Announcement

**Gurm** · 11 February 2002, 06:39

Yup. It's called the "nothing" firewall. To install it you do nothing, to use it you do nothing.

Proven 99.999% as effective as Zonealarm.

- Gurm

P.S. Or there's the builtin firewall in XP... which is MORE effective than Zonealarm.

**Dr Mordrid** · 11 February 2002, 06:49

You didn't say if he was using a cable connection or dialup.

If cable then Linksys makes a 1 port Cable/DSL router that has a built in NAT firewall that works transparently but can be set up to save a log file. They run about $50 or so.

I've had its bigger brother, the 4 port, for a long time and it works very nicely.

How well does it work? With Black Ice running on a cable connection I was getting ~100 hits/hour. As soon as I put the Linksys in the circuit it dropped to ZERO. This isn't to say it's perfect, but it'll stop all but the most determined.

Dr. Mordrid

**RichL** · 11 February 2002, 07:36

I see Gurm is his usualy helpful, reasonable and informative self today.

If you dont want to install XP and/or spend hours fiddling with various arcane settings that Mortal-Man-Was-Not-Ment-To-Meddle-With, go to Zone Labs and download the free copy of Zonealarm.

You can easily disable the popup warnings for incoming, although as it works on a Permit/Deny by program you will get a popup alert when a new program attempts to access the internet.
Zonealarm can remember the settings you choose so you should only get this once per program.
Personally I recommend NOT having Zonealarm automatically permit the PING command, but raise a popup each time.
One of the basic tricks of a DDoSer when they get a trojan on your PC is to use the basic Ping command from your machine to someone elses.

**Topha** · 11 February 2002, 07:42

Its an adsl connection, which is running most of the time. I was thinking about a getting him a router, but it costs money, just like win XP (he got win2k installed), i shall try zonealarm,

thanks

**KeiFront** · 11 February 2002, 08:13

Gurm have you got the RPC port closed without using the WinXP builtin firewall?

**Gurm** · 11 February 2002, 11:10

Ok ok, mock me. No, the RPC port has me baffled, boonswoggled, and confused.

Nobody's test shows it open except GRC. I begin to wonder if it's open at all?

Can anyone show me a good way to CONFIRM that it's open?

- Gurm

**spazm_1999** · 11 February 2002, 12:51

U can check if it's open by using netstat (a console app). The RPC port # is 135 either on TCP or UDP.

The u can actually try to telnet in it if u which.

That's the only way i know to be absolutely sure that a port is open or not.

Spazm

**KeiFront** · 11 February 2002, 12:54

Have you tried nmap already.

You can always disable RPC but IMHO that isn't a solution.

**TdB** · 12 February 2002, 05:45

i have heard good things about sygate...

**Kosh Naranek** · 12 February 2002, 06:52

If you decide to use the built in firewall in XP .. remember ..... if you want to use IRC (ident and dcc) or ICQ etc. you need to map the used ports in the built in firewall.
Once you do this the ports will showup in a port scan .. they will be closed, but they will show up as being closed ( meaning .. they are there )

And the builtin firewall has no outbound protection.

no firewall ----> No outbound protection either ( geee )

Solution ... : Go with ZoneAlarm or Tiny Firewall !

IMO

EDIT

If the PC in question is only connected to the internet and not any other MS based machine ....

KILL .. : Client for Microsoft Networks
KILL .. : File and printer sharing for Microsoft Networks

These two protocols are exploits waiting to happen (without any decent firewall) and believe it ot not the internet works fine without them.

**Gurm** · 12 February 2002, 08:37

See, I still have yet to hear of why you NEED outbound protection.

It's like my grandpappy used to say...

"If you don't stick your straw in the community bowl, you don't have to worry about..."

Ok, that was a poor STD reference.

ANYWAY, the point is that you only need outbound scanning if you think you've picked up a trojan. And frankly, that's not bloody likely if you have a decent antivirus program.

And honestly, you don't really need to block off the RPC port, I'm thinking. You need password authentication in order to USE the RPC port... and it's not easy to hack into... so let 'em bang on it. Who cares?

- Gurm

**KvHagedorn** · 12 February 2002, 10:04

Ok, that was a poor STD reference.

ANYWAY, the point is that you only need outbound scanning if you think you've picked up a trojan.

I thought you picked up a trojan to avoid those things.. anyhow, when it's outbound, I feel too preoccupied to scan it, even if I had the equipment...

**Kosh Naranek** · 12 February 2002, 15:44

OutBound Protection

Trojans come from all kinds of places not just the internet !

We have even seen commercial published CD's and DVD's being infected by trojans !

However ... The reason why I like outbound protection is because I like to know/control which programs are calling home ! When using outbound protection, I can prevent ANY program from calling home and reporting all sorts of information regarding me and my surfing habits, to third parties without my consent.

**Gurm** · 12 February 2002, 20:20

How does it feel to be senselessly paranoid

- Gurm

Announcement

Easy to use, safe, unproblematic freeware firewall

Easy to use, safe, unproblematic freeware firewall

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment