Join the most popular community of UK swingers now
Login
Anyone know anything about firewalls??
last reply
40 replies
1.8k views
6 watchers
0 likes
Sex God
I don't know whether this is relevant but my work network has had several virus attempts over the last few days - viruses that made it through their security (whatever that is!) into our mailboxes! One was a worm, but I don't know about the others. Seems the nerds that create these things are trying very hard :twisted:
Hi Kat,
I think the problem at the moment tends to be associated with the worms that are about. Apparently one way in which they operate is to scan "local" IP addresses, so if people in the same "block" as you become infected your machine would be found before the rest of the world. If you know your IP address you should be able to tell the local addresses from the logs, because the the first two dotted quads, ie the first two sets of up to three numbers in the address, will be the same. So if your IP address was you could expect to get more worm attacks from the range.
If it's of interest, I've started using:
It's a tiny application that sits on my computer, takes my firewall logs (ZoneAlarmPro in my case) and uploads the relevant logs to the site. Once there, the logs are analysed, along with many other users logs, and abuse reports filed and tracked automatically. You'll be able to see the domains that the attacks are coming from (if you don't get automatic resolution of the IP addresses in your logs) what the probable cause is (virus, worm or whatever) - plus the kick of seeing when other machines have been cleaned up or closed down! :twisted:
Also, personally, I've now changed our patching strategy at work - if you use Microsoft products, especially operating systems, it's well worth applying ALL critical patches and security updates via the Windows Update site.... err, I think it may be time to shut up... or I'll start banging on about making sure you (not you Kat, more a general you!) have up to date antivirus software!!
Mandy
Time to put the flirty head back on, I think!
I think the problem at the moment tends to be associated with the worms that are about. Apparently one way in which they operate is to scan "local" IP addresses, so if people in the same "block" as you become infected your machine would be found before the rest of the world. If you know your IP address you should be able to tell the local addresses from the logs, because the the first two dotted quads, ie the first two sets of up to three numbers in the address, will be the same. So if your IP address was you could expect to get more worm attacks from the range.
If it's of interest, I've started using:
It's a tiny application that sits on my computer, takes my firewall logs (ZoneAlarmPro in my case) and uploads the relevant logs to the site. Once there, the logs are analysed, along with many other users logs, and abuse reports filed and tracked automatically. You'll be able to see the domains that the attacks are coming from (if you don't get automatic resolution of the IP addresses in your logs) what the probable cause is (virus, worm or whatever) - plus the kick of seeing when other machines have been cleaned up or closed down! :twisted:
Also, personally, I've now changed our patching strategy at work - if you use Microsoft products, especially operating systems, it's well worth applying ALL critical patches and security updates via the Windows Update site.... err, I think it may be time to shut up... or I'll start banging on about making sure you (not you Kat, more a general you!) have up to date antivirus software!!
Mandy
Time to put the flirty head back on, I think!
Kat,
I'm always happy to elucidate - although I'm definitely not a true techy.. I was employed as the "human face to the IT department".. but on the plus side I don't say things that I don't understand, and I can talk in relatively plain English! ;)
Feel free to take enquiries to PM, email or whatever...
Mandy
I'm always happy to elucidate - although I'm definitely not a true techy.. I was employed as the "human face to the IT department".. but on the plus side I don't say things that I don't understand, and I can talk in relatively plain English! ;)
Feel free to take enquiries to PM, email or whatever...
Mandy
A minor correction... i think I'm right, but if not then sorry! Worms self-propogate and therefore don't need to be executed/run on the machine to be infected, they can find open network shares, and (unpatched, with whatever the latest patch is) machines. We had some problems with the MS Blast worm at work, not because anyone received and executed it on one of our machines (all our mail is scanned by MessageLabs on the way in) but because it managed to get in through open ports on our firewall (they weren't considered a risk when it was configured by the support company).
I'd advise anyone who uses the Internet now to ensure they have a firewall on their machine, otherwise it's literally minutes of being connected before you stand a high risk of becoming infected (backed up by our latest advice from our external support company a fresh machine put online to get all the patches etc was infected within minutes). The free version of Zone Alarm from: offers a great deal of protection straight out of the box, so to speak, although some understanding is useful if you want to open things up so you can do particular things online.
Oh dear, I'm off again.. and I only wanted to say the thing about worms!
Mandy
Normal service will resume....
I'd advise anyone who uses the Internet now to ensure they have a firewall on their machine, otherwise it's literally minutes of being connected before you stand a high risk of becoming infected (backed up by our latest advice from our external support company a fresh machine put online to get all the patches etc was infected within minutes). The free version of Zone Alarm from: offers a great deal of protection straight out of the box, so to speak, although some understanding is useful if you want to open things up so you can do particular things online.
Oh dear, I'm off again.. and I only wanted to say the thing about worms!
Mandy
Normal service will resume....
Mark, whoops... I was originally talking about worms, then your reply:
.. was about trojans - I followed up with what I guess was something trying to say that just because you don't actually run any unknown programs/attachments, it doesn't necessarily follow that you won't get infected. Of course trojans I think can also be worms, but that's just me trying to get myself off the hook! ;)
Mandy
Quote by Mark
Number one thing. Do not install or run anything on your system without being sure of what it is. That's how trojans get in (of course).
.. was about trojans - I followed up with what I guess was something trying to say that just because you don't actually run any unknown programs/attachments, it doesn't necessarily follow that you won't get infected. Of course trojans I think can also be worms, but that's just me trying to get myself off the hook! ;)
Mandy
Quote by Mark
And I thought KitKat was originally talking about trojans. No matter.
Erk, you're quite right... b*gger, b*gger, b*gger! Although of course some people (eg most of my "users"!) don't know the difference... <she says, wondering when she should stop digging..>
Quote by Mark
Of course trojans I think can also be worms, but that's just me trying to get myself off the hook! ;)
Hehe, well you're well and truly in my keep net now ;)
Would this be a fishnet?! ;)
Quote by Mark
Actually I tend to forget about these things, as I sit here at home behind a proper firewall (ADSL modem/router with NAT sitting on a switch) using GNU/Linux on my laptop. I challenge anyone to mess with me ;)
I think I'll leave the messing to the little 'un!
Now Linux I've been toying with trying for a while; I may have a number of spare machines to play with soon and it's got to be worth a download over ADSL to see if I can get it to work for me!Mandy
Don't take this the wrong way.
But will everyone please shut up!
:cry: :cry: :cry: :cry: :cry: :cry: :cry: :cry: :cry:
Kat gibbers in the corner!
OK, I'm cool.
I usually get a couple of hits a day, but I have to do my tax this month so I downloaded a tax calculation programme. To do this I had to switch of my firewall. Since then, I have had humongous amounts of hits, and I didn't know if it was a coincidence, or cos something had got in while the wall was switched off.
Now, tomorrow, when I am a little more sober, I am going to have a look through this string, and cry all over again!
But seriously, I will have a look through it all, and thanks everyone for the advice.
lhk
Pete
But will everyone please shut up!
:cry: :cry: :cry: :cry: :cry: :cry: :cry: :cry: :cry:
Kat gibbers in the corner!
OK, I'm cool.
I usually get a couple of hits a day, but I have to do my tax this month so I downloaded a tax calculation programme. To do this I had to switch of my firewall. Since then, I have had humongous amounts of hits, and I didn't know if it was a coincidence, or cos something had got in while the wall was switched off.
Now, tomorrow, when I am a little more sober, I am going to have a look through this string, and cry all over again!
But seriously, I will have a look through it all, and thanks everyone for the advice.
lhk
Pete
Quote by Mark
Would this be a fishnet?! ;)
You tell me ;)
Well, personally I prefer something semi-sheer and silky, but men, provided they've hads their legs shaved (boring) or waxed (lots more fun!) look stunning in fishnets!
Quote by Mark
Now Linux I've been toying with trying for a while...
Sure, if you just hang on for a bit, is coming out soon and it's lovely imo. I have to use it, since my day job is hosting (and I'm a geek in Swinger's clothing
). However, I wouldn't use anything else if you paid me now. I'm a cheapskate at home, and that's where I'll play with it first (don't I always?!).. if I get to grips with it enough I'll buy something like Mandrake for a file server at work.
Quote by Mark
Although for gaming I need to have a whizzy bang machine running MS Windows unfortunately, but for anything serious it's Linux.
I grew out of a serious addiction to adventure games some years ago (plus I ran out of time) and can now quite virtuously give my brothers hell for their problem with Everquest! :lol:
Quote by Mark
This forum really does have no bounds on topics for discussion it seems!
And that's what makes it so accessible, I think, something for everyone.. that and good people! <round of applause for Mark>
... <later> I see Kat's asking us to quieten down a bit.. hopefully this isn't techy enough to be a problem!
Mandy
"Time for bed", said Zebedee...
Can I just say I understood no one word of that... :shock:
I get around all these nasty computer lurgies (well, most of them anyway) by having a very old very clapped out system - Windows 98SE - that most of these little viruses don't bother with. For everything else I pay my £20 a year to MacAfee and they sort it for me. All I have to do is click something once in a while...
I got this Blast thing a few times - It landed, took a look around my inbox then buggered off again mumbling the words 'Waste of time...' as if left with MacAfee kicking it up the arse as the door shut.
:lol: :lol:
I get around all these nasty computer lurgies (well, most of them anyway) by having a very old very clapped out system - Windows 98SE - that most of these little viruses don't bother with. For everything else I pay my £20 a year to MacAfee and they sort it for me. All I have to do is click something once in a while...
I got this Blast thing a few times - It landed, took a look around my inbox then buggered off again mumbling the words 'Waste of time...' as if left with MacAfee kicking it up the arse as the door shut.
:lol: :lol: That was such an exciting topic.........zzzzzzzzzzzzzzzzzzzzzz
But seriously all you swinging techies out there....maybe someone can tell me why I spend what I do on a program such as NORTON, which, when confronted with these nasty little worms or trojans.....then proceeds to advise me OOOOOOPS you've just been infected!!!! Sorry.....No can Help!!
Well that's how it seems to the uneducated like me.....
So would I be just as well to download a freeby such as Zonealarm? Or am I being a cheapskate???
Of course being somewhat new to Dogging and Swinging, it could be I have missed the plot and we(you), could have been giving out dogging locations and party invites in code
But seriously all you swinging techies out there....maybe someone can tell me why I spend what I do on a program such as NORTON, which, when confronted with these nasty little worms or trojans.....then proceeds to advise me OOOOOOPS you've just been infected!!!! Sorry.....No can Help!!
Well that's how it seems to the uneducated like me.....
So would I be just as well to download a freeby such as Zonealarm? Or am I being a cheapskate???
Of course being somewhat new to Dogging and Swinging, it could be I have missed the plot and we(you), could have been giving out dogging locations and party invites in code
Quote by Mjb
But seriously all you swinging techies out there....maybe someone can tell me why I spend what I do on a program such as NORTON, which, when confronted with these nasty little worms or trojans.....then proceeds to advise me OOOOOOPS you've just been infected!!!! Sorry.....No can Help!!
So would I be just as well to download a freeby such as Zonealarm? Or am I being a cheapskate???
I think one of the problems with some antivirus software is that they can't scan or clean viruses etc when they are stored in memory, as opposed to being written to the hard disk. Another problem is that some viruses disable your av software - nasty or what?!
Also, you have to make sure you're completely up to date with the latest virus definitions - I've set my software to check for updates every hour, and download and install them automatically... even I forget to do things manually sometimes! ;)
And having a firewall like ZoneAlarm helps, but it doesn't mean you don't need anti-virus software - it's a belt and braces approach, and any other sort of protection that's available, to boot!
Hope this helps.
Mandy
Practise safe hex - you know it makes sense!
Thanks Mandy....I appreciate what you say, but in the case of Norton, they update once a week on a weds as far as I know and my software is set to update regularly on that day. It still doesn't stop that wonderful pop up window which says...Ooooops you just caught a cold.......Stupid or what? but the way I see it is if norton know I just got cuaght out, i.e. recognises I just got a virus.....why then wasn't it about to stop it??
And yep!! I have definitely lost the plot.....Squirrels??? Moscow!!! Jeezzzzz this swinging game is becoming all too much for me....
And yep!! I have definitely lost the plot.....Squirrels??? Moscow!!! Jeezzzzz this swinging game is becoming all too much for me....
a) Linux is not inherently more secure than other operating systems.
The only security benefit that linux offers is it's relative lack of numbers, and therefore not as often exploited.
b) Many trojans arrive from 'friends', that's the typical purpose of a trojan. People want to spy on folk they know... not strangers. So beware folks of nice people sending you 'a cool utility to make you safer'.
c) Not all trojans / Virii arrive via Email, or file transfers. A large number of exploits have demonstrated buffer overrun errors in Web pages and RPC calls that execute code. Basically, this means that surfing some sites can be risk enough, as can merely being online. Depending on which operating system you're using the exploits vary, but the recent msblaster and derivatives can have devastating consequences on network performance.
Regarding the number of hits a firewall detects... there are a number of reasons why people get hit...
a) Firewall's are actually quite dumb.... not at all as intelligent as you're led to believe. Most cannot tell the deifference between legitimate use of your computer and misuse. So they expect YOU to tell them what's ok and what isn't.
A lot of hits on your pc are caused by 'Netbios'... basically, that's your pc booting up on trying to find other pc's on it's netwrok neighbourhood. There are thousands of computers booting up and using the same ISP as you. As a result, many of them are configured to use 'netbios' to try to search out other computers on the same network. Unfortunately, when someone's knocking on the metaphoric door of your computer, it's not possible to tell if it's a friendly face, a wrong house number, or a burglar!!
b) Recent worms cuch as msblaster / naachi do the same thing... they scan a range of network addresses in an attempt to sniff out ofhter computers that are prone to attack. Even if you're pc is nice and safe and clean, everybody elses PC might not be. Therefore, you're still prone to attack from all the other nutters (most of whom are blissfully unaware their PC's are doing this).
c) You have some seriously dodgy chat friends with a grudge or a morbid curiosity ;-)
The only security benefit that linux offers is it's relative lack of numbers, and therefore not as often exploited.
b) Many trojans arrive from 'friends', that's the typical purpose of a trojan. People want to spy on folk they know... not strangers. So beware folks of nice people sending you 'a cool utility to make you safer'.
c) Not all trojans / Virii arrive via Email, or file transfers. A large number of exploits have demonstrated buffer overrun errors in Web pages and RPC calls that execute code. Basically, this means that surfing some sites can be risk enough, as can merely being online. Depending on which operating system you're using the exploits vary, but the recent msblaster and derivatives can have devastating consequences on network performance.
Regarding the number of hits a firewall detects... there are a number of reasons why people get hit...
a) Firewall's are actually quite dumb.... not at all as intelligent as you're led to believe. Most cannot tell the deifference between legitimate use of your computer and misuse. So they expect YOU to tell them what's ok and what isn't.
A lot of hits on your pc are caused by 'Netbios'... basically, that's your pc booting up on trying to find other pc's on it's netwrok neighbourhood. There are thousands of computers booting up and using the same ISP as you. As a result, many of them are configured to use 'netbios' to try to search out other computers on the same network. Unfortunately, when someone's knocking on the metaphoric door of your computer, it's not possible to tell if it's a friendly face, a wrong house number, or a burglar!!
b) Recent worms cuch as msblaster / naachi do the same thing... they scan a range of network addresses in an attempt to sniff out ofhter computers that are prone to attack. Even if you're pc is nice and safe and clean, everybody elses PC might not be. Therefore, you're still prone to attack from all the other nutters (most of whom are blissfully unaware their PC's are doing this).
c) You have some seriously dodgy chat friends with a grudge or a morbid curiosity ;-)
All worms have to execute on the host machine...
The trick is getting it to execute on your machine...
Traditionally, people would would either send you a trojan (any program that pretended to be something it wasn't). The user would run it, and it would appear to do what it was supposed to... except unbeknown to the user, it would also install something nasty (e.g. a worm, or a spying application).
Once people got used to email problems, a few folk discovered that un some circumstances, you could make a webbrowser crash with malformed scripts, damaged web link addresses, or in some cases even malformed html. When this was discovered, people then found out that the way in which the browser crashed caused the browser to start executing code.
This made hackers produce specificially formatted webpages that would crash explorer, and then execute code of their choice... commonly termed 'buffer overrun' errors.
Buffer overrun errors where then carefully sought out in lots of places... especially a nice little feature that Windows offers called 'RPC' Remote Procedure Call. This feature allows computers to share computation by giving one pc some code to execute, that can call up another PC and then ask it do some computation too... basically talking to each other to get the task done. Sadly, this suffered from buffer overrun problems too. This is the exploit that msblaster uses.
msblaster works like this...
it will operate on either a random subnet, or the users subnet.
It will scan tcp port 135 on 20 blocks at a time (incrementally)
If any response is returned from a scan, it will issue an RPC request that will cause a buffer overrun on the destination pc. This will result in an administrative shell being opened on port 4444 talking to the target pc.
The target pc will issue a tftp -1 GET which will basically download the msblast worm from the host pc to the target pc.
Next the START command is issued on the target pc.. and the
infection is complete.
The process is repeated over and over for every infected pc.
The user need only be on the net running a pc that supports RPC (for Windows).
Firewalls are ONLY an aid to security, they are not a guarantee. Many firewalls can be bypassed with incredible ease... firewalls such as Norton, BlackIce, Outpost, Zonealarm etc will be oblivious to http tunneling on port 80 from any trojan in the internet explorer process space.
Fortunately, worms are harder to get through firewalls than trojans are... since worms need to replicate and need to exploit other pc's vulnerabilities on many ports. A trojan (of the spying variety) typically only ever needs to transmit to one location, with a dedicated listener at the other end. Where http tunneling might be expected.
So... keep your firewalls... they don't do any harm. Don't place blind faith in them. You'll be sorely disappointed.
The trick is getting it to execute on your machine...
Traditionally, people would would either send you a trojan (any program that pretended to be something it wasn't). The user would run it, and it would appear to do what it was supposed to... except unbeknown to the user, it would also install something nasty (e.g. a worm, or a spying application).
Once people got used to email problems, a few folk discovered that un some circumstances, you could make a webbrowser crash with malformed scripts, damaged web link addresses, or in some cases even malformed html. When this was discovered, people then found out that the way in which the browser crashed caused the browser to start executing code.
This made hackers produce specificially formatted webpages that would crash explorer, and then execute code of their choice... commonly termed 'buffer overrun' errors.
Buffer overrun errors where then carefully sought out in lots of places... especially a nice little feature that Windows offers called 'RPC' Remote Procedure Call. This feature allows computers to share computation by giving one pc some code to execute, that can call up another PC and then ask it do some computation too... basically talking to each other to get the task done. Sadly, this suffered from buffer overrun problems too. This is the exploit that msblaster uses.
msblaster works like this...
it will operate on either a random subnet, or the users subnet.
It will scan tcp port 135 on 20 blocks at a time (incrementally)
If any response is returned from a scan, it will issue an RPC request that will cause a buffer overrun on the destination pc. This will result in an administrative shell being opened on port 4444 talking to the target pc.
The target pc will issue a tftp -1 GET which will basically download the msblast worm from the host pc to the target pc.
Next the START command is issued on the target pc.. and the
infection is complete.
The process is repeated over and over for every infected pc.
The user need only be on the net running a pc that supports RPC (for Windows).
Firewalls are ONLY an aid to security, they are not a guarantee. Many firewalls can be bypassed with incredible ease... firewalls such as Norton, BlackIce, Outpost, Zonealarm etc will be oblivious to http tunneling on port 80 from any trojan in the internet explorer process space.
Fortunately, worms are harder to get through firewalls than trojans are... since worms need to replicate and need to exploit other pc's vulnerabilities on many ports. A trojan (of the spying variety) typically only ever needs to transmit to one location, with a dedicated listener at the other end. Where http tunneling might be expected.
So... keep your firewalls... they don't do any harm. Don't place blind faith in them. You'll be sorely disappointed.
Hardware firewalls are even dumber (arguably).
Erm, the Linux statement... not at all I hold by it entirely.
You cannot make a claim that 'Linux is inherently more secure'. It's not. You cannot readily compare both operating systems as if one were more secure than the other. It's misleading in a big way.
The arguments for Linux being more stable and less prone to security holes is the very same argument used against it... open source for example, for = gets peer review on a grand scale, against = even easier to discover exploits. Security is far more complex than the O/S itself, and both Linux and Windows do rather well. However, they both suffer from different problems, and can't be compared. There's nothing 'inherently' more secure about one than the other... I'd be delighted if you can demonstrate to me an area where this is the case.
The linux lion worm managed to exploit linux as readily as did msblaster on windows.
Erm, the Linux statement... not at all I hold by it entirely.
You cannot make a claim that 'Linux is inherently more secure'. It's not. You cannot readily compare both operating systems as if one were more secure than the other. It's misleading in a big way.
The arguments for Linux being more stable and less prone to security holes is the very same argument used against it... open source for example, for = gets peer review on a grand scale, against = even easier to discover exploits. Security is far more complex than the O/S itself, and both Linux and Windows do rather well. However, they both suffer from different problems, and can't be compared. There's nothing 'inherently' more secure about one than the other... I'd be delighted if you can demonstrate to me an area where this is the case.
The linux lion worm managed to exploit linux as readily as did msblaster on windows.
Mod
Personally, I just like sex in the great outdoors :twisted:
Mal
Mal
Orgasminator
hi there the best fire wall is zone alarm 2.6 its one of the hardest to get past and also you should run swat it bot remover and trojan tracker
thanks Mark, Mandy, analog, mal, beckers, heather, markus, mjb, jane and les (did I miss anyone?)
I've Printed it off, and shall go through and cherry pick at my leisure!
I've prioritised the advice and I think the first thing I will try is:
LHK
Kat
I've Printed it off, and shall go through and cherry pick at my leisure!
I've prioritised the advice and I think the first thing I will try is:
Personally, I just like sex in the great outdoors
LHK
Kat
Orgasminator
good on you kit kat sex in the great outdoors is great xx lovve jane les go for it
Mod
Glad I could be of some help 
Mal
Mal
