Firewall Question

v1c · Post by **v1c** » 14 Sep 2002, 11:44

Hi guys
 
 Ive just installed a firewall (tiny) and Im going through the process of setting which programs are allowed to access the net . Ive allowed the general , browser , email client , FTP program etc.
 
 I keep getting asked if I want to allow "tcpip kernal driver" to access the net , so far I keep denying it as Im not sure if it needs to be there . I can still access the net without any problems but it will ask me every couple minutes if I want to allow it access . Should I ?
 
 PS I know about TCP/IP and the net , but Im not sure about this .
 
 v1c

snipeers · Post by **snipeers** » 20 Oct 2002, 11:38

to be on the safe side though, scan your system first for any possible trojans and if there isnt any (and you trust your AV program) then its safe to say that it isnt a trojan trying to send waves to its devious master. if this program doesnt also affect your access to the net then maybe it have something to do with your server properties settings. you can always disable your firewall dialog that says "do you want this program to access the net" by choosing (in Zonealarm) the option "remember this answer the next time i use this program" - im pretty sure that Tiny also comes with this kind of option. or if you really want to know something more of the program (again in Zonealarm) you can click the More Info button to know more about it. finally you shld understand that firewalls are created to be paranoid... so GET USED TO IT. <IMG SRC="images/forum/smilies/icon_cool.gif"> [ Edited by snipeers On Date October 20, 2002 ]

BITE_IT · Post by **BITE_IT** » 20 Oct 2002, 18:08

Create a rule to allow this traffic. This traffic is normal and
 necesary for your system to function.
 Check that the IP address being contacted is part of your network though.
 
 What this is is DHCP traffic. On most hi-speed/modem connections, you don´t
 have an IP address to start out with: your ISP has to assign you one.
 Your computer, in essence, has no home address on the great big world
 of cyberspace, until your ISP gives you a "rental" address for a
 while. When the Windows Kernel (krnl386.exe) accesses the Internet,
 (assuming no trojans) it is to conduct a Bootstrap (BOOTP) in which
 your system is trying to initially acquire an IP or renew it´s "lease"
 on the one you´re currently using. Your system will send out
 broadcasts on port 67 and it will receive responses on port 68.
 Depending on the system, you "lease" the IP for anywhere from half an
 hour to months at a time.
 Simpy put, this is completely normal, but if you block it, your
 computer will either never get an IP or the lease will expire and it
 will be forced to relinquish it´s existing one, which is why the
 Internet seems to croak when to stop this traffic.
 It never hurts, however, run a TROJAN SCANNER just to be safe. I
 don´t mean McAfee´s or Nortons, I mean a real trojan scanner, like
 Kaspersy´s (www.kaspersky.com)/AVP (www.avp.ch) Tauscan
 (www.agnitum.com). I´ve also hear Moosoft suggested quite a few times
 (www.moosoft.com.) However, I can say for 99% sure that this is
 normal.
 <IMG SRC="images/forum/smilies/icon_wink.gif">

snipeers · Post by **snipeers** » 03 Dec 2002, 19:45

<TABLE BORDER=0 ALIGN=CENTER WIDTH=85%><TR><TD>Quote:<HR></TD></TR><TR><TD><BLOCKQUOTE>
 ....... It never hurts, however, run a TROJAN SCANNER just to be safe. I
 don´t mean McAfee´s or Nortons, I mean a real trojan scanner, like
 Kaspersy´s (www.kaspersky.com)/AVP (www.avp.ch) Tauscan
 (www.agnitum.com). I´ve also hear Moosoft suggested quite a few times
 (www.moosoft.com.) However, I can say for 99% sure that this is
 normal.
 <IMG SRC="images/forum/smilies/icon_wink.gif">
 </BLOCKQUOTE></TD></TR><TR><TD><HR></TD></TR></TABLE>
 i beg your pardon but NAV can scan trojans better than your recommended scanners. when scanning for trojans, a trojan scanner is likely to be unreliable coz they are paranoid - same as firewalls (firewalls on the other hand are really created to be paranoid - thats their nature and there´s nothing wrong about that). i dont know where you get your facts but certainly they are baseless. <IMG SRC="images/forum/smilies/icon_mad.gif">
 <hr>
 Arcane Knowledge Powers the Net-generation.

mr_xtc · Post by **mr_xtc** » 08 Feb 2003, 14:30

<TABLE BORDER=0 ALIGN=CENTER WIDTH=85%><TR><TD>Quote:<HR></TD></TR><TR><TD><BLOCKQUOTE>
 On 2002-12-03 19:45, snipeers wrote:
 <TABLE BORDER=0 ALIGN=CENTER WIDTH=85%><TR><TD>Quote:<HR></TD></TR><TR><TD><BLOCKQUOTE>
 ....... It never hurts, however, run a TROJAN SCANNER just to be safe. I
 don´t mean McAfee´s or Nortons, I mean a real trojan scanner, like
 Kaspersy´s (www.kaspersky.com)/AVP (www.avp.ch) Tauscan
 (www.agnitum.com). I´ve also hear Moosoft suggested quite a few times
 (www.moosoft.com.) However, I can say for 99% sure that this is
 normal.
 <IMG SRC="images/forum/smilies/icon_wink.gif">
 </BLOCKQUOTE></TD></TR><TR><TD><HR></TD></TR></TABLE>
 i beg your pardon but NAV can scan trojans better than your recommended scanners. when scanning for trojans, a trojan scanner is likely to be unreliable coz they are paranoid - same as firewalls (firewalls on the other hand are really created to be paranoid - thats their nature and there´s nothing wrong about that). i dont know where you get your facts but certainly they are baseless. <IMG SRC="images/forum/smilies/icon_mad.gif">
 <hr>
 Arcane Knowledge Powers the Net-generation.
 </BLOCKQUOTE></TD></TR><TR><TD><HR></TD></TR></TABLE>
 
 
 
 aaahhhh bull****!! nortan is good.. very good, but I found trojans with "trojan scanner" that norton did not... a while back I had a trojan that disconnects my modem and re-dials some porn line... when I send the file to norton thay said " sorry, we cannot mark this porn dailer as a trojan because it is legit" what a lot of crap!!!! so I use both of them at the moment... 1 scanner can never be enough...
 
 if in doubt scan your pc with every scanner that you can get your hands on... then update them... AND SCAN AGAIN... that is why my pc is virus free for the past 2 years... lots of attempts... but clean... it pays to be parranoid...
 
 heh heh]

snipeers · Post by **snipeers** » 08 Feb 2003, 18:41

a year ago or so i installed Lockdown Millennium (a trojan scanner) into my computer for the obvious reason of protecting my system from trojans. when i scan my .net cover disc (as a precautionary measure everytime on new softwares, etc) ... NAV doesn´t report anything but Lockdown reports one. i reported the trojan to Lockdown and they told me that they cant verify the said trojan (anyway i also reported the thing to Intelligence but they said that they also use NAV to scan there discs). the same thing holds true everytime i scan with my trojan scanner just reporting some trojans of unknown species... well from then on i decided that my trash is Lockdown ready. in your case i think your NAV´s virus definition is not updated. but then who cares about you, the porn dialer that you get is only right for you because you do like visiting some porn sites and yeah, your pc might be safe from viruses but guess what - think its full of porn inside (hope you wont mind sharing some of them to georgi). to be honest i think you should invest in some spell-checker scanner proggie than investing in some paranoid trojan scanners coz in the end even though being paranoid pays some dividend it cant save you some profanity.

Phate · Post by **Phate** » 08 Feb 2003, 20:58

Norton anti-virus worked really well. I always updated my virus definitions but unfortunately the definitions are free for only a year. I don´t want to pay!!! What FREE scanners can you sugest??