From: Franklin on
za kAT scribbled:

>Peanuts, not monkey nuts. Sorry, hummingbird, but I doubt a right wing
>lickspittle like you can add value processing monkey nuts, what with your
>grubby little paws, and all.


You're obsessed with hummingbird and other peoples' nuts, Stubbo.
I know the problem, I am too!!!

Oh! you still didn't answer my question:
> Stubbo,
> Do tell how you manage to pick up <8W electricity on ebay for peanuts.

Do you want to admit that you can't write proper English?


Franklin
"slime is my name and slime is my game"

From: HTH on
John Corliss:

>Well, I just deleted the Kerio configuration file and started all over
>again. Right away, some idiot's infected computer tried to crawl into
>mine via port 445, but of course I created a new rule to block that kind
>of nonsense.

Port 445 is commonly hijacked by one or other malware because it's open
when certain popular MS apps are running. Some other popular ports used
by malware are: 135, 137-139, 1080, 1434, 5000, 8000, 8888 etc.

The *best and safest* solution is to add a rule in a NAT router to block
all incoming packets on port 445 (and the others). That will stop all
accesses *before* they get anywhere near your system.

A secondary action is to close those local ports using a tool like:
<http://seconfig.sytes.net/?sv=1.1>


HTH

From: B℮ar Bottoms on
On Sun, 01 Aug 2010 16:10:58 +0200, hummingbird wrote:

[binned]

hummingbird, I had to bin your last fraudulent quoting. It's really limp,
and pitiful.

Have to say it, zakAT has reduced you to reposting retard.

Don't get all upset now. Come over 'ere and let me relieve your anal
retention.

--
B℮ar Bottoms
Proud p0wner of Googleware
From: John Corliss on
Shadow wrote:
> On Sun, 01 Aug 2010 01:32:44 -0700, John Corliss<q34wsk20(a)yahoo.com>
> wrote:
>
>> Well, I just deleted the Kerio configuration file and started all over
>> again. Right away, some idiot's infected computer tried to crawl into
>> mine via port 445, but of course I created a new rule to block that kind
>> of nonsense.
> Make you feel younger. Your first install must have been> 8
> years ago. Mine was. I previously used TPF and before that @guard...

Atguard was the first freeware software firewall I ever heard about.
They didn't call it a "firewall" though.

> I use this freeware, helps close some doors:
> http://www.xp-antispy.org/index.php/en/download?func=sellang&iso=en
> Windows scans for port 445 on startup, if you have network
> neighborhood active.

I don't have NN active. I've even uninstalled Client for Microsoft
Networks. The hit I got was long past startup. No doubt in my mind it
was somebody's infected computer, probably the Sasser bug, but who knows.

>> The MD5 table entry problems are all gone now. Guess I'll stick with
>> Kerio 2.1.5 on this system.
> You did backup, right ?

Yes, I always do. But of course, I won't need the backup. I also took a
couple of screen shots of my old rules list and combined them into one
image, which I've been referring to all along as I retrain Kerio.

> Check your reg settings here:
> http://www.pcreview.co.uk/forums/thread-1968743.php

I assume you mean:

HKLM\SYSTEM\CurrentControlSet\Services\fwdrv\MaxBufferSize

Naaah, I'm going to leave that one alone.

> BTW you are on this thread :)
> Probably why you remember reading it, but can't remember the
> actual text, it's 6 years old.

No, I remember my reply in that thread and what it was about. I tried
using Donutbandit's "Deny all" rule and decided that I didn't like it.
There was the reason I posted, and one I didn't. I didn't post the other
reason because I didn't want to get in a long, drawn out discussion
about it. Suffice it to say it was a personal preference.

>> I still need a new computer though. Maybe I can sell blood.
> Well, be nice to BB. He promised to send one. Though you might
> be right, selling blood would be less disagreeable.
> I'd send you one if I lived a bit closer. Have two sitting in
> a corner gathering dust. Come and get them (Brazilian "Jungle")
> []'s

Oh well, if I get to the point where my computer simply won't work
anymore, I can always sell my motorcycle ...not. Maybe one of my kidneys
instead, complete with stones.

--
John Corliss BS206. Because of all the Googlespam, I block all posts
sent through Google Groups. I also block as many posts from anonymous
remailers (for example, usenet4all.se, x-privat.org, dizum.com,
tioat.net, frell.theremailer.net) as possible due to forgeries posted
through them.

No ad, CD, commercial, cripple, demo, nag, share, spy, time-limited,
trial or web wares OR warez for me, please.
From: HTH on
Bear Bottoms wrote:
>or a software firewall that blocks unwanted access through those ports.

Sure, a s/w firewall should also block such incoming packets if it's
configured correctly and not shut down by malware ;-)

I didn't mention it to Corliss but most NAT routers will stop ALL such
attempted accesses *automatically* as Stubbo jumped up to say. Those that
don't can easily be configured to do it. If a user has port-forwarding
implemented, he will presumably want unsolicited packets to arrive, but
only on Port:XXXX.

I wanted to give Corliss a belt and braces solution for the kind of
problem he described. Some folks like to look at their PFW logs and see
long lists of accesses being blocked; it gives them a warm feeling.
That's fine but a better use for a PFW is to control call-home packets
from a program that is otherwise well behaved and valued by the user.
A number of old programs fall into this category.


HTH