Hi, i was using the public library's free wi-fi again and noticed that Comodo FW had blocked 3 attempts from Windows to send packets to another local computer on the wi-fi network...i then checked further for open connections and my computer had been sending packets to 2 other computers on the local wi-fi...so i am wondering if there is any reason that my computer would send or receive data from another notebook computer on the public wi-fi network or did i get hacked again? do i need to look for keyloggers and other malware junk now and if they did hack my computer, how did other 2 get past Comodo FW with no notice??
It's almost impossible to provide you with much useful information without knowing what your firewall alerted on. The specific logs from the event really are needed if people are going to do more than just guess at what might have happened, or give more than general advice to scan your PC and such. Same for the open connections. What were they and what ports/protocols were involved?
thanks for the response LowWaterMark - the blocked events just said Windows OS was the app,TCP, source port 1793, dest. port 2869.....dont know if thats enough to go an as i dont have the records of the other connections...mostly i am just wondering if there would be any reason fro my computer to be sending and receiving packets from the other two computers on the wi-fi network, aside from being hacked...they look to me to be other laptop computers, nothing to do with the library, as the name they gave their PC's showed up on colasoft MAC scanner program
2869 is used by upnp in windows, completely legit. unless you're using it a lot at home behind your router, i suggest turning it off.
Your computer is probably trying to discover the other computers on the local network. Have you set up the library network as untrusted?
i set the library network up as "public" in vista.... could be innocuous then from what you think then Diver? am probably a little too paranoid here...
at any hotspot, DISABLE File/Print sharing and only allow email, browsing, dhcp, dns access (25,110,143) (80), (67), (53) SSDP and UPnP are never necessary anyway so set those services to DISABLE.
You are going to need 443 if you use most internet based mail services and other ports for multimedia. Besides, several of those are remote ports. I would be more concerned about my local ports.
oops; yes you need 443 to be open too. Local Ports? I was assuming the default rule is DENY ALL, so inbound 0-1024 should be protected and if truely implemented correctly, so should 1025-65535. ONLY replies to an outbound request should be allowed (again the default).
I use hotspots very frequently. The usual policy is to set up the access points for isolation so that the clients can not see each other. I have never had a problem, or even had to deal with an attempted attack. As for UPnP, I have yet to find an access point where this feature was not turned off, except for one where the hotel staff could not get the thing running and I fixed it for them gratis. When I was done, isolation was on and UPnP was off.
The problem here is everyone is looking through a telescopic site at an antelope while a tiger is about to jump out from the side and kill the hunter. The problem is not ports or firewalls, its the unencrypted radio signal. Packet sniffers can pick up any information that is not encrypted with SSL and some newer tools make this process much easier thanit was in the past. While the logon is almost alway encrypted, there are session cookies that allow access, and these are often not. Gmail is cited as an example of logon only encryption. There is a free program Hotspot Shield available from anchorfree.com. This claims to set up an encrypted connection with their servers. There is only one problem. Their servers are so busy the program does not work, at least for now.
are you currently running HotSpot Shield, Diver? i used to like the program but just the last fews days i have been having problems with this product... it now places its ad in every tab even when its not running, it never used to do this so i am wondering if they have changed the program...i uninstalled, re-installd, and then uninstalled and it still places its ad on all the tabs...i cant get rid of this thing now i am wondering if anyone else is having the same problem or just me...
Here's another option: Comodo TrustConnect is in beta. It's a version of openvpn (which is open source), and Comodo gives you a personal certificate and a key to tunnel - encrypted wireless or ethernet - via their openvpn server. Details are at the Comodo forums. It's free at the moment, although they might charge for the service later. You need to get a beta "invite" at the forum; and I understand you have to provide ID to be authenticated.
As I mentioned before, I was unable to reach their server at all. My take on this is that if a server that does this encryption is free, it will be slow, just the way that Tor is. Otherwise expect adds or paying an annual fee. The good news is most financial sites are completely SSH. The bad news is most web based email is SSH for logon only. Perhaps this will change now that some focus is being given to this issue.
For free webmail? Forget it - encryption increases costs (server CPU in particular) making it a significant burden. Even revenue-generating shopping sites keep their use of https pages to a minimum.
In order to use Hotspot Shield your firewall must allow bi directional UDP for pretty much all ports to Anchorfree's server. Its at 38.99.101.0/255.25.255.0. They might not have all of that range, and it might be possible to cut down on the port ranges some. Once you connect a pretty good chunk of your screen is reserved for advertising from them. Parnoid2000, where have you been hiding?