Overclock.net banner

1 - 8 of 8 Posts

·
Registered
Joined
·
69 Posts
Discussion Starter #1
Hello yall great site you have here I'm glad I stumbled upon it. Anyways I have a firewall on my computer and sometimes when I'm on it I get weird connection attempts from ip's that are unfamiliar I was wondering what I should do about them if anything at all besides blocking there ip's and what they are trying to access. I mostly see system connection attempts but I deny them. ty
 

·
Registered
Joined
·
69 Posts
Discussion Starter #2
sorry if this is a bad question to you guys but I'm somewhat new to configuring firewalls. I just figured out how to use it really port wise and how importent they are. I only connect with tcp now through 1 remote port, when I used to just make it TCP/UDP both directions any remote(bad idea I know now) on explorer but switched to firefox. Well now when I'm online I get incoming connection attempts from strange ips any idea why they are trying to access my system and firefox? I denied all incoming outgoing from my system and dont have any problems but was wondering if maybe the system is needed for something I don't know about.
 

·
Banned
Joined
·
1,077 Posts
If you don't have programs that perform auto-updates and you are not browsing/chatting etc... then all the incoming connections (even the outgoing ones) are unjustified.
You are better off blocking them until you realize you are experiencing a problem (such as an anti-virus program unable to connect to the server to retrieve the latest virus definition file). When you discover such an issue, just allow the specified program to pass through a specified port to the server's ip
Since you are not running a Win NT/Win 2000/ WinXP based version then I doubt you are being hacked by trojans such as the Welchia, Blaster... because these don't infect Win98 machines.

On the other hand your machine might be subjected to random scans by hackers who scan entire domains looking for vulnerable/infected hosts. Keep all incoming connections (both TCP and UDP) blocked and only allow those that you need along the way.

Also, if your ISP doesn't constantly ping you to know your machine is still online and thus avoid disconnecting you... I suggest you block all incoming ICMP attempts as most hackers simply sweep an entire sub-domain with pings first. Then the machines who reply to ping requests (meaning they are alive) are further probed for TCP and UDP vulnerabilities.
You can also add a rule to allow ping requests from you ISP server (ICMP type 0) and ping replies from your host (ICMP type 8) to your ISP server only.
 

·
Registered
Joined
·
69 Posts
Discussion Starter #4
Thanks alot I just disabled all incoming/outgoing icmp echo requests and system connection attempts because thats what most of the weird ips want to connect to. The ICMP wants my tcpip kernel driver for some reason any idea why? Thanks alot you helped me out a majorly.
 

·
Banned
Joined
·
1,077 Posts
What exactly do you mean by "The ICMP wants my tcpip kernel driver".
What firewall are you using ?
I can tell you that I'm using Tiny Personall Firewall and whenever I want to successfully block ICMP based connections I need to set this at the "system process" level.
The ICMP protocol is situated at the network layer level and thus I don't think it can be blocked on the application level.
Check this link for more details.
 

·
Registered
Joined
·
69 Posts
Discussion Starter #6
I'm using Kerio Personal Firewall 2.1.5. . What I 'mean is when I read the details about the incoming icmp request it says its trying access my kernel driver. I do have it blocked in/out in my firewall and I can still access the net.
 

·
Banned
Joined
·
1,077 Posts
Yes it's up.

Concerning the attempt to access the "kernel driver" you might want to check this page.
Why not try to search their forum for a similar thread/problem or perhaps start your own thread there about this issue.
 
1 - 8 of 8 Posts
Top