Maximum Security FW Rules Win98SE

Discussion in 'other firewalls' started by DEAN, Jul 30, 2003.

Thread Status:
Not open for further replies.
  1. DEAN

    DEAN Guest

    Had a Bad problem with so called Hackers at my ISP etc. and this is how to have total Security on win98se.
    1/ Install Tiny Pers FWall 2.15.A.
    2/ Install Proximitron 4.4.
    These are free.
    3/ Setup browsers to use Proximitron and allow nothing through the FW except Proximitron.
    use level 6 cfg and switch to 1 on cookie sites.
    4/ Remove any Remote Dialup Server such as AOL, Sympatico, etc. and Dialup with your own Dialup program.
    5/ In tiny rules totally block ports 135-139 and 443-445.Use this as second rule.
    6/ Enter your dial up server app. name (RNAAPP.EXE) as 4th rule and totally block it even on Dialup. If you have ISP problems.Also enter your FW Admin program Full Block.
    7/ Browse with Opera 3.61.
    8/ Now after you have connected, go to your DUN Server Binds and unbind TCP from your server and bind Netbui Protocal instead. Also check the ask for password box and use encryption box.
    9/ Your ISP hacker is now totally blocked out of your Computer.
    10/ Also ensure you have a password entered in the FW Admin page.
    11/ I saw on a hacker site that most so called hacking attempts on peoples home computers come from the ISP and they were right.!

    I use opera 3.61 Demo as it has no add server for ISP goofs to play with and also it is the fastest.

    oh ya I forgot a couple of things.

    Also ensure Proximitron allows only DNS port 53 in at its address mask.
    Actually you may not have to do this because I always surfed before without allowing incoming DNS connections but since the goons at the Synpatico ISP are perptraiting Crime they can configure you any way they want to get in.
    I also hide my files in a small free program called hide folders, and lastly I scan my drive with installwatch pro, also free to see what has been installed on my com. you would be surprized, wininet32.dll is the main oriface to keep track of you on your com among others. I also turn down the priority of the server to idle along with tapiserver.
    As you can see I had a Hell of a time to get Rid of them!!!

    Sorry Im just a beginner and have no experiance with layered FW for Win98SE.
    But remember, that no FW is any good if your ISP flashes your bias when you first Dialup( when I allowed a UDP connect) with a backdoor!!! This happened all the time with Sympatico and AOL CANADA!!! I couldnt figure out what that flash was on first connect all the time as I was flashing my bios constantly until I finally totally blockeed RNAAPP.EXE totally.
    Just wanted anyone who reads this to know how it can be done and how easily the goons at an isp can get in your computer!!!
    Tiny was used because they are still sneaking messages in through the DNS that they configured for their crimes but Tiny 2.15.A will block even its own admin program.
    I tried Zonealarm, Kerio, Norton etc. and they all failed!!! because they allow certain protocals by default which is a hole right their!!!
    OKAY ... NEWBIE.
     
  2. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    One sec... Kerio 2.1.5 which is the last version of 2x is just like Tiny, but is more secure than Tiny 2.1.5 so I have no idea what your problem was there...

    Now your problem with being hacked, with my rules unless they get something on my system through an exploit like an IE based browser, or a program I download it won't get on. Then it won't get out unless it piggybacks an application, and conforms to the rules I already allow. Servers are quite known for exploits, and people gaining access to your system through servers you run. Which could have been the likely cause.

    Its good you have your system secure now, but what you describe isn't even as anal as my configuration. So it all comes to show you, that it was all in your rules :cool:

    There is also a registry tweak you can make in Kerio 2x to prevent all traffic if the engine is shutdown, its not an official feature as there was one problem, but its a way to stop the ones that try to disable your firewall.
    Kerio registry tweak
     
  3. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :cool:ha ha ha i have you all beat mine most secure then all of yours check this out lol

    blaze unplug phone line to his pc lol

    sure theres a few bugs i havnt got it all figured out but its a start lol :D
     
  4. Dean

    Dean Guest

    This is an update to my original Post. You can also block out your ISP hackers by leaving your bind to your DUN server on TCP but in advanced settings specify a single address for the server witch of course is not them!!!

    Okay guys!!!
     
  5. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Geez, it's so simple with LNS :D
     
  6. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Well if you just want to load up one of their default rulesets then what are the chances you understand what its doing? Most people don't fully understand how to configure the firewall, and just rely on something they don't know how to configure themselves. While its defaults are the strongest I have seen, they still do have security holes which can be prevented by customizing the configuration which many won't do as they don't know how.

    In the topic creators case, it was necessary for them to learn how to properly configure the software which seems to be an enigma to many as they don't want to take the time to learn until its too late, or they blame it on their software which in fact was mis-configured.
     
  7. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    LNS and it's enhanced ruleset is THE ONLY firewall currently on the market that has all known firewalls vulnerabilities patched for.
    So before you advertise for any other, you better try them all. I have ! ;)
    Even ATELIER Web Firewall Tester (AWFT) is no match against LNS
    http://www.atelierweb.com/awft/index.htm
     
  8. _anvil

    _anvil Registered Member

    Joined:
    Jun 18, 2003
    Posts:
    56
    @MickeyTheMan

    What about Copycat, Wallbreaker, PCAudit und the new "shell_execute" exploit? :rolleyes:

    http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/pageweb/test.html
     
  9. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    http://www.wilderssecurity.info/pg5.shtml
     
  10. _anvil

    _anvil Registered Member

    Joined:
    Jun 18, 2003
    Posts:
    56
    Yes, Phant0m, exactly... (nice page, btw.) :)

    Not really "all known firewalls vulnerabilities", which L'n'S can handle - still it's better than most other PFWs in this area... :cool:
     
  11. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :Dyou know i wasnt going to step in here but DEAN
    way is probably the best way and a difrent way at looking at it.

    only thing that bad boy is missing is a hard ware fire wall.

    i got the jest of what he is doing on his pc it just i wish he told us newbies step by step how to do this stuff with pictures

    also where to get your owen dialer to sighen on to aol rather then use aol's

    lots of good stuff but leavs me asking more qustions

    id like an easy way to know how to set my pc up like that add that with my newbie security stuff hta stop and my other cool toys id be like a rolling tank or battleship

    maybe a small tutorial on where to go what to install and how to set everything up from begining to end.

    add our security experts in on it and they wll most likely add better software recomendations makeing it evenmore secure but the D man has the right template in mind
     
  12. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    You don't even need a firewall installed to pass Pc Audit.
    I remember testing that many months back and passed with simply NAVISCOPE installed and firewall disabled

    Copy cat supposedly installs exploited.txt file on c Drive. Nowhere to be found after trying it 3 times.
    Wallbreaker stopped stone cold when IE tried to load as i use a pacfile ( spyblocker software) which IE needs to load.
     
  13. DEAN

    DEAN Guest

    Hi Its me again, its easy to do, just go into Dialup Netwoking, right click my connection and click properties.
    Then go to server types, your server types, and click require encrypted password and data encryption. Now at the bottom hit tcp/ip settings and click specify an IP address and leave it set at 0.0.0.0. Now noone can use your DUN server to do anything. Of course you must do this after you have connected and remove it when done surfing
     
  14. DEAN

    DEAN Guest

    Okay get this guys, I was banned from the so-called SecurityForum.com for making this Post. Its clear that many dont want the people to know the truth here.
    Your ISP lives in your computer and if you have an idiot their, your having nothing but problems on your computer all the time, RIGHT!
    This is obviously a truth that the ISP hackers dont want anyone to know as they could lose their power over peoples computers!!!
     
  15. _anvil

    _anvil Registered Member

    Joined:
    Jun 18, 2003
    Posts:
    56
    @MickeyTheMan

    I think we discussed here before, that it is always somehow possible to "beat" a certain leaktest without a firewall (due to system setup, applications installed, registry tweaks etc.) - but it is _not_ the leaktest itself, which has to be beaten, but the 'method' it uses... and, as example, I highly doubt, that you can generally prevent dll-injection (PcAudit) into an arbitrary processes by the use of Naviscope... :rolleyes:

    In the tests linked above, it was the goal to determine if the firewall itself was able to cope with the different 'methods' of leaktests (independent from system config, other apps etc.) - so I think, you can trust them (look, even Phant0m, the greatest Look'n'Stop-fan on earth, confirms the results! :D )
     
  16. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    PcAudit is relying on UserAgent; which Naviscope was capable of blocking to prevent a Successful Connection, and even though Naviscope blocked UserAgent PcAudit still bypassed the Software Firewall to get up-to the point of Connecting. And if pcAudit author wasn’t lazy he/she could easily remove UserAgent usage as it’s not necessary. DLL Module Filtering will resolve PcAudit leak issue however copycat is a whole other story…
     
  17. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Geez Will, are we going to have to fight as to who is the the greatest LNS fan too ? :D

    And should i have to disable all my security preventive measures just to prove that CopyCat and Wall breaker are indeed able to go through my firewall when in fact they are blocked by one of those measures
     
  18. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
  19. _anvil

    _anvil Registered Member

    Joined:
    Jun 18, 2003
    Posts:
    56
    Rooouuund one.... fight! :D

    If you want to test your _firewall_, then yes, of course... ;)

    And look what Phant0m wrote: just the fact, that Naviscope can block _parts_ of the _demo exploit_ PCAudit doesn't automatically mean that the next _real trojan_, which uses some PcAudit-methods, will be blocked by Naviscope... :rolleyes:
     
  20. Dean

    Dean Guest

    Heres another update guys, HERE THIS!!!

    Okay I was listening to a lot and thought I would try Looknstop FW which when I looked at it, Looked Real Good!.

    WOW what a mistake the ISP idiots flahed my bios right away and somehow disabled my drive to access the Internet!!!
    I totally wiped the drive, recreated the partitions with FDISK etc.I replaced io.sys,command.om, put anold system on the newly reset drive and I still cannot go on the internet with this drive, Im now on my backup.
    Its clear these ISP Goons have all the Criminal Tricks!!!
    They had to have put a policy into the drive somewhere?
    Im now back with tiny 2.15.a, the only one that will block this crap when you fist connect!!!
    This is even worse than hackers because most hackers just want to sneak into your computer and steel your files cause they can.
    These goons at SYMPATICO.CA are obviously malicious idiots in the Criminal category. Of course I must say that it is never your ISP provider but always a moron with the power of a Genuis at their fingertips!!!

    I also recommend my first statement of resetting your DUN SERVER to NETBUI PROTOCAL.

    Really mad DEAN
     
  21. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    What bull-****!
     
  22. DEAN

    DEAN Guest

    Bullshit is right, as I was making this post my computer crashed!!!

    FIGURED IT out YET!!!
     
  23. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    And i suppose i hacked you yea? What other stories you going to tell.....
     
  24. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Dean, your sharing your hd with the internet? Why? That's a huge security risk, and if they have that access they can likely do much more to your system. Its what you allow on your system that is the security risk, it doesn't matter if its a server, a file you downloaded, or an exploit in a listening service on your computer. Your blaming your shortcomings on the software as you don't know how to confgure things properly.

    I've read this thread, and its all come down to you generally don't know what your talking about. Your "Maximum Security" configuration wasn't even near as secure as my configuration, and Kerio 2.1.5 is an upgraded version of Tiny 2.1.5a.
     
  25. DEAN

    DEAN Guest

    Dont talk unless you have to fight your way through these idiots. This post is for learning for guys that have had lots of problems on their computers, i,ve seen it all over the forums.

    So why dont you tell us how to do it right pal!!!
     
Loading...
Thread Status:
Not open for further replies.