»Protowall (Internet Security)«
|
|||
 I thought my system was pretty secure - 3 kinds of spyware protection, firewall, registry protection and the lot. Then I saw a write-up of bluetack.co.uk... and decided to check it out. It installs as a network service at driver level and monitors everything in and out of your PC. Like I said, I thought I was secure, here's some of the more sinister entries in my logs (these are all unauthorised OUTGOING packets (<-)); 2004/07/04 11:35:28 [<-] BLOCKED [!] - Destination is psi(Hash-Exploiter On KaZaA) fake files split 3 PGIPDB (38.118.154.200) [protocol: UDP / destport: 7012]
2004/07/04 11:53:47 [<-] BLOCKED [!] - Destination is Microsoft Corp trackers 2 PGIPDB (131.107.103.243) [protocol: TCP / destport: 80] 2004/07/04 12:25:49 [<-] BLOCKED [!] - Destination is Foundation of research+Technology Hellas + IBM Netherl+s N.V. PGIPDB (139.91.70.70) [protocol: UDP / destport: 9471] 2004/07/04 16:58:18 [<-] BLOCKED [!] - Destination is Globix Trial Range Corporation Globix Trial RangeBLK3A (NET-209-11-0-0-2) (209.11.42.194) [protocol: UDP / destport: 12643] 2004/07/04 17:54:03 [<-] BLOCKED [!] - Destination is Genesis Project (194.46.16.237) [protocol: UDP / destport: 9407] NB. The microsoft one fires off everytime I launch media player - and I have all Internet options for this and XP turned OFF. In addition there were hundreds of attempted connections from outside - which the firewall should catch. Though this software stops loads of stuff, it has not affected any of my normal Internet activities. posted by Marl64 |
|||
|
|||
| in-my-opinion.orgTechnology, Computers, Science, InternetComputers and InternetProtowall (Internet Security) |
|
|||
 1) What firewall do you use? I use Zonealarm 2) Incoming connections seem to be normal: All those everchanging IPs misguide other surfers to your IP. Just be sure that you don't have an open port 25 (spammers will use your computer as spam). Happened to me. The FBI called. posted by knn |
|||
|
|||
|
|||
|
knn: 1) What firewall do you use? I use Zonealarm Sadly Zonealarm and many other similar systems cause conflicts with other software I use, I need a passive solution. So I have to use a combination of systems, the Cable modem has some limited funtionality in this area, which I back up with the built in XP firewall - with almost all ports closed. The problem of course with the XP firewall is that Microsoft can open ports on it as they require - nice feature. 
And of course it only blocks messages coming in. Windows is not supposed to send usage information if you have that facility disabled, but protowall clearly shows this is not the case. I just have to figure out what else in my system is "phoning home" on a regular basis. And as to the Kazaa Exploit listed, I don't even have Kazaa installed. 
posted by Marl64 |
|||
|
|||
|
|||
 as far as i can tell you don't have much to worry about most of them are for when you have software installed that gives the message "checking for updates" this is what the majority of outgoing packages are especially for microsoft as for the globix one...this is a p2p and streaming video software product and the genesis project...well look it up...you get some weird results posted by the anomaly |
|||
|
|||
|
|||
|
Now I haven't installed any more software and here's a few new ones - most of which happened while I was out of the house - so not in response to running software; 2004/07/04 22:42:33 [<-] BLOCKED [!] - Destination is Arcor AG+Co PGIPDB (145.254.209.83) [protocol: UDP / destport: 12035]
2004/07/05 03:54:29 [<-] BLOCKED [!] - Destination is Warner Music Group PGIPDB (209.203.76.151) [protocol: UDP / destport: 19082] 2004/07/05 05:33:29 [<-] BLOCKED [!] - Destination is ETRI PGIPDB (129.254.75.49) [protocol: UDP / destport: 9177] 2004/07/05 14:12:56 [<-] BLOCKED [!] - Destination is Symantec PGIPDB (67.98.223.98) [protocol: UDP / destport: 3484] 2004/07/05 14:30:34 [<-] BLOCKED [!] - Destination is bsa.si (correction) PGIPDB (212.18.38.58) [protocol: UDP / destport: 33562] 2004/07/05 16:02:26 [<-] BLOCKED [!] - Destination is I.NET S.p.A Via Caldera, 21/C I-20153 Milano Italy PGIPDB (212.239.3.78) [protocol: UDP / destport: 7547] 2004/07/05 16:23:59 [<-] BLOCKED [!] - Destination is infogrames PGIPDB (65.223.176.4) [protocol: UDP / destport: 8456] 2004/07/05 16:26:15 [<-] BLOCKED [!] - Destination is SONY corp PGIPDB (219.106.248.98) [protocol: UDP / destport: 3353] 2004/07/05 16:34:29 [<-] BLOCKED [!] - Destination is Hewlett-Packard Labs PGIPDB (192.6.19.120) [protocol: UDP / destport: 11071] 2004/07/05 17:23:04 [<-] BLOCKED [!] - Destination is Research Council of Turkey + wwwcache.ulak.net.tr PGIPDB (193.140.75.37) [protocol: UDP / destport: 7258] Sony and Warner eh?
I have all the "update checking" options disabled and don't allow applications to install "run" services in my registry. And still they phone home. Sneaky Bastards 
posted by Marl64 |
|||
|
|||
|
|||
|
well that's what you get for being a pirate ooaarrr posted by the anomaly |
|||
|
|||
|
|||
|
Port scans are done all the time in the internet. Actually it's scary. Others are trying to see if your PC uses a certain port and then either the hack in or abuse your PC. posted by knn |
|||
|
|||
|
|||
|
Pirates are cool  posted by wickedweasel |
|||
|
|||
 Register Log in |
The time now is 7 January 2009, 23:05 php B.B. |