0
Jib

Firewall Question

Recommended Posts

I installed Sygate Personal Firewall. A computer from south america tried to connect to "Kchco.exe" Anybody, know what it is? The other two that seem to be resident are Microsoft Qmgr and Win32 Kernel Core Component. Thoughts?

Thanks

Share this post


Link to post
Share on other sites
Quote

I installed Sygate Personal Firewall. A computer from south america tried to connect to "Kchco.exe" Anybody, know what it is? The other two that seem to be resident are Microsoft Qmgr and Win32 Kernel Core Component. Thoughts?



couldn't tell ya, i'm computer stupid ;)

later

Share this post


Link to post
Share on other sites
Quote

There is a FREE online virus scan at my website:

www.datagon.com

(the above link is a shameless plug to my site) :P



It was a backdoor, which was a pain in the ass to get rid of... it found 3 more after I got rid of the first 4! & then, I kept going and found 55 more and that's just in /windows!

Thank you. Thank You Thank You.
I owe you much beer.

jib

--------------------------------------------------
the depth of his depravity sickens me.
-- Jerry Falwell, People v. Larry Flynt

Share this post


Link to post
Share on other sites
When you have a DSL or Cable connection and have a small network @ home, I would suggest getting a router that has a firewall. When you don't have a network or have ISDN or a modem get something like Zone Alarm to help you protect your computer.

Share this post


Link to post
Share on other sites
Well not sure about quid. But... A router is only about $80 US for a decent one, and is worth every penny. And software firewalls do not NAT, that is itself allows a lot of flexibility. The weakest link in any software firewall is the user which utlimately decides what to pass and what to drop.

Below is a document I had to write for work
Quote

DSL ‘firewall’ research

Questions to be addressed:

1. Do we need stateful inspection?

2. What does the Linksys offer?

3. What does ZoneAlarm offer in addition to that?

4. Alternative configurations

a. Cisco with WIC
b. IP Tables box

1. Do we need stateful inspection?

If in fact we do require full Stateful Packet Inspection, the Linksys does not offer 100% stateful inspection. It offers limited stateful packet inspection due to the feature that it is aware that traffic returning is in response to an established connection. Firmware 1.38 through 1.42 offered an option for stateful packet inspection. Firmware 1.43 the version we have) and above do not offer this option. Josef at Linksys told me in a phone conversation that this was because the feature was no longer necessary and with the current firmware did not enhance security.

2. What does the Linksys offer?

The Linksys BEFSR41 provides a ‘firewall’ in the form of NATing. This is not a true firewall in the form of stateful packet inspection. However it drops all unrequested traffic. It also removes your LAN segment from a publicly routable segment. By default all ports on the Linksys are set as stealth. In addition to this, multiple features may be added. In our current config, Disable WAN requests is enabled and Remote Management is disabled.
Blocking WAN Requests
By enabling the Block WAN Request feature, you can prevent your network
from being “pinged,” or detected, by other Internet users. The Block WAN
Request feature also reinforces your network security by hiding your network
ports. Both functions of the Block WAN Request feature make it more difficult
for outside users to work their way into your network.
Using Remote Management
This feature allows you to manage your Router from a remote location, via the
Internet. To enable this feature, click on Enable, and click the Apply button.
Then click the Continue button. Remote Management must be activated
before you can manage the Router from a remote location.

In addition to these features filters may be used to limit outbound access. This is a very similar feature to what Zone Alarm allows, except these filters may only be changed by a router admin and there are a limited number of filters. The Linksys also offers limited syslogging. Currently this is not enabled, but is easily configured if desired.

3. What does ZoneAlarm offer in addition to that?

My research indicates 3 reasons to run software firewall software:

1. to block unauthorized outbounds. The Router can block selected outbounds if you set up the right filters, but that will be at the port or address level, not at the application level.

2. in case the Router's Inbound firewall is imperfect, the software firewall gives you a second layer of protection. No reports of this happening have been found.

3. if you ever use a dial-up modem as an alternative to the Router, you'll have no protection at all unless you're running a software firewall. When would you use the modem? When the Router, cable, or DSL line is down; or if you use more than one ISP.

It must be addressed if any of these apply to us. In my opinion Zone Alarm on the DSL test box is of no matter for a few reasons: a) for most testing you will have to allow almost all traffic anyway, b) it is not connected to the LAN, and c) the person at the console should be an IT employee. Do these same points apply to the Batch machine in an emergency? Emphatically no! However, the main question that fills the void left by those three reasons is whether a night operator will make informed decisions allowing traffic with zone alarm. After all; with a software firewall, the ultimate decision lies with the user.

4. Alternative configurations

There are a few alternatives if it is decided that we require more functionality than is currently available with the Linksys. Cisco makes an ADSL WIC for series 1700 and above. It would be possible to implement a Cisco router and utilize advanced access lists and other functions. However, it is Gary’s opinion that while functionality would be gained, administration would be much more complicated and a security increase would be rather insignificant. A second option would be deploy a linux box running IP tables, allowing full packet filtering. However, once again administration overhead goes up and the question remains…what do you want to block?

Conclusion

The configuration we now employ is similar to most residential DSL setups. It is not 100% secure, however, it may be said that nothing is. The original motivation for using this router was that our version of ZoneAlarm, which is far from being a licensed copy, was continually causing problems on the batch machine in time of emergency. If the batch machine cannot access SBC email servers, etc, during an outage, the entire DSL implementation is ineffective.


--
All the flaming and trolls of wreck dot with a pretty GUI.

Share this post


Link to post
Share on other sites
Personally I prefer and run Netgear. However, Linksys is not a bad router. I simply think way too much changes between firmwares. You can see that referenced in the doc above. My netgear offers more of the options I seek, although it is via telnet. But either would be a step above nothing. Plus....no more net send/Windows msger spam.
--
All the flaming and trolls of wreck dot with a pretty GUI.

Share this post


Link to post
Share on other sites
I have a Lynksys 4-port router at home, tied into PC-Cillin and ZoneAlarm Pro. So far, I like it pretty well. Just be sure to change the damned default password!

It isn't like the Pix at work, but then again, for a total of about $200 (hardware + software) the boss bought me a "good-enough" system for a good price.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

0