From: Franklin on 1 Aug 2010 07:25 za kAT scribbled: >Peanuts, not monkey nuts. Sorry, hummingbird, but I doubt a right wing >lickspittle like you can add value processing monkey nuts, what with your >grubby little paws, and all. You're obsessed with hummingbird and other peoples' nuts, Stubbo. I know the problem, I am too!!! Oh! you still didn't answer my question: > Stubbo, > Do tell how you manage to pick up <8W electricity on ebay for peanuts. Do you want to admit that you can't write proper English? Franklin "slime is my name and slime is my game"
From: HTH on 1 Aug 2010 09:04 John Corliss: >Well, I just deleted the Kerio configuration file and started all over >again. Right away, some idiot's infected computer tried to crawl into >mine via port 445, but of course I created a new rule to block that kind >of nonsense. Port 445 is commonly hijacked by one or other malware because it's open when certain popular MS apps are running. Some other popular ports used by malware are: 135, 137-139, 1080, 1434, 5000, 8000, 8888 etc. The *best and safest* solution is to add a rule in a NAT router to block all incoming packets on port 445 (and the others). That will stop all accesses *before* they get anywhere near your system. A secondary action is to close those local ports using a tool like: <http://seconfig.sytes.net/?sv=1.1> HTH
From: B℮ar Bottoms on 1 Aug 2010 10:33 On Sun, 01 Aug 2010 16:10:58 +0200, hummingbird wrote: [binned] hummingbird, I had to bin your last fraudulent quoting. It's really limp, and pitiful. Have to say it, zakAT has reduced you to reposting retard. Don't get all upset now. Come over 'ere and let me relieve your anal retention. -- B℮ar Bottoms Proud p0wner of Googleware
From: John Corliss on 1 Aug 2010 12:19 Shadow wrote: > On Sun, 01 Aug 2010 01:32:44 -0700, John Corliss<q34wsk20(a)yahoo.com> > wrote: > >> Well, I just deleted the Kerio configuration file and started all over >> again. Right away, some idiot's infected computer tried to crawl into >> mine via port 445, but of course I created a new rule to block that kind >> of nonsense. > Make you feel younger. Your first install must have been> 8 > years ago. Mine was. I previously used TPF and before that @guard... Atguard was the first freeware software firewall I ever heard about. They didn't call it a "firewall" though. > I use this freeware, helps close some doors: > http://www.xp-antispy.org/index.php/en/download?func=sellang&iso=en > Windows scans for port 445 on startup, if you have network > neighborhood active. I don't have NN active. I've even uninstalled Client for Microsoft Networks. The hit I got was long past startup. No doubt in my mind it was somebody's infected computer, probably the Sasser bug, but who knows. >> The MD5 table entry problems are all gone now. Guess I'll stick with >> Kerio 2.1.5 on this system. > You did backup, right ? Yes, I always do. But of course, I won't need the backup. I also took a couple of screen shots of my old rules list and combined them into one image, which I've been referring to all along as I retrain Kerio. > Check your reg settings here: > http://www.pcreview.co.uk/forums/thread-1968743.php I assume you mean: HKLM\SYSTEM\CurrentControlSet\Services\fwdrv\MaxBufferSize Naaah, I'm going to leave that one alone. > BTW you are on this thread :) > Probably why you remember reading it, but can't remember the > actual text, it's 6 years old. No, I remember my reply in that thread and what it was about. I tried using Donutbandit's "Deny all" rule and decided that I didn't like it. There was the reason I posted, and one I didn't. I didn't post the other reason because I didn't want to get in a long, drawn out discussion about it. Suffice it to say it was a personal preference. >> I still need a new computer though. Maybe I can sell blood. > Well, be nice to BB. He promised to send one. Though you might > be right, selling blood would be less disagreeable. > I'd send you one if I lived a bit closer. Have two sitting in > a corner gathering dust. Come and get them (Brazilian "Jungle") > []'s Oh well, if I get to the point where my computer simply won't work anymore, I can always sell my motorcycle ...not. Maybe one of my kidneys instead, complete with stones. -- John Corliss BS206. Because of all the Googlespam, I block all posts sent through Google Groups. I also block as many posts from anonymous remailers (for example, usenet4all.se, x-privat.org, dizum.com, tioat.net, frell.theremailer.net) as possible due to forgeries posted through them. No ad, CD, commercial, cripple, demo, nag, share, spy, time-limited, trial or web wares OR warez for me, please.
From: HTH on 1 Aug 2010 21:24
Bear Bottoms wrote: >or a software firewall that blocks unwanted access through those ports. Sure, a s/w firewall should also block such incoming packets if it's configured correctly and not shut down by malware ;-) I didn't mention it to Corliss but most NAT routers will stop ALL such attempted accesses *automatically* as Stubbo jumped up to say. Those that don't can easily be configured to do it. If a user has port-forwarding implemented, he will presumably want unsolicited packets to arrive, but only on Port:XXXX. I wanted to give Corliss a belt and braces solution for the kind of problem he described. Some folks like to look at their PFW logs and see long lists of accesses being blocked; it gives them a warm feeling. That's fine but a better use for a PFW is to control call-home packets from a program that is otherwise well behaved and valued by the user. A number of old programs fall into this category. HTH |