Jump to content
Sign in to follow this  
TorreyIsLDS

I Got Msblaster!

Recommended Posts

zone alarm sux, thats why...or whatever firewall you use lol

ZA doesnt play a role in that test. ZA is ok for stopping some trojans, some email scripts but other than that its not a very good method of protection.

 

The issue was that in the router port 113 was closed. That site apparently doesnt like closed ports. So I had to open the port and then forward it to an IP that doesnt exist which makes it stealth and now the site likes my computer again :mrgreen:

Share this post


Link to post
Share on other sites

Why would a closed port be bad as far as security??

Share this post


Link to post
Share on other sites

Why would a closed port be bad as far as security??

Ask that crazy creator of that website. :mrgreen:

I also though that closed was a good thing :blink:

Share this post


Link to post
Share on other sites

Guess I need to read a tad bit more on this huh?? ;):mrgreen: v

Share this post


Link to post
Share on other sites

Closed - The port is closed, nothing can get through. When someone tries to get in, they can see that the port is there but cant get in...

 

Stealth - Seems like the port doesnt even exist

 

So both methods make it so that nobody cant get into the specified port but with closed the other side can see that the port is there but locked where as with stealth its also closed but its also cant be seen that it even exists.

 

:snooze::P

Share this post


Link to post
Share on other sites

Well a stealthed port will show no computer at all, closed ports still reveal that a computer exists at the IP address, and then it is a simple matter of exploiting one of the thousands and thousands of gaping holes in windows.

 

Now as for Gibsons site and tests!! The mans a bummbling idiot I wouldn't trust with a box of tissue paper never mind the security of my PC.

 

Get nmap and do some serious ports scans, and get some real trust worthy results.

 

http://www.insecure.org/nmap/

Share this post


Link to post
Share on other sites

Torrey

 

Once its gone block the following ports in Sygate

 

Port 135, 137, 139, 445, 4444, all TCP, and all hosts

 

Port 69, 135, 137, 139, 445, 4444, all UDP, and all hosts

 

That should stop you getting it.......i havnt copped it yet with those blocked.

 

Keith

Share this post


Link to post
Share on other sites

Just tested at sheilds up LOL, clean bill of health and that is while I am running a ftp and http server.

 

Wanna explain to me why gibsons test is incapable of detecting that my router is configured for http and ftp access??

 

His tests are a complete joke, I'll say agin I wouldn't trust him to secure his own front door never mind a secure computer. :mrwinky:

Share this post


Link to post
Share on other sites

Torrey

 

Once its gone block the following ports in Sygate

 

Port 135, 137, 139, 445, 4444, all TCP, and all hosts

 

Port 69, 135, 137, 139, 445, 4444, all UDP, and all hosts

 

That should stop you getting it.......i havnt copped it yet with those blocked.

 

Keith

thx doofus...but I dont know how to do this in sygate....can u take a screenshot of how u did it? thx.

Share this post


Link to post
Share on other sites

Torrey

 

Once its gone block the following ports in Sygate

 

Port 135, 137, 139, 445, 4444, all TCP, and all hosts

 

Port 69, 135, 137, 139, 445, 4444, all UDP, and all hosts

 

That should stop you getting it.......i havnt copped it yet with those blocked.

 

Keith

thx doofus...but I dont know how to do this in sygate....can u take a screenshot of how u did it? thx.
Ok follow the below

 

Click on Tools - Advanced Rules - then ADD and type a name for the rule description.

 

Under Action make sure Block This Traffic is selected then select ALL Network Interface Cards under the Advanced Settings menu directly below.

 

Next click on Hosts and make sure All Addresses is selected

 

Then Click on Ports and Protocols and under the Protocol drop down menu select TCP.

 

Under the Remote and Local port number boxes type in the port number you want to block (eg 135 in both).

 

Once done make sure Both is selected under Traffic Direction and then click on OK and OK again.

 

Then repeat steps above changing TCP for UDP and then change port numbers to those you want to manually block and that is basically it.

 

Keith

Edited by doofus

Share this post


Link to post
Share on other sites

thx doofus!

 

I feel much safer now. :)

 

p.s. should I leave sygate running while Im benchmarking? it takes up 20K cpu resources :(

Share this post


Link to post
Share on other sites

whaaa?

 

u talking about guitars in a virus thread?

Steve Gibson. :mrgreen: v

Share this post


Link to post
Share on other sites

yea...he's ok...I was looking at my guitar at the time.... :woot::lol::P:lol:

 

just kidding

Edited by x5dr

Share this post


Link to post
Share on other sites

thx doofus!

 

I feel much safer now. :)

 

p.s. should I leave sygate running while Im benchmarking? it takes up 20K cpu resources :(

Id leave it running anytime your connected to the internet full stop.

 

Why bother about a benchmark??. Isnt being safe while connected to net more important?

 

Just going by the shear amount of times my Sygate blocks the attempts of the worm and all its variants id be a fool to disable it and still remain online.

 

Keith

Share this post


Link to post
Share on other sites

thx doofus!

 

I feel much safer now.  :)

 

p.s. should I leave sygate running while Im benchmarking?  it takes up 20K cpu resources :(

Id leave it running anytime your connected to the internet full stop.

 

Why bother about a benchmark??. Isnt being safe while connected to net more important?

 

Just going by the shear amount of times my Sygate blocks the attempts of the worm and all its variants id be a fool to disable it and still remain online.

 

Keith

ok..thanks./

 

btw, did the ports you told me to block include LAN?

 

I cant access my network anymore. :(

Share this post


Link to post
Share on other sites

thx doofus!

 

I feel much safer now.  :)

 

p.s. should I leave sygate running while Im benchmarking?  it takes up 20K cpu resources :(

Id leave it running anytime your connected to the internet full stop.

 

Why bother about a benchmark??. Isnt being safe while connected to net more important?

 

Just going by the shear amount of times my Sygate blocks the attempts of the worm and all its variants id be a fool to disable it and still remain online.

 

Keith

ok..thanks./

 

btw, did the ports you told me to block include LAN?

 

I cant access my network anymore. :(

I dunno about the LAN

 

It would be easy to see which blocked port caused that to happen by deleting the added advanced rules in sygate one by one.

 

Keith

Share this post


Link to post
Share on other sites

Just make sure you never stay connected to the net with no firewall.......not even to test pit scores. The blasterworm attempts that are caught by my sygate run into the hundreads per day, so never take the risk of disabling it just for testing or anything else as you never know when the worm will try to connect.

 

Keith

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...