|
PureBytes Links
Trading Reference Links
|
<x-html><!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Hi Walter,
<p>I decided on ConSeal. As you know I have used IA since you brought
it to my attention, and it caught a port scan. But in my experience
I've found that it can only monitor a small number of ports. Maybe
there is a way around this, but I'm not aware of it. This site lists
some ports that known trojans use: http://www.simovits.com/nyheter9902.html
Try loading them all in IA and see what happens. After hearing Guy
mention ConSeal http://www.signal9.com/index.html , a couple of
weeks ago I tried a one of their products, CPD. Very easy to use
and offers much more protection than IA, IMO. However, it interfered
with my rt feed, so until the ConSeal tech can determine how to resolve
this it looks like I will use ConSeal PC Firewall. The downside to
using FireWall is defining exactly the right ruleset, which apparently
can be a bit difficult in the beginning.
<p>This site was posted to the ConSeal list the other day and is worth
looking at: http://home.earthlink.net/~commodon/
<br>Once you enter, click on "How to Detect" for a method to determine
if your PC has been compromised. Another site mentioned (maybe by
Guy) is http://www.dslreports.com/
Ther you can test your firewall security.
<p>Regards,
<br>Ken
<br>
<br> </html>
</x-html>From ???@??? Fri Aug 20 10:59:03 1999
Return-Path: <majordom@xxxxxxxxxxxxxxxxxx>
Received: from listserv.equis.com (listserv.equis.com [204.246.137.2])
by purebytes.com (8.8.7/8.8.7) with ESMTP id KAA12758
for <neal@xxxxxxxxxxxxx>; Fri, 20 Aug 1999 10:47:54 -0700
Received: (from majordom@xxxxxxxxx)
by listserv.equis.com (8.8.7/8.8.7) id BAA19815
for metastock-outgoing; Sat, 21 Aug 1999 01:23:42 -0600
X-Authentication-Warning: listserv.equis.com: majordom set sender to owner-metastock@xxxxxxxxxxxxx using -f
Received: from freeze.metastock.com (freeze.metastock.com [204.246.137.5])
by listserv.equis.com (8.8.7/8.8.7) with ESMTP id BAA19812
for <metastock@xxxxxxxxxxxxxxxxxx>; Sat, 21 Aug 1999 01:23:39 -0600
Received: from basecamp1.netquest.net (netquest.net [204.140.219.1])
by freeze.metastock.com (8.8.5/8.8.5) with ESMTP id LAA00574
for <metastock@xxxxxxxxxxxxx>; Fri, 20 Aug 1999 11:13:39 -0600 (MDT)
Received: from p400 (dsl0037.netquest.net [206.117.109.37]) by basecamp1.netquest.net (8.8.8/8.8.6) with SMTP id KAA01727 for <metastock@xxxxxxxxxxxxx>; Fri, 20 Aug 1999 10:00:11 -0700 (PDT)
From: "Guy Tann" <grt@xxxxxxxxxxxx>
To: <metastock@xxxxxxxxxxxxx>
Subject: RE: persistent intruder attack
Date: Fri, 20 Aug 1999 10:00:10 -0700
Message-ID: <001001beeb2d$76181ce0$256d75ce@xxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0
In-Reply-To: <001101beeb01$6e503f00$758a6395@xxxxxx>
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Importance: Normal
Sender: owner-metastock@xxxxxxxxxxxxx
Precedence: bulk
Reply-To: metastock@xxxxxxxxxxxxx
Status:
Walter
Are you on a DSL or cable modem?
When I first started noticing a difference, my system would slow down, I
hadn't password protected all of my drives on the net and it seemed I was
visited constantly. I experimented with IA99 (currently running on my
wife's computer) but thought it was too limited for my needs. I then tried
ConSeal PC Desktop and had a problem getting to my own network here in the
house, so I switched to ConSeal PC Firewall, which I like better. I then
did a lot of learning <G>.
There is a Signal 9 forum like this one with a lot of useful advice. I have
saved a bunch of those postings to help build my firewall. So far, I've
managed to get rid of all of my visitors, delete a BO Trojan some kind soul
left lying around my VB5 directory and lock my system up fairly tight.
If you are on DSL, you can go to www.dslreports.com (I think that's correct,
but if not, e-mail me and I'll dig it out of my favorites for you) and look
up their "Secure Me" stuff. After you register, etc., they have a package
that will attempt to break into your system after 1AM EDT and you get a
report by noon the following day. I think their documentation at the time I
ran my test said that 70% of the systems failed the test. I passed but
don't know how. <VBG>
Once you set up your firewall, I worked with my ISP to get the IP Addresses
that he used (and was assigned) so whenever I got a request for access from
him, I could allow it. I also identified all of the systems (3) here on the
network and on the DSL line to the ISP with their individual IP addresses.
With that information, I was able to build a fairly tight firewall by
disallowing everything else. When in doubt, and in Learning Mode, the
system asks me about requests that don't fit my rules, and I have options as
to whether to allow access, allow access for this session, block access or
block access for this session. I am now going to the next step of
tightening the rules even more by taking a more proactive, device oriented
approach. For example, with my local network, I will only allow access for
my 3 local IP addresses and totally block any other request for access to my
LAN. There's a whole bunch of stuff left to do.
Anyway, I'm fairly pleased with ConSeal. According to their web site, they
are the only personal firewall that has been accredited or something. <G>
End of this long, boring story, is that access attempts have almost been
eliminated. I do log certain types of access attempts to keep track of them
and they have been eliminated as well. I think this week I had two attempts
to access my system (probably just a probe). It used to be umpteen a day.
Good luck and thanks for all the Excel work you've done. I've saved most of
the stuff and will try to get busy working on it (the VBA portion). I spent
this week building a computer for my nephew. What should have been a 3 hour
job took 5 days. Bad documentation for the motherboard, and then what
turned out to be too slow memory (that took 3 days). Anyway, he took it
last night and that'll be the last one I build. It's much cheaper to buy
them assembled, like I did my last 2 for the house.
Regards
Guy
-----Original Message-----
From: owner-metastock@xxxxxxxxxxxxx [mailto:owner-metastock@xxxxxxxxxxxxx]
On Behalf Of Walter Lake
Sent: Friday, August 20, 1999 4:45 AM
To: Metastock bulletin board
Subject: persistent intruder attack
I got hit by the same intruder at
8:49:39PM,
8:52:02,
8:52:13
8:52:21
from the following address
216.94.198.91
I immediately disconnected from the internet.
It's as if the hacker search program hit the Intruder Alert program and then
"zeroed in" on
my port.
What would happen if I'm doing a download or making a trade and I'm getting
hit every 7 seconds or faster?
Guess I'm going to have to look at Conseal or some other firewall
protection. Anybody have any suggestions?
Best regards
Walter
|