I left home in the morning, at 3pm, my firewall policy was changed to 'allow all' I found out by 9pm, appears to be running fine. the peerguardian does not log because I ask it not to. I am running windows 2k with jetico free version, and antivir. no antispyware because I dun have enough ram. what could explain this situation? is there any way to trace what happened?
Have a Kid at home that maybe wanted it changed ? or some other person. ? otherwise if there was a attack before the firewall was changed it would be in the Log entry for the Firewall. Depending on What firewall you have Need more info 1. What Firewall you running jetico the firewall (never heard of it is why I ask) 2. Could it of been changed from home Like a kid or someone ? 3. check logs if your firewall provides them
Endorse that, most likely suspect kids wanting to play a game and needing internet access. Look at the firewall logs and when it are ip addresses of game servers you have an internal hacker, otherwise you were hacked before, changing the FW policy to allow is also a typical script kiddy who entered through an open port/remote desktop/assitance service. Harden your PC (disable all remote assistance entries), check whether this service is allowed through your firewall. Regards Kees
no, no one in the house is smart to know how to deal with firewalls and other stuff, heck, they don't even know what tray icons are, let alone changing the settings. also, jetico don't pop up random junk that asks user to change firewall settings. it only asks if the connection to certain server is allowed or rejected to create new rules. I only noticed 2 changes: 1 of the 2 torrent clients was closed, while the other stays running. firewall becomes allow all. that was about it all I noticed, but that's because I don't know what other changes happened on my system. the firewall is pretty much the only logger running on my system.
Okay, I believe you, but . . don't forget the friends of your kids, maybe he/she wanted to show a new game. For cleaning . . . have a look at this post https://www.wilderssecurity.com/showpost.php?p=1253046&postcount=3 https://www.wilderssecurity.com/showpost.php?p=1253160&postcount=10 https://www.wilderssecurity.com/showpost.php?p=1253312&postcount=13 https://www.wilderssecurity.com/showpost.php?p=1253331&postcount=15 There are several forums where HJT (Hijack This logs) are read by experts. Regards Kees
Hello, Could it be that you had a power surge and the computer restarted? Sometimes this can mess the firewall settings ... Mrk
Well, the free version of Jetico hasn't done so well in leak tests, however I don't have any information about the protection it provides from attacks. Also, I doubt any kid would be able to change it settings, I remember that the Jetico interface is a little bit confusing. Consider that the free version is an old version, so that bugs and errors may have been found and corrected in the newest commercial version, so there is a possibility of an intrusion...
You stating that you use peerguardian was all needed to be said. I hope you realise that peerguardian has a "time-bomb" programmed into it, and it set to activate particular instructions at certain times to OPEN YOUR SYSTEM to the writers and hackers behind peerguardian. Simply put... If you install any piracy supported programs and if you do any illegal downloading of (c) movies, games and programs etc, then you better expect to get hacked because the programmers who write these type of programs to help people commit illegal crimes on the internet also program a "BACK-DOOR" in the programs that allow them full access to your PC. I KNOW WHAT I AM TALKING ABOUT.. (Psi - future crew)
I'm quite interested also in seeing references regarding that. Pretty sweeping accusation, there. (Hiya, Argus.)
I do not have the source code for the program, so unless I did, I cannot prove it. So I openly admit I have no proof. So people have a choice to make. 1. Conclude my comments are baseless and disregard them. 2. Ponder my comments and accept the idea that what I say may be true and valid.
Well, obviously the seemingly intelligent option is (2), simply because you don't give us much to go on, and if it is a possibility, it would be foolish to disregard it. (An argument could be made for option (1) on the same basis.) Go on. Give us some clues. Something a bit more credible than a shouted opinion. Doesn't do much for me.
Peerguardians source code http://peerguardian.svn.sourceforge.net/viewvc/peerguardian/trunk/ http://sourceforge.net/project/showfiles.php?group_id=131687
Well of course what you say may be true and valid. The idea that there is a hitherto undiscovered species of invisible airborne pig may be true and valid, certainly there is no proof that there aren't invisible flying pigs. Going with option 1 for now (hey Tarq ) edit- ^^ you've got the source code now. edit 2 - sorry to the OP for dragging this thread off track. Have you had a look in the event viewer? (start > run > eventvwr)
I would look into that first. I do remember problems in W2K with Jetico1 and PG, so a problem could of happened, but I have not seen the problem you mention. Being hacked is actually the last place I would start to look. As far as the PG(peerguardian) is concerned, I have known/used that application for quite a while(to block spyware etc), the source code is available, that is actually why you should check where you download the application,... when executing PG, you should get a popup to verify that you are using the genuine version. If the genuine version was in any way a compromise then we would of certainly seen many reports by now. But, I am still open to any proof of such.
Me having the source code is totally irrelevant, because the source code I have and which I compile may be different from the compiled version that most people would download and install. Think about it And as Stem mentioned above, you should check where you download the application. Because MOST people would be installing a version that has already been complied by someone else, and they do not know this person personally, and they cannot verify that the place they downloaded the program from is a valid and reliable place. To be certain, a person would need to learn programming, then download the source code for themselves, and go through the source code line by line and then compile their own version. All I will say is this... There are compiled versions out there that people have and are downloading and installing that has a "back-door". So use this program at your own risk.
Stem: As you may remember, I use PG2 as a blocker. But reading this post here I'm worried that I get no pop up with daily use of PG 2. We are taling of PG 2 correct? Maybe you meant during installing? How can a user confirm they have a valid version. Mine was downloaded from: http://forums.phoenixlabs.org/ Please advise. Pending more information I will discontinue PG 2.