Firewall Puzzler - Network

This is a discussion on Firewall Puzzler - Network ; I'm running Mcafee personal firewall on a computer behind a Linksys BEFSR41 cable modem router/switch. This has worked fine for weeks. All of a sudden, when I booted up today, Mcaffee started logging attempted unsolicited connections to ports 137 (NetBIOS ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Firewall Puzzler

  1. Firewall Puzzler

    I'm running Mcafee personal firewall on a computer behind a Linksys BEFSR41
    cable modem router/switch. This has worked fine for weeks. All of a
    sudden, when I booted up today, Mcaffee started logging attempted
    unsolicited connections to ports 137 (NetBIOS Name) and 138 (NetBIOS
    Datagram) From the Computer's Own Locally Assigned IP (192.168.1.100).
    Mcaffee is also logging attempts to access port 162 (SNMPTRAP) from
    192.168.1.1 (the Linksys' IP). (Also, if I turn the cable modem off, these
    attempts keep generating.) What's going on here? A normal day for Mcaffee
    had been to log nothing at all, because the Linksys blocked everything.
    TIA!

    ---Mick



  2. Re: Firewall Puzzler

    "Mick" wrote in message news:...
    > I'm running Mcafee personal firewall on a computer behind a Linksys BEFSR41
    > cable modem router/switch. This has worked fine for weeks. All of a
    > sudden, when I booted up today, Mcaffee started logging attempted
    > unsolicited connections to ports 137 (NetBIOS Name) and 138 (NetBIOS
    > Datagram) From the Computer's Own Locally Assigned IP (192.168.1.100).
    > Mcaffee is also logging attempts to access port 162 (SNMPTRAP) from
    > 192.168.1.1 (the Linksys' IP). (Also, if I turn the cable modem off, these
    > attempts keep generating.) What's going on here? A normal day for Mcaffee
    > had been to log nothing at all, because the Linksys blocked everything.
    > TIA!
    >
    > ---Mick


    Since you are using the LinkSys router then you don't really need the
    McAfee firewall on your computer. The router performs the firewall
    screening for you. Usually hardware firewalls are better than
    software firewalls. I don't use a software firewall because I have a
    router and all of the tests that I've done online through McAfee,
    Norton, and other places show my network to be completely secure. So
    I save money by not having to buy the firewall software. Don't take
    off the virus protection, but if you disabled the McAfee personal
    firewall it wouldn't hurt. That is, of course unless the computer you
    are using it on is in a DMZ outside of the firewall. If so, then
    disregard the aforementioned comments.

  3. Re: Firewall Puzzler

    I disagree with John. Say you get an email that has an attachment
    which contains malicious code. The code when executed is programed to
    notify the hacker of a victim or perhaps send bank information to the
    author of the code. The bank information of lets say cached internet
    files stored on your computer. Can your router prevent this? NO.
    Most personal firewall softwares now a days ship with complete
    protection from Internet to the aplication. In security there is no
    magic bullet. Keeping yourself safe is a continous process.

    Mo

  4. Re: Firewall Puzzler

    SekureSupport@aol.com (Mauricio Fernandez MCSE, CCNA) wrote in message news:<90ebab91.0405230447.545f7366@posting.google.com>...
    > I disagree with John. Say you get an email that has an attachment
    > which contains malicious code. The code when executed is programed to
    > notify the hacker of a victim or perhaps send bank information to the
    > author of the code. The bank information of lets say cached internet
    > files stored on your computer. Can your router prevent this? NO.
    > Most personal firewall softwares now a days ship with complete
    > protection from Internet to the aplication. In security there is no
    > magic bullet. Keeping yourself safe is a continous process.
    >
    > Mo


    Good to know, thanks!!

  5. Re: Firewall Puzzler

    Some firewalls like Kerio's Personal firewall or Zone Alarm ask you if
    you wish to Permit or Deny every inbound or outbound connection your
    computer is trying to make, and what program is asking to make this
    connection, along with the source and destination.

    Therefore a Firewall will not prevent u to catch a worm but it will
    stop it from spreading. Say you have a network of 100 computers, and
    you have a personal firewall on each work station. 1 machine gets
    infected with a worm by downloading email with executable code. It
    will try to propegate but the firewall is unaware of the rule set by
    the administrator so it will ask you, would u allow "infected program"
    to make outbound connection to "potential infected computers".

    This is just one vague example. Remember a firewall is nothing more
    keep the good in and the bad out. Another application use would be
    blocking AIM. Setting the rule to block AIM would not allow users on
    your network to ever use AIM. Why block AIM? AIM has file sharing
    capabilities which no administrator can monitor. Any user can
    download malicious code on purpose or by accident, by passing all
    other security measures in place. YES you can block ports 5190 but
    you can set AIM to use other ports to by pass the traditional Access
    Control Lists.

    When you are trying to secure the network the OLD SCHOOL way to do it
    as proposed by AT&T in the 70s I think was to Secure the
    Perimiter(Crunchy on the outside, soft and chewey on the inside). Now
    things have changed. You have to consider every user of your network
    is a potential threat. The users are our greatest weakness. We must
    know lock down every single workstation and device, and create
    awareness to current worms circulating the network and social
    engineering as well.

  6. Re: Firewall Puzzler

    It's obviously some kind of trojan, trying to open (or gain control
    of) those specific ports. Netbios is notoriously easy to hack, so
    that would be my guess, especially if the attempts are comming from
    the pc's IP address.

+ Reply to Thread