My Firweall is taking a BATTERING

[Zak33]

Me and Jiff were talking earlier and he reckons its likely to be the NTL Cable network full of PC's with viruses....

BUT...today, this am.....2 minutes ago...MY PC tried to access the web with Messenger.....something which I have DISABLED in Options to not run at startup. Its only still there cos Microsloth insists on it for Email to work

Now, I realise that most of you Hardware/Software Gurus HATE Zonealarm.....but so far I have managed to keep on the right side of it.

It is showing about one ping style attack every 15 seconds!

And Messemger attempted yo connect 20 times in rapid succession

Wassup ? Am I virused?

This is what is having a go:

Most are ICMP (ping request?) type 8 subtype 0
Some are UDP (netbios request?) banging at my 137 port ! ooh err missus
Messenger is trying to get out of my PC via Port :1900 from my IP address....and also from an IP address I dont recognise as mine...cos its got a different final number !

I guess its time to put bloody Norton back on...I tried Housecall yesterday......no viruese found, but as its free online, I guess its not exactly up to date....or is it?

Go one.....shout at me...you know you want to !

[joshwa]

sounds like wechia or blast on the network you're on. welchia pings a lot, and they both try and attack port 137.

as long as the firewall is picking it up and blocking it you should be okay. just make sure your a/v software is up to date and windows is up to date too

[megah0]

i too installed zone alarm at work and home after the blaster and sobig viruses, so far the uni have not dealt with either very well, in the first 2 days post install i had 760 odd blocked intrusions.

[Moby-Dick]

housecall is reasonably up to date Zak :-)

dont forget to do your windows updates as well - it helps prevent the spread of the non email based worms. ( such as blaster )

[Howard]

I'm getting EXACTLY the same thing happening here with ZoneAlarm pro!

I had all sorts of wierd connections in netstat before I got ZoneAlarm. Now it's blocking connections like every 10 seconds. Since I installed it, I've had 43,435 intrusions.

[Paul Adams]

I'd be one of the "hardware/software gurus" that don't hate Zone Alarm, then
(Never had a problem with it on the 50+ installations I've done.)


MSN Messenger can be disabled - it manages to get itself to launch without a standard registry entry or shortcut in Startup - check here to turn it off:
http://www.winguides.com/registry/display.php/981/

I don't know why it should be required for email to work though?
I've used a similar manual fix to disable MSN Messenger when I first got Windows XP, but I actually use the IM client now so I don't disable it any more


As for your firewall logging stuff it's blocking, that's good

If you think your firewall logs are interesting, the firewall logs here at work are showing stacks of ICMP, NetBIOS name/WIN Manager/Microsoft DS probes - plus the odd SQL and SMTP probe thrown in for good measure

In one 60-second period a few minutes ago I can see 85 entries.


Remember that a firewall is not the be-all and end-all of security - you should always have AV and keep it up to date, plus run Windows Update periodically to keep your OS patched.

[Paul Adams]

For those interested, the original BLASTER worm has since had a handful of copycat variants released, but by less smart people... two suspects have been collared:

http://www.theregister.co.uk/content/56/32568.html

http://www.theregister.co.uk/content/56/32649.html


I have no idea why this worm didn't get as much press coverage as Code Red or Nimda, as it targets thousands of client PCs as opposed to hundreds of servers...

[Nick]

I get scanned all the time bud. Just set the notification to 'No' then get on with life. If it don't stop an attack it won't know about it anyway, right now its just telling you what a good job it's doing.

Not trying to do a thread hijack, but how do I stop MS Messenger loading everytime I start Outlook? It's only annoying cos even though I'm signed out, if I load Outlook and then go and play a game or something afterwards I get a pop up in the game from Messenger if someone messages me. Is a right pain if I'm hosting the game as Alt-Tabbing out to kill messenger freezes the game for everyone.

[Jiff Lemon]

Thread wrecker

There's a tab within outlook's options to disable instant messaging integration.

[Paul Adams]

Deckard - I'm not certain about that, but is it as straightforward as going to Tools / Options / Other and unchecking the "Enable Instant Messaging" tickbox?

If that's already disabled and you don't use MSN Messenger, then maybe try disabling it from the instructions on the web site I linked earlier?

If you do use MSN Messenger occasionally, then I can only suggest killing the process before you start any games.

[joshwa]

I use smoothwall, so whilst I may get all this traffic blocked, I don't have pop-ups all the time telling me and on my PC with Zonealarm it just sits happily protected by the smoothwall pc - yay!

[Paul Adams]

I use a NAT router so have the same issue as Josh - the only popups I see are when programs try to talk OUT from my PC

[Zak33]

YOU LOT ROCK:

A: am glad Housecall is quite upto date, cos I use it every so thanks Moby

B: I update Windows every week too....thanks Josh for confirming the port number

C: Howard and Mgoh are clearly seeing it like I do......a personal afront cheers guys for the confirmation

D: Paul....you da MAN...an IT bloke who uses Zone Alarm

E:Jiff....what a dude you are. IT response to the numpty at this end..TWICE...once by urgent Text Scare (me cacking my pants)

F: Deckard.....I dont have Mesenger account....so it isnt on...but it is IMPOSSIBLE to unistall it......XP tells me its essential for Outlook Express, but Inever leave email open in games....in case you send me 44 meg of dirty pictures while Im hosting

And its COS I dont have Messenger that Jiff was unable tohelp immediately anyway.

Pheww.....its like the OScars.....thanking everyone

Im gonna cry a little now

Cheers guys