Jump to content


Photo
- - - - -

Info about attacks and Firewalls


  • Please log in to reply
4 replies to this topic

#1 Paul

Paul

    SuperNova III Member

  • ++Member
  • 2,893 posts
  • Location:U.K. Cambs
  • Interests:Some Web designing, Amiga's, Like Point & Click Adventure RPG, Watching DVDs

  • United Kingdom

Posted 28 April 2002 - 10:53 AM

Use the following web sites at your own risk.

Firewall Forensics

"This document explains what you see in firewall logs, especially what port numbers means. You can use this information to help figure out what hackers are up to.
This document is intended for both security-experts maintaining corporate firewalls as well as home users of personal firewalls."


http://www.robertgra...ewall-seen.html

#2 Paul

Paul

    SuperNova III Member

  • ++Member
  • 2,893 posts
  • Location:U.K. Cambs
  • Interests:Some Web designing, Amiga's, Like Point & Click Adventure RPG, Watching DVDs

  • United Kingdom

Posted 28 April 2002 - 03:04 PM

Threats to your Security on the Internet

"The Trojan horse applications discussed within this web site are remote administration hacker utilities that will allow a user to control another user's computer across the Internet. Trojan horse applications can provide equal, if not more control of a remote PC system than the person sitting at its keyboard."

http://www.commodon.com/threat/

#3 Paul

Paul

    SuperNova III Member

  • ++Member
  • 2,893 posts
  • Location:U.K. Cambs
  • Interests:Some Web designing, Amiga's, Like Point & Click Adventure RPG, Watching DVDs

  • United Kingdom

Posted 28 April 2002 - 03:40 PM

Protecting Your Privacy & Security On a Home PC

"This site contains links to numerous pages on the Web where home users can find software and information relevant to Windows PC privacy and security. It also contains a rudimentary "checklist" of basic steps that home users can take to enhance their privacy and security while using the Internet."

http://www.staff.uiu...ehowes/main.htm

#4 melbei

melbei

    Elite Member

  • Members
  • PipPipPip
  • 300 posts
  • Location:Australia
  • Interests:0

  • Australia

Posted 09 May 2002 - 12:30 PM

A good little firewall i've found at www.zonelabs.com is called zone alarm pro or the free no frills version is zone alarm...a good site easier to setup and no huge phone bills from constantly ringing the old isp for info on thier service.. methinks throw away macafe and norton and try this one.

#5 melbei

melbei

    Elite Member

  • Members
  • PipPipPip
  • 300 posts
  • Location:Australia
  • Interests:0

  • Australia

Posted 06 November 2002 - 10:07 AM

A few files, what they do and what firewall settings to use: (thanks to www.pcmag.com) FILENAME: Aim.exe. PROGRAM NAME: AOL Instant Messenger. DESCRIPTION: The world's most popular IM client. RECOMMENDED ACTION: Always permit as a client but think twice before granting any IM program server rights; it could let hackers collect files from your hard drive. FILENAME: Alg.exe. PROGRAM NAME: Application Layer Gateway. DESCRIPTION: Part of Windows XP that provides support for ICS and Internet Connection Firewall (ICF). RECOMMENDED ACTION: If a third-party firewall warns you that ALG.exe wants access, check to make sure you're not double-firewalled. If you are, disable ICF. If you are using neither ICF nor ICS and are warned that ALG.exe is trying to access the Net, deny it. A Trojan horse or worm may be trying to use it as a backdoor. FILENAME: Dwwin.exe. PROGRAM NAME: Dr. Watson. DESCRIPTION: Microsoft application error-reporting tool, which gathers data about malfunctioning software and can send it to Microsoft. RECOMMENDED ACTION: Permit once to transmit this information. FILENAME: Explorer.exe. PROGRAM NAME: Windows Explorer. DESCRIPTION: Microsoft's Windows shell. RECOMMENDED ACTION: The Windows shell does not generally need access to the Internet. Permit once if you've intentionally performed an operation that requires Net access. FILENAME: Iexplore.exe. PROGRAM NAME: Microsoft Internet Explorer. DESCRIPTION: Microsoft's Web browser. RECOMMENDED ACTION: Some spyware can start your browser and pass information to its maker via a URL or cookie. To prevent snooping, permit once if you don't mind one extra click at IE start-up. FILENAME: Lsass.exe. PROGRAM NAME: Local Security Authentication Server, Windows NT/2000/XP. DESCRIPTION: Validates passwords when users log on. RECOMMENDED ACTION: Always permit. But keep in mind that this file is a frequent target of malware, so scan it regularly to make sure it hasn't been altered. FILENAME: Msimn.exe. PROGRAM NAME: Microsoft Outlook Express. DESCRIPTION: Microsoft's mail client. RECOMMENDED ACTION: For POP3, Outlook Express needs to make outgoing connections on ports 110 (POP) and 25 (SMTP). If your firewall lets you select which ports a program can use, permit these ports always but allow access on no others. If you're using IMAP, allow access to port 143 as well. FILENAME: Msmsgs.exe. PROGRAM NAME: MSN and Windows Messenger. DESCRIPTION: Microsoft's IM client. RECOMMENDED ACTION: See Aim.exe. FILENAME: Navapw32.exe. PROGRAM NAME: Norton AntiVirus Auto-Protect. DESCRIPTION: Performs nightly updates of Norton AntiVirus patterns. RECOMMENDED ACTION: Always permit. FILENAME: Ndisuio.sys. PROGRAM NAME: NDIS User I/O. DESCRIPTION: Internal Windows driver; performs internal communications tasks within Windows. RECOMMENDED ACTION: Always permit. FILENAME: Ntoskrnl.exe. PROGRAM NAME: NT OS Kernel. DESCRIPTION: The Windows NT/2000 Kernel. RECOMMENDED ACTION: Always permit. Note that this file is attacked and altered by many Trojan horses and worms; scan regularly. FILENAME: Quicktimeplayer.exe. PROGRAM NAME: Apple QuickTime Player. DESCRIPTION: Plays QuickTime and various other audio and video formats. RECOMMENDED ACTION: Permit once when you actually want to stream media across the Internet. FILENAME: Realplay.exe. PROGRAM NAME: Real media players (RealPlayer, RealOne). DESCRIPTION: Plays digital media. RECOMMENDED ACTION: See Quicktimeplayer.exe. FILENAME: Rundll32.exe. PROGRAM NAME: Run DLL as a program. DESCRIPTION: Runs code from a dynamic link library (for example, a Control Panel applet) as if it were a complete program. RECOMMENDED ACTION: Permit once, with care. But be suspicious: If you can't think of a reason the applet you just clicked might need to use the Net, just say no. FILENAME: Services.exe. PROGRAM NAME: Windows NT/2000 services. DESCRIPTION: Performs system logging, tracks resources, sends messages and alerts, manages PnP devices, handles Windows networking. RECOMMENDED ACTION: Always permit. FILENAME: Setup_wm.exe. PROGRAM NAME: Windows Media Player Setup. DESCRIPTION: Occasionally tries to check with Microsoft for updates. RECOMMENDED ACTION: Always deny. This program can leak information about the media you play. Get your updates through Windows Update. FILENAME: Svchost.exe. PROGRAM NAME: Generic Host Process for Win32 services (Windows 2000). DESCRIPTION: This program is similar to the Unix inetd.exe program. It runs one or more DLLs whose code provides services to machines on the network. RECOMMENDED ACTION: Always permit. FILENAME: Userinit.exe. PROGRAM NAME: Initiate user environment. DESCRIPTION: This program sets up a user's computing environment immediately after log-on. It starts the shell, establishes network connections, and handles other similar logistics. RECOMMENDED ACTION: Always permit. FILENAME: Winlogon.exe. PROGRAM NAME: Windows log-on utility. DESCRIPTION: Accepts user passwords. RECOMMENDED ACTION: Always permit. FILENAME: Wkufind.exe. PROGRAM NAME: Microsoft Works update detection. DESCRIPTION: Checks for Microsoft Works and Picture It! updates. RECOMMENDED ACTION: Permit once when update is desired. FILENAME: Wmplayer.exe. PROGRAM NAME: Windows Media Player. DESCRIPTION: Microsoft's media player. May be activated by Web pages or other software and can slow the system dramatically. RECOMMENDED ACTION: See Quicktimeplayer.exe. FILENAME: Wuauclt.exe. PROGRAM NAME: Windows Update AutoUpdate client. DESCRIPTION: Retrieves updates from Windows Update server. RECOMMENDED ACTION: Always permit. But be warned: According to Microsoft, updates may invoke DRM restrictions, preventing you from playing multimedia content already on your system. Read the details of each update before applying it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users