Backdoor/SubSeven Trojan Horse

[Bird]

I think the more information I get (even though it's undoubtedly good information), the more confused I become. /forums/images/graemlins/confused.gif /forums/images/graemlins/grin.gif At any rate, I contacted my ISP (Comcast) and was told that they do not need the MAC number. So I just bought a U.S. Robotics Broadband Router and hooked it up this morning. I don't know what it's doing, but at least I'm not getting those "security alerts" from my Norton Personal Firewall anymore. /forums/images/graemlins/confused.gif And the computer still works. /forums/images/graemlins/ooo.gif

 

[JASTN70D]

Great

I am sure it will help until they come up with another way to get through. sometimes I think the people that make such devices and viruses protection are behind this. They seem to be the only ones making out on these threats to computer security. That may just be the paranoia in me though /forums/images/graemlins/crazy.gif

 

[ducati996]

For those who seem to feel a software firewall is unnecessary
is being reckless in their behavior...I say this respectfully
and not to incite a riot /forums/images/graemlins/smile.gif

The reason for the harware & software combo is to protect your machine.
The hardware protects random pinging and scanning, and the software blocks your ports from being accessed. Software blocks trojans incoming email & outgoing, web sites, etc...
None of these things handle it alone effectively, but in combination of them will you have an effective protection..

go to www.grc.com and find out for your self...do the tests with your hardware firewall and software firewall on...then do it with the software off...big difference..dont forget to use their "Probe your ports" option.
Your router has a feature called "block wan request" make sure its turned off...otherwise you send a ping back, and notify that party that you are there...

Its your PC in the end...hope this helps someone

Duc

 

[PineRidge]

Duc very interesting stuff at that site.

 

[JASTN70D]

I have some disagreements with your statements. Yes a Hardware software combination is best. So is 5 locks on your front door and a security guard. It just depends on how safe you want to feel. But hardware firewalls are much better at blocking ports than software. And turning off block Wan request will open you up for pings and scans. I use a firewall only and no ports show up scan able in fact there is no address to scan in the first place. And I have remote access, Web servers Mail servers and the like on my network. In other words public services that are hidden. In order for software to block it the packet must first get to your computer. I would rather have it stopped out side. Also Trojans are port attacks they must use an open port to get in. Now if it is sent by email a Trojan is an executable and should not get through updated antivirus software. Try this sight for a security check

http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym

 

[Bird]

Since I don't understand all this stuff, I ran Ducati's security check and it indicates I have two ports closed and the rest "stealth"; whatever that mean. And Symantec's security check shows everything good but ought to upgrade to the latest version in addition to the updates that are done regularly. /forums/images/graemlins/confused.gif

 

[kevincook]

Bird,

Did you update the firmware in your router? I'd bet if you go to the US Robotics website they have an update firmware available. This will patch any security holes or bugs they may have found since they shipped your router. It may also ''stealth'' those last two ports.

I showed one port as closed and the rest as stealth until I updated the firmware on my linksys router.

The good news is that the firmware doesn't get updated very often.....it's not like virus definitions. The router I have seems to have an updated firmware about once or twice per year.

Good Luck
Kevin

 

[ducati996]

JSDK55,

A typo on my part and you are correct..you can also see in the rest of the sentence on what i was trying to say...block the ping function..stay anonymous
Hardware firewalls have a limited capability of protection. If you value your network. protect all your ports, email servers, web servers, etc...
If your want to spoof your IP thats ok, if you feel your systems safe they way it is, thats ok....can you stop a keylogger? can you stop a trojan from turning a infected PC into a bot? prevent you email list from being sent out? hardware dosent handle all that...thats just the way it is...just pointing it out /forums/images/graemlins/confused.gif

Duc

 

[ducati996]

kevincook,

Kevin I say this respectfully of course, you have to realize the difference between what the router ( hardware NAT firewall does) does and does not do...
Those updates are for features with the router, like reporting logs, VPN options, and the like...its not for blocking ports specifically on PC's...
You lock down your ports with the regular updates from Microsoft updates, configure your PC not to share files & printers, netbios, etc...
You use software ( a good one !) to monitor your ports, to make sure nothing of value leaves your machine into the Internet...your Router( hardware Firewall) can not stop outgoing violations. Some higher end units can, but we are talking SOHO applications here correct?
You of course can stay the course you have chosen...but what harm does it do if you increase your protection?

If you want PM me and I can set you up with good software...

Also the best results from GRC is to be Stealth on all ports...see if you can achieve that....why not? what harm will it do?

Ducati996

 

[Bird]

</font><font color="blue" class="small">( Did you update the firmware in your router? )</font>

Kevin, I looked it up on their web site, but it says "This product does not require drivers or firmware." /forums/images/graemlins/confused.gif