windows 32-bit VxD Message
Server C:\WINDOWS\SYSTEM\MSGSRV32.EXE 4.0 Microsoft(R) Windows(R) Operating
System
Mprexe.exe 4.10.1998 Microsoft Corporation WIN32 Network Interface Service
Process C:\WINDOWS\SYSTEM\Mprexe.exe 4.0 Microsoft(R) Windows(R) Operating
System
Vsmon.exe 2.6.88 Zone Labs Inc. TrueVector Service
C:\WINDOWS\SYSTEM\ZONELABS\Vsmon.exe 4.0 TrueVector Service
Minilog.exe 2.6.88 Zone Labs Inc. TrueVector Basic Alert Logger
C:\WINDOWS\SYSTEM\ZONELABS\Minilog.exe 4.0 ZoneAlarm
MMTASK.TSK 4.03.1998 Microsoft Corporation Multimedia background task
support module C:\WINDOWS\SYSTEM\MMTASK.TSK 4.0 Microsoft Windows
Explorer.exe 4.72.3110.1 Microsoft Corporation Windows Explorer
C:\WINDOWS\Explorer.exe 4.0 Microsoft(R) Windows NT(R) Operating System
Rpcss.exe 4.71.2900 Microsoft Corporation Distributed COM Services
C:\WINDOWS\SYSTEM\Rpcss.exe 4.0 Microsoft(R) Windows NT(TM) Operating System
Systray.exe 4.10.1998 Microsoft Corporation System Tray Applet
C:\WINDOWS\SYSTEM\Systray.exe 4.0 Microsoft(R) Windows(R) Operating System
Zonealarm.exe 2.6.88 Zone Labs Inc. ZoneAlarm C:\PROGRAM FILES\ZONE
LABS\ZONEALARM\Zonealarm.exe 4.0 ZoneAlarm
Pstores.exe 5.00.1877.3 Microsoft Corporation Protected storage server
C:\WINDOWS\SYSTEM\Pstores.exe 4.0 Microsoft(R) Windows NT(R) Operating
System
Ddhelp.exe 4.08.00.0400 Microsoft Corporation Microsoft DirectX Helper
C:\WINDOWS\SYSTEM\Ddhelp.exe 4.0 Microsoft? DirectX for Windows? 95 and 98
Msinfo32.exe 4.10.2222 Microsoft Corporation MSInfo32 C:\PROGRAM
FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\Msinfo32.exe 4.0 Microsoft System
Information
--
Don Burnette
D Burnette in N4
Some people do nothing wrong.
The problem is, they do nothing.
And THAT is wrong.
> > > Yes it's normal Don, but it's not really "hacking". You see, most of
> the
> > > script kiddies (because they aren't really hackers, just kids thinking
> > they
> > > are hackers) do that. It's like going to somebody's house and testing
> the
> > > door knob. If it's locked, they move to the next house. If not, then
> > they
> > > have a potential case of a non-safe computer. They are just sending
you
> > > packets, it is not illegal.
> > > Zone Alarm protects you against that because it/you decide what port
> (door
> > > knob) you want to leave open and which one you want locked up. They
do
> it
> > > all the time, I receive in average 10-12 alerts per day. Sometimes
> more,
> > > sometimes less. Unless you are not safe (check out grc.com which
itself
> > > just had a Dos lol), you shouldn't pay attention to them.
> > I have now received a total of 9 alerts since installing it about 3.5
> hours
> > ago. A couple of those alerts were where the specific ip had tried
pinging
> > me multiple times. Very interesting. Makes me wonder what all has gone
on
> > before I had a firewall.
> > I hope having the firewall doesn't degrade my online racing quality.
> > Don Burnette
<snipped>
| I have now received a total of 9 alerts since installing it about 3.5
hours
| ago. A couple of those alerts were where the specific ip had tried pinging
| me multiple times. Very interesting. Makes me wonder what all has gone on
| before I had a firewall.
| I hope having the firewall doesn't degrade my online racing quality.
|
|
| Don Burnette
|
|
If your machine doesn't have software listening on that port to provide
service (e.g. a web server) it replies that this port is closed: "this
service is not available here". No harm done with or without firewall.
If you have a dynamic ip, you might be getting old returns from the
previous owner of that ip.
If you're getting requests on ports that usually don't belong to a
standard service but a known trojan - then it's probably someone scanning
the net for computers with that trojan. However if you don't have this
trojan "installed" on your system there's still no danger - your system
simply ignores those requests. Don't be too quick to report those
"offenders" more often than not they're victims themselves or the ip is
spoofed.
If you're getting A LOT requests for a specific port/trojan it's probably
a good idea to check your HD for this trojan - again with a dynamic ip
you might have someones ip who had that trojan.
In short: don't worry too much about those alerts - if you have no trojan
on your system you'd be safe even without a firewall.
Martin
>LOL! Eeerrrmmm...hate to tell you this, Dave... ;]
>Remember when I said search the registry for the trojan? What they had done
>was map shell extensions to executables to the trojan, then everytime you ran a program,
>it attempted to restart the trojan. Very common practice with trojans, it insures
>that other methods of restarting the trojan don't fail.
>Cheers!
>>Well, the problem with virus checkers are that they are "stupid" -
>>they only check for known situations and conditions. I have yet to
>>see an intelligent one that can look at something and say "hey! this
>>doesn't look right!" if it fits the conditions, it gets marked. but
>>the problem is that most new viruses haven't been "defined" yet so the
>>stupid virus checker lets the files go on through.
>Most so called new viruses are not new, just different variations of
>an old virus so a good virus checker should pick up on them.
On Sun, 06 May 2001 16:41:52 GMT, "Robin"
>SNIP
>> A firewall will not stopping trojans from infecting your system at all.
>> It might have difficulties reporting your data to someone but that does't
>> stop a trojan from doing anything to your system. Since trojans -once
>> installed- have the same rights as any other program they can do pretty
>> much the same things you can do - e.g. disable your (software) firewall,
>> send emails, read/format your disk, etc.
>> The ONLY way to be safe is to prevent trojans (and other nasties) from
>> getting onto your system, i.e. don't install software of questionable
>> origin, use an email client without all the fancy automation stuff,
>> browse with the highest possible security settings, etc. Also check for
>> secutity updates for your programs/OS. The best way is of course to store
>> sensible data on an extra machine that connects to the net only when
>> absolutly neccessary.
>Ummm, you mean "software of a questionable origin" such as warez?!? Hee hee
>hee, serves them right for dl'ing it in the first place!
yeah - there's all sorts of stuff going on out there. scary isn't it?
remember, they're just checking to see if anyone is home. normally
your PC will respond to certain ports, but the firewall silences them.
You see, hackers don't know what's at that ip address - it could be a
router, a computer, a gateway, many different things - or nothing at
all. It's when they get replies that make them curious.
>> Yes it's normal Don, but it's not really "hacking". You see, most of the
>> script kiddies (because they aren't really hackers, just kids thinking
>they
>> are hackers) do that. It's like going to somebody's house and testing the
>> door knob. If it's locked, they move to the next house. If not, then
>they
>> have a potential case of a non-safe computer. They are just sending you
>> packets, it is not illegal.
>> Zone Alarm protects you against that because it/you decide what port (door
>> knob) you want to leave open and which one you want locked up. They do it
>> all the time, I receive in average 10-12 alerts per day. Sometimes more,
>> sometimes less. Unless you are not safe (check out grc.com which itself
>> just had a Dos lol), you shouldn't pay attention to them.
>I have now received a total of 9 alerts since installing it about 3.5 hours
>ago. A couple of those alerts were where the specific ip had tried pinging
>me multiple times. Very interesting. Makes me wonder what all has gone on
>before I had a firewall.
>I hope having the firewall doesn't degrade my online racing quality.
>Don Burnette
Anyone know why some games try to talk to the internet, when you run
them?
SLG
>> Jan, would you recommend firewall software on top of a hardware
>> firewall built into a broadband router, such as the products from
>> Linksys, SMC, and Netgear?
>Definitely. They (hardware) only protect (and marginally at that) inbound connections, they
>do nothing against a program which has installed itself and is attempting outbound.
>See our writeup in the hardware section for details...
>All the mini-firewall/routers are really just a convenience...they do not provide a really
>solid firewall (as compared to things like Checkpoint, Cisco PIX, ect). That's not to
>say that they don't work well, but if someone REALLY wanted to attempt to break
>into your system, a Linksys/Netgear/whatever would not stop them...
>Cheers!
>--
>?? Jan Kohl ??
>SECURITY CONSULTANT
>The Pits - http://www.theuspits.com
>Castle Graphics - http://www.castlegraphics.com
