<add [Very long - contains data] to subj line - 'cuz... it really IS long!>

"Chris Priest" <chris@nospam.demon.co.uk> wrote in message
news:3F53B510.D6CFB4AE@nospam.demon.co.uk...

Nick M V Salmon wrote:

"Martin" <ml_news@ddnospamddml1dd.co.uk.dd> wrote

And I thought it might be quietening down by now...

I suppose it will eventually - you'd think ISPs would block the packets
somewhere if it's all coming from that damn worm. :-/

Demon do :) and so do some other ISPs I believe

http://www.demon.net/helpdesk/announce/2003/da2003-08-19a.shtml

though blocking pings can screw up certain software, like old versions
of the VPN software I use.

I still get probes on ports 135 and 445, and 17300 (Kuang2) has just
turned up.

Been watching this saga for weeks, and thought I'd weigh in with my set-up,
and what's been working for me, for quite a while now.

Just for the record: I'm NOT an I.T. professional, have never worked in an
exclusively I.T. capacity, nor do I profess myself an I.T. guru of any sort.
I started out in R & D / Product Development EE, and migrated to telcom
system engineering (Cellular) (Worst career move I've ever made - Don't
ask). I have done some 'lite' I.T stuff around the labs.

I'm going to toss out some ad hoc ideas that worked for me. Any I.T pros
that wish to comment or elaborate are welcome, just go a little easy on me
if I'm in error, since I'm simply recounting my personal experiences:

For those that are running single machines, internal servers, or gateways.
Have you considered tossing a simple, cheap router, directly off your modem,
as your first device encountered by the outside world, to act as a
'hardware' firewall???  I use a ~ 45 U$D Linksys BEFSR41 4 port router.
You can get a single port version for, maybe, 5 bucks cheaper. Using default
configuration parameters, it will act in complete 'stealth' mode, dropping
any packets to any port, which have not been solicited. In OTW, you're
attempting to have your ports remain 'invisible' to the outside world,
before even encountering your gateway or internal network.

Here's a link to a port test utility:  http://grc.com/default.htm

Scroll down & select 'ShieldsUp'. Scroll down this next page to the silver
bar near the middle, and select 'common ports' or 'all ports', depending on
your connection speed, and time available. Run the test, and you will get a
much embellished html version of something (ideally), like the following for
your results.

Here's a sample of my results:

<*begin test results*>

Your system has achieved a perfect "TruStealth" rating. Not a single
packet - solicited or otherwise - was received from your system as a result
of our security probing tests. Your system ignored and refused to reply to
repeated Pings (ICMP Echo Requests). From the standpoint of the passing
probes of any hacker, this machine does not exist on the Internet. Some
questionable personal security systems expose their users by attempting to
"counter-probe the prober", thus revealing themselves. But your system
wisely remained silent in every way. Very nice.


Port

Service

Status Security Implications

0
<nil>
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any
computer) exists at this IP address!

21
FTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any
computer) exists at this IP address!

23
Telnet
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any
computer) exists at this IP address!

25
SMTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any
computer) exists at this IP address!

<snip>

<*end test results*>

The above is a very abbreviated sample of the utility's test results of my
system (network).

With this set-up, I see no need to run any software based firewall,
whatsoever. IME, Zone Alarm, et al, slow down my browsing, and in addition,
once again, waste those precious cpu cycles. The only reason I would feel
a personal need for a soft firewall, would be to attempt to trace/monitor an
unknown probe. But your router has monitoring capabilities that can be
invoked, if this feature is desired. IMHO, a hardware firewall is the best
solution, at least for me. Also, IMO, a soft firewall, set to probe, defeats
the purpose of stealth operation. I'm sure some I.T. guys may disagree w/me,
but IMO, unless hosting, or providing a service to the outside world, there
should be no responses emanating from any ports exposed to the outside
world. There may be an occasional exception, but for my use, I see no reason
to 'port respond' to unsolicited requests, and have been running this way
for 2 years with complete internet access and full functionality. Silence is
Golden!!!

Even though the only exposed IP is the router, using DHCP, if
available from your telco provider, provides additional protection from the
hacker crowd, since you can cycle on and off, from time to time, and
change your only exposed IP. I have the high-speed 'business' grade DSL,
which typically comes with static IP addressing. But through a bit of effort
(and some time w/tech support - forget sales), managed to keep my
commercial DSL, AND have DHCP IP addressing. Once again, JMO, but
unless hosting, or needing to externally VPN, I can see no need for a home
user, such as myself, to have a static IP address. It's harder to hit a
moving target!

IMO, the NT based Windows 'Messenger' port 135 exposure has been a
known 'disaster waiting to happen' for years. At the very least, it's a
potential pop-up spammers 'paradise to be'. Either hack the registry (Don't
have my hack easily available, try Google), or in XP: Start / Control Panel
/ Administrative Tools / Computer Management  / Services and Applications /
Services / Messenger. Under 'start-up type', disable it. I'd suspect most NT
based OS's have a similar path.

While this is not to be confused with MSN messenger, kill that sucker too,
unless you really feel the need to use it. Either Google the registry hack,
or using windows explorer: C: / Program Files / Messenger, then rename it. I
simply keep the original name, and add '(Disabled)' when I change
it's name. Voila'. No more Bill Gates 'little pawn' icon on your task bar,
and one more spammers/kiddie scripters back door now closed.

Well, I warned this post was gonna be a huge chunk of B/W. Feel free to
agree or flame away if you know more I.T than me, but I  firmly believe in
the strengths of a fully stealth configured hardware firewall, hanging off
a DHCP enabled ISP connection, w/o any soft firewall to slow me down or
ping reply.

It works for me, but like I said, I'm no pro.

Now if I could only become invisible to the I.R.S. <g>

Regards,
--
Strat�

























































---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.515 / Virus Database: 313 - Release Date: 9/1/2003