zone alarm question

[taff]

I just installed the zone alarm, and get constant warnings about Netbios
interception and pinging...can someone tell me what these attacks(?) are
about?
What was going on before I got the firewall?
Was I safe to do my banking (paying bills) on the net?
Thanks to (most) all replies

There are hundreds of robots out there pinging away at random IP's
plus genuine hack attempts. Most of these are nothing to worry about
and you can turn off reporting for these events.
Set your reporting level so that only genuine threats are reported.

Taff...........



www.sounds-pa.com | www.thecomputerworkshop.com

 

[70's]

I just installed the zone alarm, and get constant warnings about Netbios
interception and pinging...can someone tell me what these attacks(?) are
about?
What was going on before I got the firewall?
Was I safe to do my banking (paying bills) on the net?
Thanks to (most) all replies

 

[FromTheRafters]

I just installed the zone alarm, and get constant warnings about Netbios
interception and pinging...can someone tell me what these attacks(?) are
about?

Mostly they are about the firewall telling you what a good
job it is doing on your behalf. Internet background noise
hitting a particular port will be interpreted by the firewall
as an *ATTACK* by some hacktool known to use that
port.

What was going on before I got the firewall?

Ignorance was bliss.....

Was I safe to do my banking (paying bills) on the net?

....is anybody!?

That depends on the way your machine was set up.

....and since you had to ask ~ the answer is probably no.

This doesn't mean that you have definitely been compromised,
only that you may well have been vulnerable to some sorts of
attack.

Thanks to (most) all replies

:O)

 

[William Morris]

We recently had one of our clients install ZoneAlarm on the four pc's in his
office. We got a call from him three days later, saying, "Before you
installed that software, nothing ever happened! Now we're getting hit all
the time! I can't believe I let you install this stuff...it's just made us
a target."

True.

OP, pinging's not bad until it happens to you several times a second from
one or a set of IPs. Most of the time you can just set a rule and forget
it.

 

[me]

I just installed the zone alarm, and get constant warnings about Netbios
interception and pinging...can someone tell me what these attacks(?) are
about?
What was going on before I got the firewall?
Was I safe to do my banking (paying bills) on the net?
Thanks to (most) all replies

ZA is doing its job.

Restore ZA Control Center, uncheck "Show the alert popup
window."
For the rest, see the other replies.

J

 

[Jan Il]

Hi 70's,

I just installed the zone alarm, and get constant warnings about Netbios
interception and pinging...can someone tell me what these attacks(?) are
about?
What was going on before I got the firewall?
Was I safe to do my banking (paying bills) on the net?
Thanks to (most) all replies

Just a comment on your mention of banking on the net.

This is a personal observation of a co-worker's experience with on line
banking. Several months ago my co-worker decided to pay her phone and
electric bills via the net during her lunch break, which she had done often
for over a year. But, on this day, what she got instead of access to her
account was a virus which was going around at the time and affected certain
banks or sites (can't really recall now which). She had not heard about the
warning regarding this threat. The outcome was that her account was
jeopardized, and she had to go through a ton of mess to get it straightened
out, had to pay late fees on her bills, and our IT dept. head cancelled her
Internet privileges, *after* they went through 2 days of 5 cleanup attempts
before finding one that worked. Perhaps you will be lucky and this will
never happen to you. But, I never have, and never will, do any personal
business on the Internet. Just too much going on out there. And that is
where I prefer to keep it. Out there. <g>

Jan

 

[Duane Arnold]

Hi 70's,



Just a comment on your mention of banking on the net.

This is a personal observation of a co-worker's experience with on
line banking. Several months ago my co-worker decided to pay her
phone and electric bills via the net during her lunch break, which she
had done often for over a year. But, on this day, what she got instead
of access to her account was a virus which was going around at the
time and affected certain banks or sites (can't really recall now
which). She had not heard about the warning regarding this threat.
The outcome was that her account was jeopardized, and she had to go
through a ton of mess to get it straightened out, had to pay late fees
on her bills, and our IT dept. head cancelled her Internet privileges,
*after* they went through 2 days of 5 cleanup attempts before finding
one that worked. Perhaps you will be lucky and this will never happen
to you. But, I never have, and never will, do any personal business
on the Internet. Just too much going on out there. And that is where I
prefer to keep it. Out there. <g>

Jan

I have done online banking over the net for a couple of years now and
have had no problems. You don't do things such as banking on the job's
network with the job's LAN having possibilities of being compromised by
the very nature of how MS networking works with naive and ignorant co-
works that may have done something that could lead to the machine they
are using to be compromised that leads to the network being compromised
by malware compromising machines.

You do things such as on-line banking from a secure situation such as
one's home. But we know about the ignorance of the home user in the home
environment as well when it comes to the Internet. <g>

Duane

 

[Jan Il]

Hi Duane!

I have done online banking over the net for a couple of years now and
have had no problems. You don't do things such as banking on the job's
network with the job's LAN having possibilities of being compromised by
the very nature of how MS networking works with naive and ignorant co-
works that may have done something that could lead to the machine they
are using to be compromised that leads to the network being compromised
by malware compromising machines.

You do things such as on-line banking from a secure situation such as
one's home. But we know about the ignorance of the home user in the home
environment as well when it comes to the Internet. <g>

Yeah...but, to me...putting on-line banking and secure in the same sentence
sorta tends to be a bit of a contradition. <bg>

Jan

 

[kurt wismer]

Jan Il wrote:
[snip]

Yeah...but, to me...putting on-line banking and secure in the same sentence
sorta tends to be a bit of a contradition. <bg>

there are 3 main things that could be insecure... the communications
link or the two endpoints in the transaction... the communications link
ought to be encrypted, ergo secure from snooping/tampering... the
bank's systems should be secure (otherwise why are you dealing with
that bank?)... that just leaves the system at the users end... yes, if
you're uncertain about the security of your own system you should
probably think twice about banking online...

 

[Jan Il]

Hi Kurt,

Jan Il wrote:
[snip]

Yeah...but, to me...putting on-line banking and secure in the same sentence
sorta tends to be a bit of a contradition. <bg>

there are 3 main things that could be insecure... the communications
link or the two endpoints in the transaction... the communications link
ought to be encrypted, ergo secure from snooping/tampering... the
bank's systems should be secure (otherwise why are you dealing with
that bank?)... that just leaves the system at the users end... yes, if
you're uncertain about the security of your own system you should
probably think twice about banking online...

I do agree with you, and Duane. And there really should be no reason one
should not be able to utilize the function as a convenience. But, merely as
a question, it has been stated both here and in other newsgroups and forums,
that there are times when a virus or other type of invader may be able to
infect your computer because the proper updates for anti-virus or other
types of scanning programs have not yet been provided. Thus, at this
particular time, even though a user may have all types of good protection,
and they are updated as of the last one available, could they not still be
infected during this period between the time the virus/other hits the ground
and the time a kill can be made available? While common sense after Swen
would tell most people not to click on any attachment until it could be
checked for virus or other, how would one protect against something that
could be loaded to or infect their machine without notice by any AV or other
because it would not yet recognize it as a foe. Is it possible then to
really be certain of the security of your own system 100% of the time? It
is for this reason that I prefer not to take the chance of doing any
personal business on the net. Now remember....this is merely a question.
<vbg>

Thank you for your time and information, I really appreciate it.

Jan

 

[kurt wismer]

Hi Kurt,




I do agree with you, and Duane. And there really should be no reason one
should not be able to utilize the function as a convenience. But, merely as
a question, it has been stated both here and in other newsgroups and forums,
that there are times when a virus or other type of invader may be able to
infect your computer because the proper updates for anti-virus or other
types of scanning programs have not yet been provided. Thus, at this
particular time, even though a user may have all types of good protection,
and they are updated as of the last one available, could they not still be
infected during this period between the time the virus/other hits the ground
and the time a kill can be made available?

is it possible? certainly... and the more one relies soley on
anti-virus software for protection the more probable it will be...

an anti-virus product is more like a safety harness, it shouldn't be
your primary defensive measure but rather a backup in case you falter
in your practice of safe hex & system hardening...

While common sense after Swen
would tell most people not to click on any attachment until it could be
checked for virus or other, how would one protect against something that
could be loaded to or infect their machine without notice by any AV or other
because it would not yet recognize it as a foe.

uncommon sense would be not to accept unrequested attachments,
period... or at the very least, not without double checking with the
claimed sender...

Is it possible then to
really be certain of the security of your own system 100% of the time?

100% certainty is generally not possible, however it is possible to
make the uncertainty vanishingly small...

It
is for this reason that I prefer not to take the chance of doing any
personal business on the net.

you lack confidence in your security measures... in which case the path
you've chosen is probably the right one for you (at this time)...

 

[Jan Il]

Hi Kurt,

is it possible? certainly... and the more one relies soley on
anti-virus software for protection the more probable it will be...

an anti-virus product is more like a safety harness, it shouldn't be
your primary defensive measure but rather a backup in case you falter
in your practice of safe hex & system hardening...


uncommon sense would be not to accept unrequested attachments,
period... or at the very least, not without double checking with the
claimed sender...


100% certainty is generally not possible, however it is possible to
make the uncertainty vanishingly small...


you lack confidence in your security measures... in which case the path
you've chosen is probably the right one for you (at this time)...

What you say makes sense, and I find no fault with it. Perhaps if I were
more confident in the quality of AV programs collectively, and the practices
of the Internet community, I would be less concerned about using the
Internet more freely. But, like any new mouse trap, the rats soon find a way
to steal the cheese no matter what. <g>

Thank you very much for your input and explanations. I really appreciate it.
It does present food for thought. I think I'll evaluate the new model of up
coming mouse traps a bit before taking the plunge to the pool of on-line
business (at this time)... ;-))

Regards,
Jan

 

[Duane Arnold]

Hi Kurt,



What you say makes sense, and I find no fault with it. Perhaps if I
were more confident in the quality of AV programs collectively, and
the practices of the Internet community, I would be less concerned
about using the Internet more freely. But, like any new mouse trap,
the rats soon find a way to steal the cheese no matter what. <g>

Thank you very much for your input and explanations. I really
appreciate it. It does present food for thought. I think I'll evaluate
the new model of up coming mouse traps a bit before taking the plunge
to the pool of on-line business (at this time)... ;-))

Regards,
Jan

The bottom line here is one doesn't just depend upon an AV or FW etc, etc.
to be the stop all end all solutions and leave it at that.

On the NT based O/S(s), there are a few means such as Auditing features
that allows one to see what's running on the machine.

There are third party applications that run on all the flavors of the MS
O/S(s) such as Active Ports (free), Process Explorer (free), PRCview (free)
or something like (SpyAgent - trial ware free with nice auditing features
for non NT based O/S(s), IMHO) to help one review what's running on the
computer.

One should monitor on a routine basis what's happening/running on the
machine along with checking inbound and outbound connections that are being
made to the computer.

Just because one has that little security blanket up doesn't mean one
doesn't look around for themselves from time to time.

Also Ethereal (free) can be ran from time to time as well.

Duane

 

[Jan Il]

Hi Kurt,

Jan Il wrote:

Hi Kurt,

[snip]
there are 3 main things that could be insecure... the
communications link or the two endpoints in the transaction... the
communications link ought to be encrypted, ergo secure from
snooping/tampering... the bank's systems should be secure
(otherwise why are you dealing with that bank?)... that just leaves
the system at the users end... yes, if you're uncertain about the
security of your own system you should probably think twice about
banking online...


I do agree with you, and Duane. And there really should be no
reason one should not be able to utilize the function as a
convenience. But, merely as
a question, it has been stated both here and in other newsgroups
and forums,
that there are times when a virus or other type of invader may be
able to
infect your computer because the proper updates for anti-virus or
other types of scanning programs have not yet been provided. Thus,
at this particular time, even though a user may have all types of
good protection,
and they are updated as of the last one available, could they not
still be
infected during this period between the time the virus/other hits
the ground
and the time a kill can be made available?

is it possible? certainly... and the more one relies soley on
anti-virus software for protection the more probable it will be...

an anti-virus product is more like a safety harness, it shouldn't be
your primary defensive measure but rather a backup in case you falter
in your practice of safe hex & system hardening...

While common sense after Swen
would tell most people not to click on any attachment until it
could be checked for virus or other, how would one protect against
something that could be loaded to or infect their machine without
notice by any AV or other
because it would not yet recognize it as a foe.

uncommon sense would be not to accept unrequested attachments,
period... or at the very least, not without double checking with the
claimed sender...

Is it possible then to
really be certain of the security of your own system 100% of the
time?

100% certainty is generally not possible, however it is possible to
make the uncertainty vanishingly small...

It
is for this reason that I prefer not to take the chance of doing
any personal business on the net.

you lack confidence in your security measures... in which case the
path you've chosen is probably the right one for you (at this
time)...

What you say makes sense, and I find no fault with it. Perhaps if I
were more confident in the quality of AV programs collectively, and
the practices of the Internet community, I would be less concerned
about using the Internet more freely. But, like any new mouse trap,
the rats soon find a way to steal the cheese no matter what. <g>

Thank you very much for your input and explanations. I really
appreciate it. It does present food for thought. I think I'll evaluate
the new model of up coming mouse traps a bit before taking the plunge
to the pool of on-line business (at this time)... ;-))

Regards,
Jan

--
"hungry people don't stay hungry for long
they get hope from fire and smoke as the weak grow strong
hungry people don't stay hungry for long
they get hope from fire and smoke as they reach for the dawn"

The bottom line here is one doesn't just depend upon an AV or FW etc, etc.
to be the stop all end all solutions and leave it at that.

On the NT based O/S(s), there are a few means such as Auditing features
that allows one to see what's running on the machine.

There are third party applications that run on all the flavors of the MS
O/S(s) such as Active Ports (free), Process Explorer (free), PRCview (free)
or something like (SpyAgent - trial ware free with nice auditing features
for non NT based O/S(s), IMHO) to help one review what's running on the
computer.

One should monitor on a routine basis what's happening/running on the
machine along with checking inbound and outbound connections that are being
made to the computer.

Just because one has that little security blanket up doesn't mean one
doesn't look around for themselves from time to time.

Also Ethereal (free) can be ran from time to time as well.

Thank you very much for the additional information on the programs. I will
look into them and see which one might work best for me. I really appreciate
your time and help.

Jan

 

[Duane Arnold]

Hi Kurt,

Jan Il wrote:

Hi Kurt,

[snip]
there are 3 main things that could be insecure... the
communications link or the two endpoints in the transaction...
the communications link ought to be encrypted, ergo secure from
snooping/tampering... the bank's systems should be secure
(otherwise why are you dealing with that bank?)... that just
leaves the system at the users end... yes, if you're uncertain
about the security of your own system you should probably think
twice about banking online...


I do agree with you, and Duane. And there really should be no
reason one should not be able to utilize the function as a
convenience. But, merely
as
a question, it has been stated both here and in other newsgroups
and
forums,
that there are times when a virus or other type of invader may
be able
to
infect your computer because the proper updates for anti-virus
or other types of scanning programs have not yet been provided.
Thus, at this particular time, even though a user may have all
types of good
protection,
and they are updated as of the last one available, could they
not still
be
infected during this period between the time the virus/other
hits the
ground
and the time a kill can be made available?

is it possible? certainly... and the more one relies soley on
anti-virus software for protection the more probable it will be...

an anti-virus product is more like a safety harness, it shouldn't
be your primary defensive measure but rather a backup in case you
falter in your practice of safe hex & system hardening...

While common sense after Swen
would tell most people not to click on any attachment until it
could be checked for virus or other, how would one protect
against something that could be loaded to or infect their
machine without notice by any AV or
other
because it would not yet recognize it as a foe.

uncommon sense would be not to accept unrequested attachments,
period... or at the very least, not without double checking with
the claimed sender...

Is it possible then to
really be certain of the security of your own system 100% of the
time?

100% certainty is generally not possible, however it is possible
to make the uncertainty vanishingly small...

It
is for this reason that I prefer not to take the chance of doing
any personal business on the net.

you lack confidence in your security measures... in which case the
path you've chosen is probably the right one for you (at this
time)...

What you say makes sense, and I find no fault with it. Perhaps if I
were more confident in the quality of AV programs collectively, and
the practices of the Internet community, I would be less concerned
about using the Internet more freely. But, like any new mouse trap,
the rats soon find a way to steal the cheese no matter what. <g>

Thank you very much for your input and explanations. I really
appreciate it. It does present food for thought. I think I'll
evaluate the new model of up coming mouse traps a bit before taking
the plunge to the pool of on-line business (at this time)... ;-))

Regards,
Jan
--
"hungry people don't stay hungry for long
they get hope from fire and smoke as the weak grow strong
hungry people don't stay hungry for long
they get hope from fire and smoke as they reach for the dawn"

The bottom line here is one doesn't just depend upon an AV or FW etc,
etc. to be the stop all end all solutions and leave it at that.

On the NT based O/S(s), there are a few means such as Auditing
features that allows one to see what's running on the machine.

There are third party applications that run on all the flavors of the
MS O/S(s) such as Active Ports (free), Process Explorer (free),
PRCview (free)
or something like (SpyAgent - trial ware free with nice auditing
features for non NT based O/S(s), IMHO) to help one review what's
running on the computer.

One should monitor on a routine basis what's happening/running on the
machine along with checking inbound and outbound connections that are being
made to the computer.

Just because one has that little security blanket up doesn't mean one
doesn't look around for themselves from time to time.

Also Ethereal (free) can be ran from time to time as well.

Thank you very much for the additional information on the programs. I
will look into them and see which one might work best for me. I really
appreciate your time and help.

Jan

If you get this twice -- sorry.

You can put a Short-cut for Active Ports in the Startup folder. By doing
that, Active Ports will start and display the inbound and outbound
connections on its screen to you and you can clearly see what's
happening. Malware that could be on the machine can startup and make
connections before an application such as a host based FW that has been
set to stop outbound connections can start to alert or stop it.

Duane

 

[Jan Il]

Hi Duane!

Hi Kurt,

Jan Il wrote:

Hi Kurt,

[snip]
there are 3 main things that could be insecure... the
communications link or the two endpoints in the transaction...
the communications link ought to be encrypted, ergo secure from
snooping/tampering... the bank's systems should be secure
(otherwise why are you dealing with that bank?)... that just
leaves the system at the users end... yes, if you're uncertain
about the security of your own system you should probably think
twice about banking online...


I do agree with you, and Duane. And there really should be no
reason one should not be able to utilize the function as a
convenience. But, merely
as
a question, it has been stated both here and in other newsgroups
and
forums,
that there are times when a virus or other type of invader may
be able
to
infect your computer because the proper updates for anti-virus
or other types of scanning programs have not yet been provided.
Thus, at this particular time, even though a user may have all
types of good
protection,
and they are updated as of the last one available, could they
not still
be
infected during this period between the time the virus/other
hits the
ground
and the time a kill can be made available?

is it possible? certainly... and the more one relies soley on
anti-virus software for protection the more probable it will be...

an anti-virus product is more like a safety harness, it shouldn't
be your primary defensive measure but rather a backup in case you
falter in your practice of safe hex & system hardening...

While common sense after Swen
would tell most people not to click on any attachment until it
could be checked for virus or other, how would one protect
against something that could be loaded to or infect their
machine without notice by any AV or
other
because it would not yet recognize it as a foe.

uncommon sense would be not to accept unrequested attachments,
period... or at the very least, not without double checking with
the claimed sender...

Is it possible then to
really be certain of the security of your own system 100% of the
time?

100% certainty is generally not possible, however it is possible
to make the uncertainty vanishingly small...

It
is for this reason that I prefer not to take the chance of doing
any personal business on the net.

you lack confidence in your security measures... in which case the
path you've chosen is probably the right one for you (at this
time)...

What you say makes sense, and I find no fault with it. Perhaps if I
were more confident in the quality of AV programs collectively, and
the practices of the Internet community, I would be less concerned
about using the Internet more freely. But, like any new mouse trap,
the rats soon find a way to steal the cheese no matter what. <g>

Thank you very much for your input and explanations. I really
appreciate it. It does present food for thought. I think I'll
evaluate the new model of up coming mouse traps a bit before taking
the plunge to the pool of on-line business (at this time)... ;-))

Regards,
Jan
--
"hungry people don't stay hungry for long
they get hope from fire and smoke as the weak grow strong
hungry people don't stay hungry for long
they get hope from fire and smoke as they reach for the dawn"




The bottom line here is one doesn't just depend upon an AV or FW etc,
etc. to be the stop all end all solutions and leave it at that.

On the NT based O/S(s), there are a few means such as Auditing
features that allows one to see what's running on the machine.

There are third party applications that run on all the flavors of the
MS O/S(s) such as Active Ports (free), Process Explorer (free),
PRCview (free)
or something like (SpyAgent - trial ware free with nice auditing
features for non NT based O/S(s), IMHO) to help one review what's
running on the computer.

One should monitor on a routine basis what's happening/running on the
machine along with checking inbound and outbound connections that are being
made to the computer.

Just because one has that little security blanket up doesn't mean one
doesn't look around for themselves from time to time.

Also Ethereal (free) can be ran from time to time as well.

Thank you very much for the additional information on the programs. I
will look into them and see which one might work best for me. I really
appreciate your time and help.

Jan

If you get this twice -- sorry.

You can put a Short-cut for Active Ports in the Startup folder. By doing
that, Active Ports will start and display the inbound and outbound
connections on its screen to you and you can clearly see what's
happening. Malware that could be on the machine can startup and make
connections before an application such as a host based FW that has been
set to stop outbound connections can start to alert or stop it.

Really? You can actually watch the screen and see what is coming and going?
Hhmmm.. sort of a cyber version of people-watching. <g> I can see that this
would be helpful in monitoring activities in troubleshooting problems as
well. I'll take a look at this and see how it works. It might be interesting
to see just what is happening on the Dark Side of the Force. Then again....
;-)

Thank you very much for providing the additional info on this program. It
does sound like a very beneficial tool, and I do appreciate your time to
explain and provide detailed information.

Jan