SpinSpinSugar

Ok, so I've got a fixed IP these days, and always have a firewall running. Today I noticed that somehow or other it'd turned off, and my machine had been "open" to the world for the best part of a day.

Now....

a) I get about 40-50 blocked NetBIOS or port access requests a day, what exactly can these people DO to my machine if they're not blocked?

b) Is it possible to access the file system of a PC (outside of any shares set up under XP) through all these shenannegans?

c) How can I scour my machine for Trojan Horses etc. that may have been left by hackers, do virus guard pick them up?

GeneralElectric

Hi

Just one of many "interesting programs" available:

http://www.efc.ca/pages/media/2001/2...eregister.html



And check this link for some good Win2000 anti-hack stuff:

http://rr.sans.org/win/cant_hack.php

Yes, virus scanners can pick out the more common trojans / worms - that's what you buy them for. But definitely not 100% reilable. Our head office got hit over 1000 in the last couple of weeks, but somehow 1 or 2 emails still made it through the firewall!

You're using Norton or ZoneAlarm presumably so provided that it's switched on you are probably OK.

I run several Linux firewalls at work and it's quite unnerving to see the amount of NetBIOS activity, along with regular hack attempts

Hope there's something here to help.
Cheers

CrashDive

W.r.t. internet security, I can't recommend enough the following site: http://grc.com and in particular Shields Up a site from which I urge you ALL to test both your Shields and your Ports !!!

Uhm, that said….

Q). So, you don't think you're vulnerable upon the Internet ?

A). Well checkout http://grc.com/su-danger.htm

Nb. The URL reference sites you see above are favourites of both me (Tony) and PRuNe Dispatch (Mik)

So, if you really want some understanding of your true Internet vulnerability, then have a read of this..... http://grc.com/dos/grcdos.htm...... veritably very scary stuff !!!

__________________
CrashDive

Administrator to The Professional Pilots RUmour NEtwork

May you live in interesting times !

All Systems Go

Hi.

The NETBios requests you speak of are actually not all that much of a problem - this is good old Microsoft coming up with a blinder again. A NETbios thingy is basically the name of your computer in non-IP address terms - if you have a small home network you'd probably refer to your computers as "Living Room Machine" or Windows 98 Machine", instead of 192.168.*.*, and all this is is a request for who you are. Now this could be used maliciously, but in general it's just another Microsoft Networked machine having a chat. I would still be worried however, cos the best way to be safe from attack is not to be seen - hence blocking these NETBios requests is a good way of being invisible. A Cling-On cloak isthe order of the day.

I agree with the other posters in this thread - www.grc.com is excellent and where I learnt alot about internet security, and indeed possibly the best of all the firewall stuff Zonealarm.

Have fun.