Had a Bad problem with so called Hackers at my ISP etc. and this is how to have total Security on win98se.
1/ Install Tiny Pers FWall 2.15.A.
2/ Install Proximitron 4.4.
These are free.
3/ Setup browsers to use Proximitron and allow nothing through the FW except Proximitron.
use level 6 cfg and switch to 1 on cookie sites.
4/ Remove any Remote Dialup Server such as AOL, Sympatico, etc. and Dialup with your own Dialup program.
5/ In tiny rules totally block ports 135-139 and 443-445.Use this as second rule.
6/ Enter your dial up server app. name (RNAAPP.EXE) as 4th rule and totally block it even on Dialup. If you have ISP problems.Also enter your FW Admin program Full Block.
7/ Browse with Opera 3.61.
8/ Now after you have connected, go to your DUN Server Binds and unbind TCP from your server and bind Netbui Protocal instead. Also check the ask for password box and use encryption box.
9/ Your ISP hacker is now totally blocked out of your Computer.
10/ Also ensure you have a password entered in the FW Admin page.
11/ I saw on a hacker site that most so called hacking attempts on peoples home computers come from the ISP and they were right.!

I use opera 3.61 Demo as it has no add server for ISP goofs to play with and also it is the fastest.

oh ya I forgot a couple of things.

Also ensure Proximitron allows only DNS port 53 in at its address mask.
Actually you may not have to do this because I always surfed before without allowing incoming DNS connections but since the goons at the Synpatico ISP are perptraiting Crime they can configure you any way they want to get in.
I also hide my files in a small free program called hide folders, and lastly I scan my drive with installwatch pro, also free to see what has been installed on my com. you would be surprized, wininet32.dll is the main oriface to keep track of you on your com among others. I also turn down the priority of the server to idle along with tapiserver.
As you can see I had a Hell of a time to get Rid of them!!!

Sorry Im just a beginner and have no experiance with layered FW for Win98SE.
But remember, that no FW is any good if your ISP flashes your bias when you first Dialup( when I allowed a UDP connect) with a backdoor!!! This happened all the time with Sympatico and AOL CANADA!!! I couldnt figure out what that flash was on first connect all the time as I was flashing my bios constantly until I finally totally blockeed RNAAPP.EXE totally.
Just wanted anyone who reads this to know how it can be done and how easily the goons at an isp can get in your computer!!!
Tiny was used because they are still sneaking messages in through the DNS that they configured for their crimes but Tiny 2.15.A will block even its own admin program.
I tried Zonealarm, Kerio, Norton etc. and they all failed!!! because they allow certain protocals by default which is a hole right their!!!
OKAY ... NEWBIE.

One sec... Kerio 2.1.5 which is the last version of 2x is just like Tiny, but is more secure than Tiny 2.1.5 so I have no idea what your problem was there...

Now your problem with being hacked, with my rules unless they get something on my system through an exploit like an IE based browser, or a program I download it won't get on. Then it won't get out unless it piggybacks an application, and conforms to the rules I already allow. Servers are quite known for exploits, and people gaining access to your system through servers you run. Which could have been the likely cause.

Its good you have your system secure now, but what you describe isn't even as anal as my configuration. So it all comes to show you, that it was all in your rules 8)

There is also a registry tweak you can make in Kerio 2x to prevent all traffic if the engine is shutdown, its not an official feature as there was one problem, but its a way to stop the ones that try to disable your firewall.
Kerio registry tweak (http://www.broadbandreports.com/forum/remark,7309170~root=kerio~mode=flat)

8)ha ha ha i have you all beat mine most secure then all of yours check this out lol

blaze unplug phone line to his pc lol

sure theres a few bugs i havnt got it all figured out but its a start lol ;D

This is an update to my original Post. You can also block out your ISP hackers by leaving your bind to your DUN server on TCP but in advanced settings specify a single address for the server witch of course is not them!!!

Okay guys!!!

Geez, it's so simple with LNS :D

{QUOTE-> quoting: MickeyTheMan link=board=23;threadid=11868;start=0#msg77179 date=1059804615]
Geez, it's so simple with LNS :D
<-QUOTE}

Well if you just want to load up one of their default rulesets then what are the chances you understand what its doing? Most people don't fully understand how to configure the firewall, and just rely on something they don't know how to configure themselves. While its defaults are the strongest I have seen, they still do have security holes which can be prevented by customizing the configuration which many won't do as they don't know how.

In the topic creators case, it was necessary for them to learn how to properly configure the software which seems to be an enigma to many as they don't want to take the time to learn until its too late, or they blame it on their software which in fact was mis-configured.

LNS and it's enhanced ruleset is THE ONLY firewall currently on the market that has all known firewalls vulnerabilities patched for.
So before you advertise for any other, you better try them all. I have ! ;)
Even ATELIER Web Firewall Tester (AWFT) is no match against LNS
http://www.atelierweb.com/awft/index.htm

@MickeyTheMan

What about Copycat, Wallbreaker, PCAudit und the new "shell_execute" exploit? ::)

http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/pageweb/test.html

http://www.wilderssecurity.info/pg5.shtml

Yes, Phant0m, exactly... (nice page, btw.) :)

Not really "all known firewalls vulnerabilities", which L'n'S can handle - still it's better than most other PFWs in this area... 8)

:Dyou know i wasnt going to step in here but DEAN
way is probably the best way and a difrent way at looking at it.

only thing that bad boy is missing is a hard ware fire wall.

i got the jest of what he is doing on his pc it just i wish he told us newbies step by step how to do this stuff with pictures

also where to get your owen dialer to sighen on to aol rather then use aol's

lots of good stuff but leavs me asking more qustions

id like an easy way to know how to set my pc up like that add that with my newbie security stuff hta stop and my other cool toys id be like a rolling tank or battleship

maybe a small tutorial on where to go what to install and how to set everything up from begining to end.

add our security experts in on it and they wll most likely add better software recomendations makeing it evenmore secure but the D man has the right template in mind

You don't even need a firewall installed to pass Pc Audit.
I remember testing that many months back and passed with simply NAVISCOPE installed and firewall disabled

Copy cat supposedly installs exploited.txt file on c Drive. Nowhere to be found after trying it 3 times.
Wallbreaker stopped stone cold when IE tried to load as i use a pacfile ( spyblocker software) which IE needs to load.

Hi Its me again, its easy to do, just go into Dialup Netwoking, right click my connection and click properties.
Then go to server types, your server types, and click require encrypted password and data encryption. Now at the bottom hit tcp/ip settings and click specify an IP address and leave it set at 0.0.0.0. Now noone can use your DUN server to do anything. Of course you must do this after you have connected and remove it when done surfing

Okay get this guys, I was banned from the so-called SecurityForum.com for making this Post. Its clear that many dont want the people to know the truth here.
Your ISP lives in your computer and if you have an idiot their, your having nothing but problems on your computer all the time, RIGHT!
This is obviously a truth that the ISP hackers dont want anyone to know as they could lose their power over peoples computers!!!

@MickeyTheMan

I think we discussed here before, that it is always somehow possible to "beat" a certain leaktest without a firewall (due to system setup, applications installed, registry tweaks etc.) - but it is _not_ the leaktest itself, which has to be beaten, but the 'method' it uses... and, as example, I highly doubt, that you can generally prevent dll-injection (PcAudit) into an arbitrary processes by the use of Naviscope... ::)

In the tests linked above, it was the goal to determine if the firewall itself was able to cope with the different 'methods' of leaktests (independent from system config, other apps etc.) - so I think, you can trust them (look, even Phant0m, the greatest Look'n'Stop-fan on earth, confirms the results! ;D )

PcAudit is relying on UserAgent; which Naviscope was capable of blocking to prevent a Successful Connection, and even though Naviscope blocked UserAgent PcAudit still bypassed the Software Firewall to get up-to the point of Connecting. And if pcAudit author wasn’t lazy he/she could easily remove UserAgent usage as it’s not necessary. DLL Module Filtering will resolve PcAudit leak issue however copycat is a whole other story…

{QUOTE-> quoting: _anvil link=board=23;threadid=11868;start=0#msg77460 date=1059947300]
look, even Phant0m, the greatest Look'n'Stop-fan on earth, confirms the results! ;D )
<-QUOTE}
Geez Will, are we going to have to fight as to who is the the greatest LNS fan too ? :D

And should i have to disable all my security preventive measures just to prove that CopyCat and Wall breaker are indeed able to go through my firewall when in fact they are blocked by one of those measures

LOL ;D

{QUOTE-> Geez Will, are we going to have to fight as to who is the the greatest LNS fan too ? <-QUOTE}
Rooouuund one.... fight! ;D

{QUOTE-> And should i have to disable all my security preventive measures just to prove that CopyCat and Wall breaker are indeed able to go through my firewall when in fact they are blocked by one of those measures <-QUOTE}
If you want to test your _firewall_, then yes, of course... ;)

And look what Phant0m wrote: just the fact, that Naviscope can block _parts_ of the _demo exploit_ PCAudit doesn't automatically mean that the next _real trojan_, which uses some PcAudit-methods, will be blocked by Naviscope... ::)

Heres another update guys, HERE THIS!!!

Okay I was listening to a lot and thought I would try Looknstop FW which when I looked at it, Looked Real Good!.

WOW what a mistake the ISP idiots flahed my bios right away and somehow disabled my drive to access the Internet!!!
I totally wiped the drive, recreated the partitions with FDISK etc.I replaced io.sys,command.om, put anold system on the newly reset drive and I still cannot go on the internet with this drive, Im now on my backup.
Its clear these ISP Goons have all the Criminal Tricks!!!
They had to have put a policy into the drive somewhere?
Im now back with tiny 2.15.a, the only one that will block this crap when you fist connect!!!
This is even worse than hackers because most hackers just want to sneak into your computer and steel your files cause they can.
These goons at SYMPATICO.CA are obviously malicious idiots in the Criminal category. Of course I must say that it is never your ISP provider but always a moron with the power of a Genuis at their fingertips!!!

I also recommend my first statement of resetting your DUN SERVER to NETBUI PROTOCAL.

Really mad DEAN

What bull-shit!

Bullshit is right, as I was making this post my computer crashed!!!

FIGURED IT out YET!!!

And i suppose i hacked you yea? What other stories you going to tell.....

Dean, your sharing your hd with the internet? Why? That's a huge security risk, and if they have that access they can likely do much more to your system. Its what you allow on your system that is the security risk, it doesn't matter if its a server, a file you downloaded, or an exploit in a listening service on your computer. Your blaming your shortcomings on the software as you don't know how to confgure things properly.

I've read this thread, and its all come down to you generally don't know what your talking about. Your "Maximum Security" configuration wasn't even near as secure as my configuration, and Kerio 2.1.5 is an upgraded version of Tiny 2.1.5a.

Dont talk unless you have to fight your way through these idiots. This post is for learning for guys that have had lots of problems on their computers, i,ve seen it all over the forums.

So why dont you tell us how to do it right pal!!!

Dean,

Can you step back a minute and try to explain more clearly why you think you are being hacked and why you think the only firewall that can prevent it is an out of date version of Tiny?

We're having a little trouble understanding, which is why you are getting the reactions you are.

It really doesn't seem to make sense. First you said "your ISP can flash your BIOS when you first dialup". How? Making a network connection is not enough to flash a BIOS. A program must run locally to do that. Then you said that when you tried LnS, "... what a mistake the ISP idiots flahed my bios right away and somehow disabled my drive to access the Internet!!!"

Exactly what type of malware protection are you running? Any anti-virus and anti-trojan software? Could your system simply have been infected with a common malicious virus that caused you problems?

You see, if someone could write some program into a BIOS to take control of a PC's network connection, such that all the newer firewalls can't block it, then I can assure you, old Tiny won't block it either.

A better explanation might make this clearer for everyone otherwise this thread is going no where, and no one will benefit.

DEAN you have much to learn, attempting to come on here posting assumptions and trying to lay it out as facts without giving any valid information to support what you’ve posted. I knew from the beginning of this topic that this topic was going to be nothing valid and useful to anyone on here. Now here is my theory; assuming you had installed Look ‘n’ Stop, you weren’t hacked and especially the moment you installed Look ‘n’ Stop Personal Firewall. I doubt you even made it on the Internet; I can even imagine you installing Look ‘n’ Stop Personal Firewall along side with your current Software Firewall installation, possible noticeable conflict(S) such like not being capable of Connecting to the Internet due to Installing two or more Software Firewalls on the same System. I wont get too technical, but I can ensure you there’s probably number of people on this here board alone who can vouch they experienced such anomaly that I mentioned.

Let’s assume this wasn’t a conflict and that you with Lack of knowledge blocked a Client Application which was needed to communicate to the Internet. So you automatically assumed you got “flashed?!?!?” / “hacked?!?!?” and you taken the steps in wiping-out your HDD without investing into facts? Then coming on here with backup Machine claiming Look ‘n’ Stop Personal Firewall leaked and because of it you been “flashed?!?!?” / “hacked?!?!?” or whatever you want to call it…

OK, let’s assume for a second you didn’t block a necessary Client Application by Application Filtering Layer and that you supposedly connected to servers before this all happens. And Look ‘n’ Stop Personal Firewall providing one of the strongest Packet Filtering Layers you can possibly find in a Software Firewall, which has Complete Control over IP & Non-IP or Other IP Protocols. Look ‘n’ Stop Personal Firewall has the capabilities of blocking ALL Hacks/Scans/Nuke attempts Stone-Cold!

And considering Look ‘n’ Stop provides one of the most properly designed rule-sets (EnhancedRulesSet.rls) by Default, with only couple of rules needing to be Tweaked like;
* UDP : BOOTP / DHCP (Rule which can be disabled or removed if your Dialup user)
* UDP : Authorize name resolution (DNS)

This is why I find what you say really ridiculous, and highly unlikely… ;)

Well Im sorry if you guys find this unbelievable, but everything I said is the Truth. I had no conflicts with these two firewalls as nither starts on startup.
Have some new information I just investigated and found that their is another setting, in Network, go to dialup networking adapter and click properties, now go miscx settings and you will find (point to point IP) this should be set to NO because this setting allows your ISP to administer on your computer through an encrypted tunneling protocal!!!
As I said before, the new firewalls allow certain protocals that us normal people do not know about, by default, which I believe this old Klunker FW stopped them cold!!!
Also, believe you me, they can flash your bios and install remote things you dont know about into the boot sector of your HD. Antivirus dont find them because their probably encrypted!!!
I really did like the looks of LNS but I want no more problems so I can go on the internet and Tiny 2.15.A does it.
I was even using Tiny 3 before but they got to its remote admin program and crashola, although I never had it under a password then.
where can I find more detailed setup for LNS.

DEAN

Your Information is way off bases; anyways you don’t need the both Software Firewalls running in the background order for them to conflict, just the Installation of two or more Software Firewalls is enough…

{QUOTE-> quoting: DEAN link=board=23;threadid=11868;start=15#msg77765 date=1060061186]Also, believe you me, they can flash your bios and install remote things you dont know about into the boot sector of your HD. Antivirus dont find them because their probably encrypted!!! <-QUOTE}

Dean, you said, "believe you me"? Well, I'm sorry, but no, I don't believe you on this statement. You are merely spreading hype, and you are not backing it up with any facts. If you want people to believe any of this, you'll need to do more than just say it. Saying that an ISP can do all these things does not make it so.

I'm sorry to be blunt Dean, but you've had a number of posts in this thread and people have asked for details and proof and you haven't provided any. I think you need to start providing some analysis and proof that backs up your claims.

:) nope the bios hack or infection is impossible to do i never seen it truly successfully done.

when i do a clean install and whipe the hard drive nothing survives not even an updated bios

i literally start from the very beginning

i think the so called problem you think your having thinking your being hack is because they identified your pc.

but in realty it an un equal machine code that every pc has,

even a software company sales a program and puts you in there data base so if your pc is stolen they can hunt it dowen for you and get your pc back.

when you use aol or any isp provider they Will always know who you are regardless what you do

thats how the riaa is getting isp providers to hand over certain peoples names by identifying not just the user handle but this unique identification number.


even Java cool know about this machine code number as he has made software to change id number on windows media player.

no one is hacking you

i had zap and every time the thing went off i immediately assumed i was being hacked lol

then i just ask what all the alerts are.

do you honestly believe your the only one on cable or on a phone line or the only one with a satellite dish come on.

you have to remember your not the only one hooking up to the internet,

the internet is like california traffic bumper to bumper

its lots of traffic for example you and your neighbor has same isp you both get on your computers I'm perty sure your bumping traffic threw same isp.

also by the way if your using windows me or windows 98 and are doing all these funky security things expect allot of crashes.

remember you didn't develop the os lol

theirs no telling what these pc's can do when you try to configure them in ways they never were intended to be lol

Regardless of what other people tells you or what you see with your eyes, Installing 2 or more Software Firewalls on the System causes conflict(s). There are noticeable conflicts and then there are the not so noticeable conflicts one doesn’t notice at the present time, and your anomaly is the noticeable conflict that you can’t establish Internet Connection. And whether or not the Software Firewalls GUI isn’t in Windows Start-up Group you still have the Software Firewalls Driver(S) being loaded up, if the current Software Firewalls Driver or Drivers gets bumped in the Driver Loading order to make room for the Software Firewall you currently installing then that is known to generate an issue with one establishing Internet Connection.

Now I’m going to make this plain and simple; Look ‘n’ Stop has Complete Control over “IP & Non-IP or Other IP Protocols”. No one remotely flashed your bios, No one hacked you and no one encrypted anything malicious and infected your boot sector.

Tiny 2.15 or Tiny in general is out-dated Software Firewall and last I checked it didn’t even offer complete Control over all of ICMP Types (0-255), I cant remember exactly how many types total it does allow one to control 8? I don’t even think Kerio offers complete Controls over all the ICMP Types (0-255) unless something changed in the newer recent releases…

Well ya know, I just have to add fro the record:

1) I have used sympatico (a large Canadian ISP owned by large Canadian telephone company) in the past. Truth is they are a sh!tty ISP, precisely why I doubt that the technicians there have the capabilities you claim.

2) All of Canada has cable if you want it Dean; why complain when you can switch and get two free months?

3) No ISP 'lives' in my computer. Not sympatico, nor any other ISP

4) netbui is a broadcast protocol and is hell and gone less secure than TCP/IP. Any network admin with formal network protocol layer education could tell you that netbui is probably the worst thing you could use.

5) I can use several software firewalls on my computer at once if I choose with little problem unless a particular FW makes it a problem ON PURPOSE. The only real key is to allow the admin programs of each firewall access through the others. There is no logical reason why this should be a implementation problem.

:D That is true some companys purposely make it so you cant use other fire wall with each other i experinced that lol sucks

OKAY GUYS, Heres the FACTS!

1/ When you go into Network and turn off Point to Point IP WIN98 prompts you for a new dll on the CD called SECUR32.DLL. Now why would it do this if what I said were not true.

2/ In LNS if you go to options, Advanced, Protocals; you will see all the protocals that are not filtered including Netbui and 2 others!!! The help in LNS says that LNS cannot filter any protocals that are dynamically loaded at startup. I find this hard to believe, but it is what they say.

3/ Heres a few excerpts from tinys log.

Their were 32 of these just as I connected!!!

Rule 'netbios block': Blocked: In UDP, localhost:137->(null) [206.172.185.255:137], Owner: C:\WIN98\SYSTEM\RNAAPP.EXE


Heres a few others:

Rule 'INBOUND UNAUTHOURIZED': Blocked: In UDP, (null) [64.156.39.12:666]->localhost:1026, Owner: no owner
Rule 'netbios block': Blocked: In UDP, (null) [211.162.60.164:44679]->localhost:137, Owner: C:\WIN98\SYSTEM\RNAAPP.EXE
Rule 'netbios block': Blocked: In UDP, (null) [218.15.192.64:30099]->localhost:135, Owner: no owner
Rule 'netbios block': Blocked: In UDP, (null) [192.168.8.38:1031]->localhost:137, Owner: C:\WIN98\SYSTEM\RNAAPP.EXE
Rule 'netbios block': Blocked: In UDP, (null) [80.51.11.7:1025]->localhost:137, Owner: C:\WIN98\SYSTEM\RNAAPP.EXE
Rule 'netbios block': Blocked: In UDP, (null) [218.20.118.120:32768]->localhost:135, Owner: no owner
Rule 'netbios block': Blocked: In UDP, (null) [219.145.226.207:1052]->localhost:137, Owner: C:\WIN98\SYSTEM\RNAAPP.EXE
Rule 'secure CH block': Blocked: In TCP, (null) [206.172.173.65:2220]->localhost:445, Owner: no owner
Rule 'secure CH block': Blocked: In TCP, (null) [206.172.173.65:2220]->localhost:445, Owner: no owner
Rule 'INBOUND UNAUTHOURIZED': Blocked: In TCP, (null) [203.107.176.4:21]->localhost:21, Owner: no owner
Rule 'netbios block': Blocked: In UDP, (null) [219.93.204.174:1053]->localhost:137, Owner: C:\WIN98\SYSTEM\RNAAPP.EXE
Rule 'PFadmin': Blocked: Out UDP, localhost:1207->(null) [207.236.176.13:53], Owner: C:\PROGRAM FILES\TINYPERSONAL FIREWALL\PFWADMIN.EXE
Rule 'PFadmin': Blocked: Out UDP, localhost:1207->(null) [207.236.176.13:53], Owner: C:\PROGRAM FILES\TINYPERSONAL FIREWALL\PFWADMIN.EXE
Rule 'PFadmin': Blocked: Out UDP, localhost:1207->(null) [206.47.244.12:53], Owner: C:\PROGRAM FILES\TINYPERSONAL FIREWALL\PFWADMIN.EXE
Rule 'PFadmin': Blocked: Out UDP, localhost:1207->(null) [207.236.176.13:53], Owner: C:\PROGRAM FILES\TINYPERSONAL FIREWALL\PFWADMIN.EXE

4/ Hope we have all learned something!!!

You don’t know what the heck you are saying; boy go learn computing…

{QUOTE-> quoting: DEAN link=board=23;threadid=11868;start=30#msg77998 date=1060153349]
OKAY GUYS, Heres the FACTS! <-QUOTE}

You have no idea what your doing do you?

If your using NetBeui, why is netbios still enabled on your system? Why can't you disable that yourself? All the 137, 138, and 139 packets are netbios, which you also have outbound netbios packets, and with netbeui installed you can disable netbios.

Unless your running a NT operating system ports 135, and 445 would never effect you as you don't have these services on your systems even if you let them past your firewall. They are just probes. Including the one to tcp 21, its just a probe!

Your also blocking your own firewall from looking up DNS resolutions in your rules, which you have enabled. Either fix your rules to allow the firewall to lookup websites addresses like www.website.com for your own logs, or disable the option in your adminsitration.

Its obvious you have no idea what your doing. Please stop talking like your words are gospel, and realize that you need to learn much more about what your dealing with before you start offering advice to people based on your very limited knowledge, and much of what you think you know is incorrect.

Hehehe

This boy can’t even interpret anything; http://66.227.83.95/Protocols_Configuration.shtml

Easy fellas, although I suspect Dean is confused about a few issues, let's not be nasty about it.

Dean, you do need to be careful what you assert as fact. 'Proof' required more than what you have given. Much of what you have stated is incorrect. Please do not take this as an insult, it is only meant as freindly advice.

I never said I was an expert, but I do like to learn and as for you guys who are Gorning, I think you may have another agenda, maybe your being paid by the TCP KERNEL DRIVER.
Yes I am blocking certain addresses that are attempting to substitute themselves for my ISP s DNS Server Primary and Secondary, thats right because this is where they are herding in for their mania, also, on first connect.
This is what they put in my registry last night!!! Just after I connected as revealed by installwatchPRO (FREE) an excellent Tool.
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"="127.0.0.1:8080"

[HKEY_CURRENT_USER\RemoteAccess]
"Default"="My Connection"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess]
"NoLogon"=hex:00,00,00,00,

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess]
"Remote Connection"=hex:01,00,00,00,

[HKEY_LOCAL_MACHINE\Config\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000001

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000001

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"="127.0.0.1:8080"

[HKEY_USERS\.DEFAULT\RemoteAccess]
"Default"="My Connection"

[HKEY_USERS\.DEFAULT\RemoteAccess\Profile\My Connection]
"User"="b1egtx75"

[HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000001

I have now disabled the windows scripting host and java on my computer and am not having any problems.

For those who have ears to hear, LET THEM LISTEN.

How are you currently on Anti-virus, and Anti-Trojan programs? They could be very helpful right now.

If they put this in your registry, why don't you figure out how they are getting in? Which might include a clean install after a format considering you might have a trojan, which you let get on the system. Do not run a server of any kind, or downloading p2p or warez files which might contain trojans too. If you already have some of these files, guess what? They can be the cause for your problems...

Next time when you setup your computer, block some simple ports please, tcp/udp 135, 137, 138, 139, 445, 500. These will prevent most standard windows exploits unless your running additional servers, and you can view the firewall status to see which programs are listening on which ports. You can also just turn on the XP firewalll, and it will protect you from outside connections by default, then you can download, and reconfigure your firewall. We then can look over your next configuration before you release it on the net. Don't forget to disable netbios if your going to use NetBeui, and of coarse block any netbios communications to and from the net like you probably did before.

Note that Kerio is not trying to take over as your dns server, its only doing lookups for ip addresses in your logs, and that is it.

Seriously, do a clean install after formatting from the XP CD, don't run any programs that could have been infected by a trojan, or virus. Also if you have one now, it could have infected your current collection.

{QUOTE-> quoting: DEAN link=board=23;threadid=11868;start=30#msg78246 date=1060244159]
I think you may have another agenda, maybe your being paid by the TCP KERNEL DRIVER.
<-QUOTE}

Dean, I realize you are frustrated, but I will tell you that this type of crap isn't welcome here. I do everything I do here for free as do the others. To assert otherwise is incorrect and insulting. Don't do it again.

Thanks for the suggestions buddy but I think I got them under control finally!!!
Ive had netbios turned of forever but the kernel still wants to babble to the net forever, tiny blocks everything and only lets proximitron on the net.
Anyhow, got some real net stuff for ya I i found out.

Theres a really neat free program called fastnet99 that will find all your url addresses and save them to a file, now you just copy them out and put them in windows host.sam file for win98. now you dont need any DNS lookups!!! and you can connect directly to your sites.

Also, and most important, found a sneaky DLL called RNANP.DLL which is the REMOTE ACCESS LIBRARY file. Delete this and you dont have to worry about your ISP GORNS anymore. You will receive a warning at startup that remote access is not availiable!!! and everything runs fine.

FOR WIN98SE!

OKAY GUYS.

Sorry I've been helping somebody else with XP, and I forgot you used Win98se for a minute.

I don't have access to a Win98se install right now, but I'm almost positive that you need that file for Dial-Up Networking to function correctly.

On Win98se its hard for things to get on your system unless its through netbios before its disabled/blocked, you download it, or through a web exploit. So you just need to re-evaluate how you use your computer, the software you use, and the security settings of your software to keep yourself safer.

Take care.

HOLD IT HOLD IT HOLD IT !!!

dO NOT PUT ANYTHING IN YOUR HOSTS.SAM FILE UNLESS YOU DONT WANT TO GO THERE!!!

OOPS, SORRY ABOUT THAT!

The hosts.sam is only a sample file if it exists. The actual file which effects your dns lookups is the hosts file, it has no extension. I use the hosts file to block various ad sites.

Ya thanks Im just learnig about this. Also another bad oriface DLL is wininet.dll I saw this on the internet somewhere where the guy said to remove it, I tried that but had problems. I believe it reads your cookies cache etc. and sends the info to somebody!!!
It really does look suspicios because it is refenced in internet settings to autoconfigure a proxy!@##$

Now why would they want to do that?

DLL File: wininet or wininet.dll
DLL Name: Internet Extensions for Win32
Description: Contains Internet related functions used by Windows applications
System DLL: Yes

Regards,

Pieter

Dean, stop where you are, your overly paranoid, and marking valid system files as malicious. That file is part of Internet Explorer.

I suggest you start with a clean system, install a firewall, secure the settings on the system and programs, don't run any servers, or download files from untrusted sources like warez and p2p as a start.

pcAudit (Internet Security Alliance,Inc.) has a version of wininet.dll.
This is a different .dll to a standard Microsoft wininet.dll that weighs in at exactly 570 kb. ;)

What a great discussion!!! I love it. Ive been looking for the free version of Tiny PF for awhile and all i could find was the 4.5 and 5.0 version. Could someone give me a link to the free version (2.15.A)? I even googled to find it and no luck.
Would there be a problem running both TPF and NPF on Win. 98SE?
Thanks.

Enigma, don't get the old tiny version, get Kerio 2.1.5, its the same program, only upgraded, and is more secure.

There is always the arguement of running two firewalls on the same system, both would be complex, so I don't recommend it. Especially with those two since they are both rule based, and it would be a pain to configure both firewalls.

Edit: I used to keep the installs of the older Tiny versions, but there was no reason to. Right now I could rename a program to something, and bypass the Tiny 2.x firewall completely. That is why you don't want to use it.

Hi enigma

{QUOTE-> Would there be a problem running both TPF and NPF on Win. 98SE? <-QUOTE}

Is there a particular reason you feel you need to run 2 software firewalls? While multiple software firewalls may run without issue on your system, it is generally not recommended.

Regards,

CrazyM

Hay to BlitzenZeus and CrazyM,
I thought being redundant with 2 firewalls might be a little more secure. However, after reading your questions to me it i think ill stick with just NPF :)
After reading these 4 pages, where is Dean coming from? Im pretty new at puters (5yrs), but the more i read, the deeper it got. I even got my boots on after page 3 ;D. Set him straight, if he will listen, and his problems will be solved. His system is all fouled up. Even i can see that!! Parinoid!!
Thanks for making me think before jumping.

{QUOTE-> I thought being redundant with 2 firewalls might be a little more secure <-QUOTE}
It's not a bad idea to have a backup scanner for your AV and maybe AT, but when it comes to firewalls, to work they need to be resident. Two programs resident at the same time trying to meter the traffic in the same general area is a sure bet to cause trouble.
When it comes to firewalls, if you don't trust the one you have to do the job, then get one you can trust.

I once felt the way you did, but I learned from others that had gone before me. Five years is a good start. Just remember to have fun. :)

Hi guys, ya I know it sounds like my system is screwed up, but it aint, honest. Anybody who wants to remove rnanp.dll and ensure their is no remote access can merge this reg file to remove the warning on win98 startup.

REGEDIT4

;removes remote access pointer
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\NetworkProvider]
;"ProviderPath"="C:\\WIN98\\SYSTEM\\RNANP.DLL"
"ProviderPath"=""

I just saw a review of XP that sells it and one knowledable guy said ms finally did it, they came out with a BO operating system!!!

Why do they do this? I dont know it must be the power base and control freak attitude you find in many women type deal.
I am now testing my ISP Gorns to watch what they do as I increase the security level!!!
Will keep you up to date.

Tell me DEAN, what's a BO operating system?
And a woman type deal? and control freak attitude you find in many women type deal?
Thanks in advance for the enlightment so i can follow your explications better again.

{QUOTE-> quoting: DEAN link=board=23;threadid=11868;start=15#msg77765 date=1060061186]
Have some new information I just investigated and ...
<-QUOTE}
Seems to me you should complete your search for information, and once you have gained sufficient knowledge, then you could start making making valid comments about firewalls.
As it stands, you are loosing any kind of credibility as it is obvious you simply don't know what you are talking about !

{QUOTE-> quoting: MickeyTheMan link=board=23;threadid=11868;start=45#msg78637 date=1060424855]
{QUOTE-> quoting: DEAN link=board=23;threadid=11868;start=15#msg77765 date=1060061186]
Have some new information I just investigated and ...
<-QUOTE}
Seems to me you should complete your search for information, and once you have gained sufficient knowledge, then you could start making making valid comments about firewalls.
As it stands, you are loosing any kind of credibility as it is obvious you simply don't know what you are talking about ! <-QUOTE}

WELL SAID!!!!!!!!!!!!!

Hay everyone,
I think this person (DEAN) is just jerking your chain! He/she may be just smart enough about puters to do it!!!! I mean, just read the 4 pages of posts. I mean _really_read them!!

LOLOLOLOLOLOL!

OKAY GUYS HOW ABOUT Some investigations by you too.

check out this doc:

http://www.vixa.com/womenit/security.html

http://www.cryptonym.com/hottopics/msft-nsa/ReplaceNsaKey.zip

Has Microsoft Betrayed the Trust of Millions of Window Users?
Read about the questions around the world!
by The Guide http://raj.guide2servers.com/tcpip/columns/_nsakey/index.html


Microsoft Windows have consistently proven to be the weakest of all the known
operating systems. This can be inferred by the large numbers (too numerous to list)
of viruses and Trojans which have been released over last 2 years e.g. Back Orifice,
Melissa, NetBus to name a few. Experts believe that there are two basic problems which
results in Windows being such an insecure operating system--one it is based on
technologies which are inherently weak, two being a closed platform it does not have
the benefit of being reviewed by peers; an enormous benefit an open source operating
systems enjoy.

In additions to Windows inherent weaknesses, in last few months certain facts
have been uncovered by independent security experts which suggest that Microsoft may
have deliberately designed windows with a software key which give National Security
Agency (NSA, US government spy agency) eased access to every copy of windows
installed anywhere, using holes in existing networking software. This makes for a
possibility of a major security compromise and giving access to US government
(and others) any information stored on a Windows based computer system. It can
also allow an open back door to install new or altered software, because of the
compromise of Microsoft's Authenticode technology which depends upon the same software.

Please note: The NSAkey episode is only one of the reasons, why Wondows cannot
be relied on for mission critical applications. Security in Windows 95/98 is
non-existent, and that in Windows NT is better, but still not mission-critical.
See the following URLs for more information on Windows NT security. See:

http://www.ntbugtraq.com
http://www.tbtf.com/resource/ms-sec-exploits.html
http://www.ntsecurity.net/security/passworddll.htm

The discovery of a backdoor key to Windows may be one of the most "devastating news"
for a millions of Windows users. It is for the first time in the history of computer
security that such a gigantic breach of trust has transpired.

While on the surface this issue was made to appear as an uproar that cannot be
verified really, but there is much too much of information which has been uncovered
to raise serious doubts about the security of any Windows based computer system
- Windows95, Windows98, Windows2000 or WindowsNT.

While the Microsoft developers did not deny the presence of the "_NSAKEY" they
also did not also explain satisfactorily the purpose and anonymity of the key.
They denied that it belongs to the NSA, but gave excuses for the presence of this
fail over key that are difficult to believe.

Microsoft's explanation for this other key is that he other key was a backup
key meant for authentication of encrypted components in the event of failure
of the first key. (This much is quite true.) Culp from Microsoft claims that
"_NSAKEY" was colloquially used and is not shared with any outside party
including the NSA. What he failed to explain is that this additional fail
over key can be used or even replaced with another key, without any security
notifications on the system of compromise. Once used or replaced,
the entire hierarchy falls like a tower of blocks. ActiveX may be
actually signed by someone other than the one claimed. Java applets,
similarly. System libraries, Sessions with otherwise secure Internet servers,
Virtual Private Networking - just about anything that has to do with security,
that is varified through the CryptoAPI can no longer be trusted.


I started this topic so everyone can know how to get rid of their computer
problems they get when they go on the NET!!! such as having FW rules put in your
FW, and modem settings installed as I have had. I am not an expert, but I do not have
any more crash winnuke etc. problems, all Gone.

PS: I also suggest you change the default port number for Proximitron (6666) as
I think IE was being used as an oriface proxy. And make sure IE is not set to
use that port unless you have too.

MY COMPUTER HAS NO PROBLEM NOW WHILE ON THE NET!!! HOW ABOUT YOU!!!

OH YA, forgot to tell you that I have a full backup of 98SE on F: drive the I
reinstall after Ive been on the NET!!!

OH YA, RNANP.DLL must be removed from DOS!


A Simple Backup Program in WINDOWS:

Deltree /Y f:\SYSBAK\7200CEL\*.*
md f:\SYSBAK\7200CEL
xcopy32 C:\*.* F:\SYSBAK\7200CEL /e /f /h /r /c

Dean,

I can probably find you links on the net that show that the moon is made from cheese or the Earth is flat; these are hardly sufficient proof that these are the case!

Many of the people responding in the thread and trying to help you have many years of experience in supporting computers, supporting hundreds or thousands of systems and being paid very well for it, and *all* of them are wrong and only *you* are right?!

The points you made in the previous post show nothing new. No one is claiming that an MS OS is by any means highly secure by default. The point is that it is not nearly as bad as you have been making it out to be, suspecting each critical system dll as being the personification of Evil come on Earth to destroy us all.

Personally, I feel this thread has long ago departed from any usefulness whatsoever since you seem absolutely unwilling to credit anyone with any knowledge of what they speak and insist holding on to your cherished prejudices.

I ask that you seriously reread the thread and try to read the posts of others in a fresh light.

I can't get rid off the idea DEAN is just a psychological discussion program. ;D
Dolf

Dan,

A really thoughtful and elegant response.
Thanks,

Bdiamond

{QUOTE-> quoting: Dan Perez link=board=23;threadid=11868;start=60#msg78721 date=1060448895]Personally, I feel this thread has long ago departed from any usefulness whatsoever ... <-QUOTE}

I agree and for now the thread will be locked.

Dean,
If you have any concerns with this, you can contact me via the email in my profile.

Regards,

CrazyM