questions on public wi-fi

Discussion in 'other firewalls' started by jfd15, Jan 24, 2008.

Thread Status:
Not open for further replies.
  1. jfd15

    jfd15 Registered Member

    Joined:
    Oct 12, 2007
    Posts:
    234
    Location:
    Sacramento, CA
    Hi,
    i was using the public library's free wi-fi again and noticed that Comodo FW
    had blocked 3 attempts from Windows to send packets to another local
    computer on the wi-fi network...i then checked further for open connections
    and my computer had been sending packets to 2 other computers on the
    local wi-fi...so i am wondering if there is any reason that my computer
    would send or receive data from another notebook computer on the
    public wi-fi network or did i get hacked again? do i need to look for
    keyloggers and other malware junk now and if they did hack my computer,
    how did other 2 get past Comodo FW with no notice??
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    It's almost impossible to provide you with much useful information without knowing what your firewall alerted on. The specific logs from the event really are needed if people are going to do more than just guess at what might have happened, or give more than general advice to scan your PC and such. Same for the open connections. What were they and what ports/protocols were involved?
     
  3. jfd15

    jfd15 Registered Member

    Joined:
    Oct 12, 2007
    Posts:
    234
    Location:
    Sacramento, CA

    thanks for the response LowWaterMark - the blocked events just said Windows OS was the app,TCP, source port 1793, dest. port 2869.....dont know if thats enough to
    go an as i dont have the records of the other connections...mostly i am just
    wondering if there would be any reason fro my computer to be sending and
    receiving packets from the other two computers on the wi-fi network, aside from being hacked...they look to me to be other laptop computers, nothing to do with the library, as the name they gave their PC's showed up on colasoft MAC scanner program
     
  4. ethernal

    ethernal Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    132
    Location:
    Stockholm, Sweden
    2869 is used by upnp in windows, completely legit.

    unless you're using it a lot at home behind your router, i suggest turning it off.
     
  5. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Your computer is probably trying to discover the other computers on the local network. Have you set up the library network as untrusted?
     
  6. jfd15

    jfd15 Registered Member

    Joined:
    Oct 12, 2007
    Posts:
    234
    Location:
    Sacramento, CA
    i set the library network up as "public" in vista....

    could be innocuous then from what you think then Diver?
    am probably a little too paranoid here...
     
  7. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Possibly too paranoid. Is anything else wrong, if not you are probably OK.
     
  8. jfd15

    jfd15 Registered Member

    Joined:
    Oct 12, 2007
    Posts:
    234
    Location:
    Sacramento, CA

    no, nothing else...thanks...
     
  9. jobeard

    jobeard Registered Member

    Joined:
    Jan 31, 2008
    Posts:
    15
    Location:
    So. Cailf
    at any hotspot, DISABLE File/Print sharing and only allow
    email, browsing, dhcp, dns access
    (25,110,143) (80), (67), (53)

    SSDP and UPnP are never necessary anyway so set those services to
    DISABLE.
     
  10. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Second that. Disable it by going to run --> services.msc and disabling SSDP and UPnP.
     
  11. jfd15

    jfd15 Registered Member

    Joined:
    Oct 12, 2007
    Posts:
    234
    Location:
    Sacramento, CA
    thanks ethernal, jobeard, and huangker...

    disabling SSDP and UPnP...
     
  12. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    You are going to need 443 if you use most internet based mail services and other ports for multimedia. Besides, several of those are remote ports. I would be more concerned about my local ports.
     
  13. jobeard

    jobeard Registered Member

    Joined:
    Jan 31, 2008
    Posts:
    15
    Location:
    So. Cailf
    oops; yes you need 443 to be open too.

    Local Ports? I was assuming the default rule is DENY ALL, so
    inbound 0-1024 should be protected and if truely implemented correctly,
    so should 1025-65535.

    ONLY replies to an outbound request should be allowed (again the default).
     
  14. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    I use hotspots very frequently. The usual policy is to set up the access points for isolation so that the clients can not see each other. I have never had a problem, or even had to deal with an attempted attack. As for UPnP, I have yet to find an access point where this feature was not turned off, except for one where the hotel staff could not get the thing running and I fixed it for them gratis. When I was done, isolation was on and UPnP was off.
     
  15. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    The problem here is everyone is looking through a telescopic site at an antelope while a tiger is about to jump out from the side and kill the hunter.

    The problem is not ports or firewalls, its the unencrypted radio signal. Packet sniffers can pick up any information that is not encrypted with SSL and some newer tools make this process much easier thanit was in the past. While the logon is almost alway encrypted, there are session cookies that allow access, and these are often not. Gmail is cited as an example of logon only encryption.

    There is a free program Hotspot Shield available from anchorfree.com. This claims to set up an encrypted connection with their servers. There is only one problem. Their servers are so busy the program does not work, at least for now.
     
  16. jfd15

    jfd15 Registered Member

    Joined:
    Oct 12, 2007
    Posts:
    234
    Location:
    Sacramento, CA

    are you currently running HotSpot Shield, Diver?

    i used to like the program but
    just the last fews days i have been having problems with this product...
    it now places its ad in every tab even when its not running, it never used to do this so i am wondering if they have changed the program...i uninstalled, re-installd, and then uninstalled and it still places its ad on all the tabs...i cant get rid of this thing now

    i am wondering if anyone else is having the same problem or just me...
     
  17. Tadoussac

    Tadoussac Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    118
    Here's another option:

    Comodo TrustConnect is in beta. It's a version of openvpn (which is open source), and Comodo gives you a personal certificate and a key to tunnel - encrypted wireless or ethernet - via their openvpn server.

    Details are at the Comodo forums. It's free at the moment, although they might charge for the service later. You need to get a beta "invite" at the forum; and I understand you have to provide ID to be authenticated.
     
  18. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater

    As I mentioned before, I was unable to reach their server at all. My take on this is that if a server that does this encryption is free, it will be slow, just the way that Tor is. Otherwise expect adds or paying an annual fee.

    The good news is most financial sites are completely SSH. The bad news is most web based email is SSH for logon only. Perhaps this will change now that some focus is being given to this issue.
     
  19. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    For free webmail? Forget it - encryption increases costs (server CPU in particular) making it a significant burden. Even revenue-generating shopping sites keep their use of https pages to a minimum.
     
  20. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    In order to use Hotspot Shield your firewall must allow bi directional UDP for pretty much all ports to Anchorfree's server. Its at 38.99.101.0/255.25.255.0. They might not have all of that range, and it might be possible to cut down on the port ranges some.

    Once you connect a pretty good chunk of your screen is reserved for advertising from them.

    Parnoid2000, where have you been hiding?
     
Loading...
Similar Threads
  1. ttomm1946
    Replies:
    0
    Views:
    518
Thread Status:
Not open for further replies.