gmac Posted June 16, 2003 Report Share Posted June 16, 2003 "ZoneAlarm blocked what was most likely a port scan by a remote computer trying to find out if you are using Windows 2000. By default, Windows 2000 assigns port 445 to them SMB (Server Message Block) protocol which is used to share files, printers, and other services. ZoneAlarm prevented the computer at 218.102.196.62 from being able to see or access your files or printers, or to know what your computer name is." I recently installed a firewall on my computer, at least in he windows half of it. I never fully appreciated how often my computer was scanned, during the course of one e-mail send there were 29 attempts. The message above occurs several times. Maybe it means someone will offer me windows 2000 for free. Actually I thought that was now superceded by XP. Its taking me a while to get the hang of Mandrake but the more I see things like that the more the effort seems worthwhile. "ZoneAlarm prevented a remote computer from connecting to port 139 on your computer. This connection attempt was probably legitimate network traffic. Port 139 is commonly used by networked Windows computers to enable file sharing and other resource sharing." The most recent of 5 such attempts while I have been typing this. My computer is not networked by the way. I could start believing in conspiracy theories. On second thoughts seeing the above its not a theory is it? How secure is mandrakesoft? I would buy from them but I am incredibly loathe to put credit card details on the internet, even more so now. I can't believe how often it happens. two more now. Quote Link to comment Share on other sites More sharing options...
Guest anon Posted June 16, 2003 Report Share Posted June 16, 2003 You might want to take into account your ISP, my ISP Telewest broadand, scans or checks for activity on my computer every 30 seconds or so. Quote Link to comment Share on other sites More sharing options...
tyme Posted June 16, 2003 Report Share Posted June 16, 2003 the IP you posted appears to belong to and address block owned by a company in Hong Kong. information reported by the APNIC whois database: inetnum: 218.102.0.0 - 218.103.255.255netname: NETVIGATOR descr: PCCW Limited descr: PO Box 9896 GPO Hong Kong country: HK admin-c: NA45-AP tech-c: NA45-AP mnt-by: APNIC-HM mnt-lower: MAINT-HK-IMS-CS remarks: replacement of old objects changed: hm-change@apnic.net 20020912 status: ALLOCATED PORTABLE source: APNIC role: NETVIGATOR ADMINISTRATORS address: PO Box 9896 GPO address: Hong Kong e-mail: pmaster@netvigator.com admin-c: DK129-AP admin-c: WC109-AP admin-c: JW276-AP tech-c: DK129-AP tech-c: WC109-AP tech-c: JW276-AP nic-hdl: NA45-AP mnt-by: MAINT-HK-IMS changed: wilson.cheung@pccw.com 20020815 source: APNIC Quote Link to comment Share on other sites More sharing options...
gmac Posted June 16, 2003 Author Report Share Posted June 16, 2003 Anon. I use telewest as well. I know they do that but I didn't realise it was quite so often. This could explain why I have been cut off without warning recently, I shall investigate. I am currently being bombarded by some very strange e-mails and my virus checker has stopped a couple of viruses as well, hence the interest in the firewall. I need to get to grips with Mandrake. Ideally I would prefer to sit and work through a manual step by step till I am familiar with it. I lack the patience to spend hours experimenting and trawling through the computer based manuals. Any suggestion as to what would be a good one to buy? Most of the ones I have seen seem to be little help with Mandrake. I am not knowledeable enough to be able to extrapolate from the general to the specific, if you get my drift. My issues are pretty basic like how do I get the cd and cd burner burner working. I can get the floppy disc but not the cd and haven't yet worked out if it is me or the hardware at fault i.e I just am not mounting it correctly or I have a cd that in incompatable with mandrake. Tyme. I'm impressed. I wouldn't have the foggiest idea how to track that down. Pccw looks familiar in that I have seen it appear a couple of times. I am being bombarded with adverts for yoghurt and web sites that are related in nature. I assumed most of them were american in origin. I wonder what kind of respense they get. Quote Link to comment Share on other sites More sharing options...
Guest anon Posted June 16, 2003 Report Share Posted June 16, 2003 How secure is mandrakesoft? I would buy from them but I am incredibly loathe to put credit card details on the internet, even more so now. I can't believe how often it happens. two more now. This is not a real in depth scan, its a basic scan from the gibsons "shieldsup" site, but might give you a clue to Mandrakes security on a standard install, with security set to medium. No additional firewall apps installed. Port Service Status Security Implications 21 FTP Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 23 Telnet Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 25 SMTP Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 79 Finger Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 80 HTTP Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 110 POP3 Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 113 IDENT Closed Your computer has responded that this port exists but is currently closed to connections. 135 RPC Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 139 Net BIOS Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 143 IMAP Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 443 HTTPS Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 445 MSFT DS Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 5000 UPnP Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address![/quote] Quote Link to comment Share on other sites More sharing options...
mtweidmann Posted June 16, 2003 Report Share Posted June 16, 2003 Mandrake/Linux is as secure as you want it to be. If you run it at the minimum security level with no firewall then thats your fault. Mandrake has security controls, which by default do quite a good job. It also comes with a tool for setting up a basic firewall. If your worried about being hacked use the supplied tools. Quote Link to comment Share on other sites More sharing options...
mystified Posted June 16, 2003 Report Share Posted June 16, 2003 There are quite a few internet sites where you can type in an ip address and trace it back. Just do a search for IP Lookup. Whois is a good one. When I first installed ZoneAlarm in Windows I was shocked too. My ISP does ping me regularly but zonealarm blocked them and I've never had a problem caused by that. The one's that really bother me are the messages that such and such program is trying to access the internet and do I want to allow them or not. Nine times out of ten it's a M$ program. I don't use IE, I use Opera, and I don't allow any M$ programs to access the net. I'm really stubborn that way! Quote Link to comment Share on other sites More sharing options...
Michel Posted June 17, 2003 Report Share Posted June 17, 2003 If you like too. you can make another group for acces to an encrypted filesystem and add the group to you and if you want encrypt it with pgp..... installing the firewall also helps, but normally if the acces right off the file only allows you to read the file, it should be safe already...chmod 700 <pathToFile> Quote Link to comment Share on other sites More sharing options...
static Posted June 17, 2003 Report Share Posted June 17, 2003 Well, yeah, but root kits get you in as root, meaning the file's perms do no good. There is no substitute for a good firewall. My personal favorite is Guarddog because it's relatively easy and very effective. (mods - shouldn't this be in security?) Quote Link to comment Share on other sites More sharing options...
Guest anon Posted June 17, 2003 Report Share Posted June 17, 2003 (mods - shouldn't this be in security?) Yep, your right, Thanks :wink: Quote Link to comment Share on other sites More sharing options...
Read_Icculus Posted June 18, 2003 Report Share Posted June 18, 2003 This is not a real in depth scan, its a basic scan from the gibsons "shieldsup" site, but might give you a clue to Mandrakes security on a standard install, with security set to medium. No additional firewall apps installed. That's weird I've tried the same scan before on a fresh install on "msec level 3" and my ports were reported as "closed". I guess it probably has to do with the fact that I installed iptables, (just so I could set up the firewall later), but didn't specify any rules yet so everything was on "ACCEPT" gmac - BTW alot of the scans that you are getting aren't malicious. I drop lots of packets from sites I'm browsing or using various programs. I drop stuff from this site and places like justlinux.com or slashdot all the time. My firewall rulesets are tight and various extraneous packets just get dropped for one reason or another. The same thing happens when I'm using windows. Also if you have a dynamic IP addy you sometimes will get traffic your way that was meant for the person who previously had that addy. I've seen things like packets meant for Kazaa, Yahoo Messenger, and Gnutella flooding in and dropped when I dial in and get someones old IP. Of course I imagine that there's just as many scans that are malicious smacking up against your firewall. If you're still using Windows I'd recommend checking out Oupost Firewall instead of ZoneAlarm as it's very customizable and you can set up each and every application according to what ports, hosts, and directions are allowed for all internet traffic. Quote Link to comment Share on other sites More sharing options...
gmac Posted June 18, 2003 Author Report Share Posted June 18, 2003 "If you're still using Windows I'd recommend checking out Oupost Firewall instead of ZoneAlarm as it's very customizable and you can set up each and every application according to what ports, hosts, and directions are allowed for all internet traffic." Sadly I'm stuck with windows in the short term until a) I get a comparable printer b) get my head round linux properly. c) learn how to use wine etc. Right now I,m trying to get my cd working. Do you remember what it was like having basic problems like that? I am that rare commodity a genuine newbie, not only to linux but to computing generally. At the moment I'm not even sure I know what the firewall is doing. It was a free download and firewalls are just one area I am going to have to master. :( Thanks for the tip but I need to get familiar with this one before I spread my wings. Quote Link to comment Share on other sites More sharing options...
static Posted June 18, 2003 Report Share Posted June 18, 2003 Newbie to computing generally? Excellent - it'll be easier to learn linux without the baggage of windows - you would have had to "unlearn what you had learned". What will you need wine for? Just curious. Look in Tips and tricks for software equivalents, you may be surprised to find how many linux-native apps do what you thought you needed a windows app for. Back to the topic at hand: For windows I like Norton Internet Security. It's done a smash up job of finding/blocking trojans, allowing me to customize it pretty well, and so on. Good ol' kazaa :) Speaking of which - is gIFT down and out? It was the only linux app for the fasttrack network (kazaa) that I knew about... Gnutella doesn't find as many files. Quote Link to comment Share on other sites More sharing options...
gmac Posted June 19, 2003 Author Report Share Posted June 19, 2003 What will you need wine for? I work from home and will be doing more so inthe future. I have to use some packages that are made for windows only, hence either dual boot which i have or find some method of accessing them. More and more stuff in internet based so this may be less of an issue in future. I also have to contend with web sites that only support internet explorer. I'm sure I can work round this but not yet. I will also be keeping confidential information that I need to protect. I don't at the moment but thats why I'm footering about with firewalls. Basically I've gone over the last four years from no computer to the point where I need to control a full blown data management system, use the internet to download and pass on information. The security aspect is a legal requirement that i need to meet.. I can either 1) pay someone else to do it. Frankly I am underwhelmed by a lot of "computer consultants". The number that haven't heard of linux is surprising. You might not use it but surely you keep up to date with your own industry. 2) master windows. xp etc 3) spend time learning linux. I'm doing 3. sometimes I wish i hadn't started. but compared to windows linux is breathtaking. I like to know whats going on otherwise its a bit like buying a car and not asking about the engine. Actually I now know some computer consultants that work with linux and pursue 1 but thats no fun. Quote Link to comment Share on other sites More sharing options...
toxaq Posted July 14, 2003 Report Share Posted July 14, 2003 Thanks for the guarddog link static... I´m now stealth to grc now which is always nice to know... has anyone got real time firewall alerts aka zonealarm? Hold that thought I better go search... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.