[Dshield] Firewall or other security tool that bites back???

rilya byor rilya1 at yahoo.com
Mon Nov 18 23:53:16 GMT 2002


It's not the system that was locking up, just the
connection (ie, when i checked the status, it would
indicate that I was connected, only there was no
traffic coming in or going out).  However, I believe
it was my ISP (verizon), who've been driving me crazy
for a couple of weeks now, so I dumped them and signed
on with a local company where the helpdesk people
actually know what they're doing--including running
Linux--and once I got ZAPro reconf'd for the new
connection, it's been working great.  (I've got Sygate
Pro as well, tho not currently running it cause
"something" seems to be preventing it from starting up
every so often--but I'm not compromised that I know
of, unless there's an invisible trojan out there that
none of my six antivirus/antitrojan programs can
see...)
As for the old PII, no pouncing from me; my other box
is just a plain old P, which works just fine with
RedHat 7.2.
Thx for the input,
Rilya
--- Samantha Fetter <sama at snowplow.org> wrote:
> I was about to respond when I saw this response from
> Bob.  I agree,
> although I don't think (in my humble opinion!) that
> either the traffic,
> nor the logging with such a small amount of traffic,
> should cause the
> system to lock up.
> 
> One of my systems is a mere PII-233mmx running '98
> and I use (no
> affiliation here, just my personal experience, so
> don't pounce on me
> please!!) Sygate Personal Firewall, and I log WAY
> more hits than that on
> various ports at times and have no problems with my
> system locking up.
> Sometimes I'll turn on the packet logging (where it
> captures the entire
> packet, data and all, for those not familiar) to see
> what's in these
> packets that are coming in, and I don't have the
> lock ups.
> 
> Are you sure you haven't been compromised and have
> other things going on
> at the same time as the probes?
> 
> Just some ideas.... and as always just my opinion
> and I'm welcome to
> suggestions/corrections to them.
> 
> Cheers,
> Samantha
> 
> On Mon, 18 Nov 2002, Fitton, Robert (Bob) wrote:
> 
> > Does your firewall allow you to turn off logging
> for 137 only?  It
> > might be the overhead of the LOGGING that is
> killing you! I block
> > 137-139, but never log them.
> >
> > >-----Original Message-----
> > >From: rilya byor [mailto:rilya1 at yahoo.com]
> > >Sent: Monday, November 18, 2002 6:33 AM
> > >To: list at dshield.org
> > >Subject: [Dshield] Firewall or other security
> tool that bites back???
> > >
> > >
> > >I've had it with these port 137 probes--I just
> logged
> > >27 in the last 3 minutes, after which my
> connection
> > >locked up AGAIN.  Does anybody know if there's a
> > >Windows program that can be set up to listen on
> port
> > >137 and automatically shoot back???
> > >rilya
> > >
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or
> unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com




More information about the list mailing list