[Date Prev][Date Next][Subject Prev][Subject Next][ Date Index][ Subject Index]

Re: firewalling

Subject: Re: firewalling
From: flash flash@xxxxxxxx
Date: Tue, 13 Dec 2005 13:49:00 +0100

≪I thought this was just the default list, not the active list? On my
NT5 system, this file is dated 2001. ≫ There is a default list, with
some
arbitrary date, and many standard apps. The list is up-dated by
installation routines. That's how the OS knows what port numbers to
enter into a TCP header when you hit the 'send' button in any particular
app.

≪what's to prevent any trojan from using an ordinarily kosher port, as
long as your app isn't using it?≫ Nothing. That's why we need firewalls
and anti-virus scanners and eternal vigilance.

Killing suspicious sessions stops the activity for the moment, but does
not, of course, prevent malicious code from trying again.

I am using NT5, not XP. netstat -a is only one among many ways to
monitor
suspicious activity. If you see up to a dozen or so sessions active or
listening, this is normal for Win NT5, even when you are not surfing or
transferring files [see attached screenshot]. If you see many dozens of
sessions even when you are not surfing or transferring files, this is
suspicious activity and may indicate that malicious code is trying to
replicate itself in the local LAN or contact an outside server to
(possibly) transmit keyboard scans or otherwise compromise your
security. I have no experience with XP.

Prev by Date: Re: Stopping USB drives from XY4
Next by Date: New Section for the Customization Guide
Previous by thread: Re: firewalling
Next by thread: Re: firewalling
Index(es):
- Date
- Subject