Maximum Security FW Rules Win98SE

Discussion in 'other firewalls' started by DEAN, Jul 30, 2003.

Thread Status:
Not open for further replies.
  1. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,278
    Location:
    New England
    Dean,

    Can you step back a minute and try to explain more clearly why you think you are being hacked and why you think the only firewall that can prevent it is an out of date version of Tiny?

    We're having a little trouble understanding, which is why you are getting the reactions you are.

    It really doesn't seem to make sense. First you said "your ISP can flash your BIOS when you first dialup". How? Making a network connection is not enough to flash a BIOS. A program must run locally to do that. Then you said that when you tried LnS, "... what a mistake the ISP idiots flahed my bios right away and somehow disabled my drive to access the Internet!!!"

    Exactly what type of malware protection are you running? Any anti-virus and anti-trojan software? Could your system simply have been infected with a common malicious virus that caused you problems?

    You see, if someone could write some program into a BIOS to take control of a PC's network connection, such that all the newer firewalls can't block it, then I can assure you, old Tiny won't block it either.

    A better explanation might make this clearer for everyone otherwise this thread is going no where, and no one will benefit.
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    DEAN you have much to learn, attempting to come on here posting assumptions and trying to lay it out as facts without giving any valid information to support what you’ve posted. I knew from the beginning of this topic that this topic was going to be nothing valid and useful to anyone on here. Now here is my theory; assuming you had installed Look ‘n’ Stop, you weren’t hacked and especially the moment you installed Look ‘n’ Stop Personal Firewall. I doubt you even made it on the Internet; I can even imagine you installing Look ‘n’ Stop Personal Firewall along side with your current Software Firewall installation, possible noticeable conflict(S) such like not being capable of Connecting to the Internet due to Installing two or more Software Firewalls on the same System. I wont get too technical, but I can ensure you there’s probably number of people on this here board alone who can vouch they experienced such anomaly that I mentioned.

    Let’s assume this wasn’t a conflict and that you with Lack of knowledge blocked a Client Application which was needed to communicate to the Internet. So you automatically assumed you got “flashed?!?!?” / “hacked?!?!?” and you taken the steps in wiping-out your HDD without investing into facts? Then coming on here with backup Machine claiming Look ‘n’ Stop Personal Firewall leaked and because of it you been “flashed?!?!?” / “hacked?!?!?” or whatever you want to call it…

    OK, let’s assume for a second you didn’t block a necessary Client Application by Application Filtering Layer and that you supposedly connected to servers before this all happens. And Look ‘n’ Stop Personal Firewall providing one of the strongest Packet Filtering Layers you can possibly find in a Software Firewall, which has Complete Control over IP & Non-IP or Other IP Protocols. Look ‘n’ Stop Personal Firewall has the capabilities of blocking ALL Hacks/Scans/Nuke attempts Stone-Cold!

    And considering Look ‘n’ Stop provides one of the most properly designed rule-sets (EnhancedRulesSet.rls) by Default, with only couple of rules needing to be Tweaked like;
    * UDP : BOOTP / DHCP (Rule which can be disabled or removed if your Dialup user)
    * UDP : Authorize name resolution (DNS)

    This is why I find what you say really ridiculous, and highly unlikely… ;)
     
  3. DEAN

    DEAN Guest

    Well Im sorry if you guys find this unbelievable, but everything I said is the Truth. I had no conflicts with these two firewalls as nither starts on startup.
    Have some new information I just investigated and found that their is another setting, in Network, go to dialup networking adapter and click properties, now go miscx settings and you will find (point to point IP) this should be set to NO because this setting allows your ISP to administer on your computer through an encrypted tunneling protocal!!!
    As I said before, the new firewalls allow certain protocals that us normal people do not know about, by default, which I believe this old Klunker FW stopped them cold!!!
    Also, believe you me, they can flash your bios and install remote things you dont know about into the boot sector of your HD. Antivirus dont find them because their probably encrypted!!!
    I really did like the looks of LNS but I want no more problems so I can go on the internet and Tiny 2.15.A does it.
    I was even using Tiny 3 before but they got to its remote admin program and crashola, although I never had it under a password then.
    where can I find more detailed setup for LNS.
     
  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    DEAN

    Your Information is way off bases; anyways you don’t need the both Software Firewalls running in the background order for them to conflict, just the Installation of two or more Software Firewalls is enough…
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,278
    Location:
    New England
    Dean, you said, "believe you me"? Well, I'm sorry, but no, I don't believe you on this statement. You are merely spreading hype, and you are not backing it up with any facts. If you want people to believe any of this, you'll need to do more than just say it. Saying that an ISP can do all these things does not make it so.

    I'm sorry to be blunt Dean, but you've had a number of posts in this thread and people have asked for details and proof and you haven't provided any. I think you need to start providing some analysis and proof that backs up your claims.
     
  6. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :) nope the bios hack or infection is impossible to do i never seen it truly successfully done.

    when i do a clean install and whipe the hard drive nothing survives not even an updated bios

    i literally start from the very beginning

    i think the so called problem you think your having thinking your being hack is because they identified your pc.

    but in realty it an un equal machine code that every pc has,

    even a software company sales a program and puts you in there data base so if your pc is stolen they can hunt it dowen for you and get your pc back.

    when you use aol or any isp provider they Will always know who you are regardless what you do

    thats how the riaa is getting isp providers to hand over certain peoples names by identifying not just the user handle but this unique identification number.


    even Java cool know about this machine code number as he has made software to change id number on windows media player.

    no one is hacking you

    i had zap and every time the thing went off i immediately assumed i was being hacked lol

    then i just ask what all the alerts are.

    do you honestly believe your the only one on cable or on a phone line or the only one with a satellite dish come on.

    you have to remember your not the only one hooking up to the internet,

    the internet is like california traffic bumper to bumper

    its lots of traffic for example you and your neighbor has same isp you both get on your computers I'm perty sure your bumping traffic threw same isp.

    also by the way if your using windows me or windows 98 and are doing all these funky security things expect allot of crashes.

    remember you didn't develop the os lol

    theirs no telling what these pc's can do when you try to configure them in ways they never were intended to be lol
     
  7. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    Regardless of what other people tells you or what you see with your eyes, Installing 2 or more Software Firewalls on the System causes conflict(s). There are noticeable conflicts and then there are the not so noticeable conflicts one doesn’t notice at the present time, and your anomaly is the noticeable conflict that you can’t establish Internet Connection. And whether or not the Software Firewalls GUI isn’t in Windows Start-up Group you still have the Software Firewalls Driver(S) being loaded up, if the current Software Firewalls Driver or Drivers gets bumped in the Driver Loading order to make room for the Software Firewall you currently installing then that is known to generate an issue with one establishing Internet Connection.

    Now I’m going to make this plain and simple; Look ‘n’ Stop has Complete Control over “IP & Non-IP or Other IP Protocols”. No one remotely flashed your bios, No one hacked you and no one encrypted anything malicious and infected your boot sector.

    Tiny 2.15 or Tiny in general is out-dated Software Firewall and last I checked it didn’t even offer complete Control over all of ICMP Types (0-255), I cant remember exactly how many types total it does allow one to control 8? I don’t even think Kerio offers complete Controls over all the ICMP Types (0-255) unless something changed in the newer recent releases…
     
  8. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Well ya know, I just have to add fro the record:

    1) I have used sympatico (a large Canadian ISP owned by large Canadian telephone company) in the past. Truth is they are a sh!tty ISP, precisely why I doubt that the technicians there have the capabilities you claim.

    2) All of Canada has cable if you want it Dean; why complain when you can switch and get two free months?

    3) No ISP 'lives' in my computer. Not sympatico, nor any other ISP

    4) netbui is a broadcast protocol and is hell and gone less secure than TCP/IP. Any network admin with formal network protocol layer education could tell you that netbui is probably the worst thing you could use.

    5) I can use several software firewalls on my computer at once if I choose with little problem unless a particular FW makes it a problem ON PURPOSE. The only real key is to allow the admin programs of each firewall access through the others. There is no logical reason why this should be a implementation problem.
     
  9. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :D That is true some companys purposely make it so you cant use other fire wall with each other i experinced that lol sucks
     
  10. DEAN

    DEAN Guest

    OKAY GUYS, Heres the FACTS!

    1/ When you go into Network and turn off Point to Point IP WIN98 prompts you for a new dll on the CD called SECUR32.DLL. Now why would it do this if what I said were not true.

    2/ In LNS if you go to options, Advanced, Protocals; you will see all the protocals that are not filtered including Netbui and 2 others!!! The help in LNS says that LNS cannot filter any protocals that are dynamically loaded at startup. I find this hard to believe, but it is what they say.

    3/ Heres a few excerpts from tinys log.

    Their were 32 of these just as I connected!!!

    Rule 'netbios block': Blocked: In UDP, localhost:137->(null) [206.172.185.255:137], Owner: C:\WIN98\SYSTEM\RNAAPP.EXE


    Heres a few others:

    Rule 'INBOUND UNAUTHOURIZED': Blocked: In UDP, (null) [64.156.39.12:666]->localhost:1026, Owner: no owner
    Rule 'netbios block': Blocked: In UDP, (null) [211.162.60.164:44679]->localhost:137, Owner: C:\WIN98\SYSTEM\RNAAPP.EXE
    Rule 'netbios block': Blocked: In UDP, (null) [218.15.192.64:30099]->localhost:135, Owner: no owner
    Rule 'netbios block': Blocked: In UDP, (null) [192.168.8.38:1031]->localhost:137, Owner: C:\WIN98\SYSTEM\RNAAPP.EXE
    Rule 'netbios block': Blocked: In UDP, (null) [80.51.11.7:1025]->localhost:137, Owner: C:\WIN98\SYSTEM\RNAAPP.EXE
    Rule 'netbios block': Blocked: In UDP, (null) [218.20.118.120:32768]->localhost:135, Owner: no owner
    Rule 'netbios block': Blocked: In UDP, (null) [219.145.226.207:1052]->localhost:137, Owner: C:\WIN98\SYSTEM\RNAAPP.EXE
    Rule 'secure CH block': Blocked: In TCP, (null) [206.172.173.65:2220]->localhost:445, Owner: no owner
    Rule 'secure CH block': Blocked: In TCP, (null) [206.172.173.65:2220]->localhost:445, Owner: no owner
    Rule 'INBOUND UNAUTHOURIZED': Blocked: In TCP, (null) [203.107.176.4:21]->localhost:21, Owner: no owner
    Rule 'netbios block': Blocked: In UDP, (null) [219.93.204.174:1053]->localhost:137, Owner: C:\WIN98\SYSTEM\RNAAPP.EXE
    Rule 'PFadmin': Blocked: Out UDP, localhost:1207->(null) [207.236.176.13:53], Owner: C:\PROGRAM FILES\TINYPERSONAL FIREWALL\PFWADMIN.EXE
    Rule 'PFadmin': Blocked: Out UDP, localhost:1207->(null) [207.236.176.13:53], Owner: C:\PROGRAM FILES\TINYPERSONAL FIREWALL\PFWADMIN.EXE
    Rule 'PFadmin': Blocked: Out UDP, localhost:1207->(null) [206.47.244.12:53], Owner: C:\PROGRAM FILES\TINYPERSONAL FIREWALL\PFWADMIN.EXE
    Rule 'PFadmin': Blocked: Out UDP, localhost:1207->(null) [207.236.176.13:53], Owner: C:\PROGRAM FILES\TINYPERSONAL FIREWALL\PFWADMIN.EXE

    4/ Hope we have all learned something!!!
     
  11. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    You don’t know what the heck you are saying; boy go learn computing…
     
  12. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    You have no idea what your doing do you?

    If your using NetBeui, why is netbios still enabled on your system? Why can't you disable that yourself? All the 137, 138, and 139 packets are netbios, which you also have outbound netbios packets, and with netbeui installed you can disable netbios.

    Unless your running a NT operating system ports 135, and 445 would never effect you as you don't have these services on your systems even if you let them past your firewall. They are just probes. Including the one to tcp 21, its just a probe!

    Your also blocking your own firewall from looking up DNS resolutions in your rules, which you have enabled. Either fix your rules to allow the firewall to lookup websites addresses like www.website.com for your own logs, or disable the option in your adminsitration.

    Its obvious you have no idea what your doing. Please stop talking like your words are gospel, and realize that you need to learn much more about what your dealing with before you start offering advice to people based on your very limited knowledge, and much of what you think you know is incorrect.
     
  13. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    Hehehe

    This boy can’t even interpret anything; http://66.227.83.95/Protocols_Configuration.shtml
     
  14. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Easy fellas, although I suspect Dean is confused about a few issues, let's not be nasty about it.

    Dean, you do need to be careful what you assert as fact. 'Proof' required more than what you have given. Much of what you have stated is incorrect. Please do not take this as an insult, it is only meant as freindly advice.
     
  15. DEAN

    DEAN Guest

    I never said I was an expert, but I do like to learn and as for you guys who are Gorning, I think you may have another agenda, maybe your being paid by the TCP KERNEL DRIVER.
    Yes I am blocking certain addresses that are attempting to substitute themselves for my ISP s DNS Server Primary and Secondary, thats right because this is where they are herding in for their mania, also, on first connect.
    This is what they put in my registry last night!!! Just after I connected as revealed by installwatchPRO (FREE) an excellent Tool.
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable"=dword:00000001

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"="127.0.0.1:8080"

    [HKEY_CURRENT_USER\RemoteAccess]
    "Default"="My Connection"

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess]
    "NoLogon"=hex:00,00,00,00,

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess]
    "Remote Connection"=hex:01,00,00,00,

    [HKEY_LOCAL_MACHINE\Config\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
    "ProxyEnable"=dword:00000001

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable"=dword:00000001

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"="127.0.0.1:8080"

    [HKEY_USERS\.DEFAULT\RemoteAccess]
    "Default"="My Connection"

    [HKEY_USERS\.DEFAULT\RemoteAccess\Profile\My Connection]
    "User"="b1egtx75"

    [HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings]
    "ProxyEnable"=dword:00000001

    I have now disabled the windows scripting host and java on my computer and am not having any problems.

    For those who have ears to hear, LET THEM LISTEN.
     
  16. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    How are you currently on Anti-virus, and Anti-Trojan programs? They could be very helpful right now.

    If they put this in your registry, why don't you figure out how they are getting in? Which might include a clean install after a format considering you might have a trojan, which you let get on the system. Do not run a server of any kind, or downloading p2p or warez files which might contain trojans too. If you already have some of these files, guess what? They can be the cause for your problems...

    Next time when you setup your computer, block some simple ports please, tcp/udp 135, 137, 138, 139, 445, 500. These will prevent most standard windows exploits unless your running additional servers, and you can view the firewall status to see which programs are listening on which ports. You can also just turn on the XP firewalll, and it will protect you from outside connections by default, then you can download, and reconfigure your firewall. We then can look over your next configuration before you release it on the net. Don't forget to disable netbios if your going to use NetBeui, and of coarse block any netbios communications to and from the net like you probably did before.

    Note that Kerio is not trying to take over as your dns server, its only doing lookups for ip addresses in your logs, and that is it.

    Seriously, do a clean install after formatting from the XP CD, don't run any programs that could have been infected by a trojan, or virus. Also if you have one now, it could have infected your current collection.
     
  17. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Dean, I realize you are frustrated, but I will tell you that this type of crap isn't welcome here. I do everything I do here for free as do the others. To assert otherwise is incorrect and insulting. Don't do it again.
     
  18. DEAN

    DEAN Guest

    Thanks for the suggestions buddy but I think I got them under control finally!!!
    Ive had netbios turned of forever but the kernel still wants to babble to the net forever, tiny blocks everything and only lets proximitron on the net.
    Anyhow, got some real net stuff for ya I i found out.

    Theres a really neat free program called fastnet99 that will find all your url addresses and save them to a file, now you just copy them out and put them in windows host.sam file for win98. now you dont need any DNS lookups!!! and you can connect directly to your sites.

    Also, and most important, found a sneaky DLL called RNANP.DLL which is the REMOTE ACCESS LIBRARY file. Delete this and you dont have to worry about your ISP GORNS anymore. You will receive a warning at startup that remote access is not availiable!!! and everything runs fine.

    FOR WIN98SE!

    OKAY GUYS.
     
  19. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Sorry I've been helping somebody else with XP, and I forgot you used Win98se for a minute.

    I don't have access to a Win98se install right now, but I'm almost positive that you need that file for Dial-Up Networking to function correctly.

    On Win98se its hard for things to get on your system unless its through netbios before its disabled/blocked, you download it, or through a web exploit. So you just need to re-evaluate how you use your computer, the software you use, and the security settings of your software to keep yourself safer.

    Take care.
     
  20. DEAN

    DEAN Guest

    HOLD IT HOLD IT HOLD IT !!!

    dO NOT PUT ANYTHING IN YOUR HOSTS.SAM FILE UNLESS YOU DONT WANT TO GO THERE!!!

    OOPS, SORRY ABOUT THAT!
     
  21. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    The hosts.sam is only a sample file if it exists. The actual file which effects your dns lookups is the hosts file, it has no extension. I use the hosts file to block various ad sites.
     
  22. DEAN

    DEAN Guest

    Ya thanks Im just learnig about this. Also another bad oriface DLL is wininet.dll I saw this on the internet somewhere where the guy said to remove it, I tried that but had problems. I believe it reads your cookies cache etc. and sends the info to somebody!!!
    It really does look suspicios because it is refenced in internet settings to autoconfigure a proxy!@##$
     
  23. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Now why would they want to do that?

    DLL File: wininet or wininet.dll
    DLL Name: Internet Extensions for Win32
    Description: Contains Internet related functions used by Windows applications
    System DLL: Yes

    Regards,

    Pieter
     
  24. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Dean, stop where you are, your overly paranoid, and marking valid system files as malicious. That file is part of Internet Explorer.

    I suggest you start with a clean system, install a firewall, secure the settings on the system and programs, don't run any servers, or download files from untrusted sources like warez and p2p as a start.
     
  25. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    pcAudit (Internet Security Alliance,Inc.) has a version of wininet.dll.
    This is a different .dll to a standard Microsoft wininet.dll that weighs in at exactly 570 kb. ;)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.