Results 1 to 8 of 8
  1. #1
    2 Star Lounger
    Join Date
    May 2002
    Location
    Nr. Edinburgh, Fife, Scotland
    Posts
    166
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Is my computer invisible?

    I recently read in this Forum how to find out your correct IP Address, so I did it and then revisited Shields Up where I had always suspected that they were showing the wrong address for my computer. They were showing the wrong address, and after hunting around on the site, I used Steve Gibson`s program to identify address properly. I am part of a Private Home Network,and Shields Up tells me that "chunks of IP Address space is set aside for" off the Internet Private Networks", and they are therefore unreachable from the external public Internet" I am assuming that this means I do not need a Firewall at all. Is this true? I am running AVG which I think will totally protect my computer otherwise.Please, you experts on security, give me your opinion on this, as not having to run a Firewall would be great! Steve Gibson is really hot on security, and I am prepared to believe him. I ran a search here, but could find nothing on this topic, so please give me your views. Thanks very much,
    Elaine

  2. #2
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Long Beach, California, USA
    Posts
    1,912
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Is my computer invisible?

    *Excessive Verbosity Warning*

    If you are on a "Home Private Network" (LAN), then you are likely behind a router or you are using some type of "Connection Sharing" software. Either of these will perform "Network Access Translation" (NAT) and keep your computer essentially "invisible" to the outside world.

    Now, how much protection being "invisible" buys you can be argued and debated quite hotly even by self-proclaimed experts. Since you are coming from Steve's site, then I must assume you believe being invisible is something precious to have and behold. There are many others that will argue against that approach -- but since you are on a LAN and using NAT, the argument is moot -- you don't have any choice.

    Now, there a two components to a good firewall: Inbound protection and Outbound protection. While NAT provides you with highly effective Inbound protection, it provides you with NO Outbound protection. If you sit in the camp that believes invisibility is a meaningless marketing scam, then you must believe the primary function of a firewall is Outbound protection.

    The fact is that most viruses, worms, trojans, and other malware will get on to your computer whether or not you use a firewall. That is because firewalls are useless at stopping the major pathways to infection: 1) email attachments, 2) Active Content on web pages, 3) buffer overflows and other vulnerabilities in both email and HTML. I love hearing people say, "I use BrandX firewall and I got a trojan -- how can this be?" Firewalls simply don't prevent infections from entering your system.

    What does Outbound protection do for you? Well, once a 'trojan' is on your system, sooner or later it will want to "phone home". Outbound protection is designed to block the trojan's ability to connect back to its home base.

    The Trojan Horse analogy is actually more complete than just a "file pretending to be something it is not". The Trojan Horse had one more aspect -- the soldiers inside came out and opened the gates to let the soldiers outside in to the walled city. That is what 'trojans' do -- they get inside and open up your computer to the outside world.

    In general, there a two types of trojans: Spybots and RATs. Spybots collect data from your computer by rummaging through your files or logging your keystrokes, and later they contact their home to return that data to the person collecting it. RATs (Remote Access Trojans or Remote Administration Tools) allow someone to remotely control your computer -- using their keyboard or previously written code to do whatever they want.

    So, if you believe Outbound protection is worthwhile, then using a software firewall might be important to you. You must realize that even a good firewall may not provide 'perfect' Outbound protection -- there may still be sneaky ways to "Leak" information out. Also, relying on a good AntiVirus program to protect you against trojans is generally thought to be inadequate -- AntiVirus programs do not detect a vast majority of the trojans -- you would need an Anti-Trojan program to do that.

    This can get more and more complicated -- and only you can decide when "Enough is Enough" protection. In general, the best approach is some sort of multi-layered defence. Exactly how many layers will depend on your level of paranoia.

  3. #3
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Is my computer invisible?

    Your response regarding Trojans and the need for a special program, an "Anti-Trojan", brings up a question I've had about my system for more than a year now. Often, but not every time, when I log on to the internet via my dial-up connection, my firewall, ZoneAlarm, logs an attempt at outbound traffic. I am unable to detect any infection using Norton AV with the definitions current. But as you indicated, most AV software is not very adept at picking up a trojan infection. I did have a RAT on my system for about three days about three years ago, but ferreted out his connection link in my address book and thought I had remove all traces when I discovered the game that he had buried his code in and deleted it. At the time I installed BlackIce until I discovered it's shortcomings (no outbound protection) and replaced it with ZoneAlarm. It's been so long now that I don't recall when I first noticed this outgoing stuff, but after severl unsuccessful attempts to locate and remove the source I have just ignored it. ZA still logs several attempts each week to get out but of course stops them. Here is the message generated by ZA:

    The firewall has blocked Internet access to www.ibm.com (129.42.17.99) (ICMP Echo Request ('Ping')) from your computer.
    Time: 9/20/02 8:46:10

    I had heard that IBM had a trojan on one of their servers at one time, but can't say that it was anymore than just a rumor. As I don't get out much <img src=/S/grin.gif border=0 alt=grin width=15 height=15> I would appreciate your assistance and expertise on this matter.
    Firstly, what Anti-Trojan do you recommend ?? And secondly, how can I find and remove whatever it is that is attempting to connect to the IBM server. I have written to IBM, but, surprise !!! They never wrote back. !!
    Any insight you can provide will be greatly appreciated.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  4. #4
    5 Star Lounger
    Join Date
    May 2002
    Location
    43.8N 81.0W, Ontario
    Posts
    815
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Is my computer invisible?

    Hi Y'all
    Have any of you checked out the thread Security Forum in Lounge Matters?
    If you do, please add your comments......I'm sure the rest of us posting there would like to hear from you!

    Have a Great day!!!
    Ken
    <IMG SRC=http://www.wopr.com/w3tuserpics/KenK_sig.gif>

  5. #5
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Is my computer invisible?

    Many thanks for your prompt and concise reply. As you said, I am not overly concerned about pinging IBM, merly curious. It would be nice to find out what's doing this and why. I'll check into Agent Ransack (thanks for the url) and see what it finds.

    I do feel rather warm and fuzzy here behind my firewall, with my virus inoculations up to date and I exercise caution with unknown e-mail and all .exe files. And just to make me sleep well at night I have GoBack installed. That's "Enough" for me. <img src=/S/yep.gif border=0 alt=yep width=15 height=15>

    Thanks for your time & insight !!
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  6. #6
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Long Beach, California, USA
    Posts
    1,912
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Is my computer invisible?

    Well, an ICMP Echo Request (a "ping" packet) in and of itself is not very worrisome. But the question remains -- why is something doing this? If we look at it suspiciously, it is doing it to announce, "HEY, HERE I AM".

    However, that address is truly registered to:

    Registrant:
    IBM Corporation (IBM-DOM)
    Old Orchard Rd.
    Armonk
    NY,10504
    US

    So... I am not sure that pinging IBM is really going to be all that dangerous. I recognize that you realize this, which is why you haven't been too concerned.

    Still it would be nice to figure out the source of this. I would probably use a tool like Agent Ransack (www.agentransack.com) to rip through my computer looking for "www.ibm.com".

    As for recommending an Anti-Trojan, I am not the best person to ask. Most of them cost money, and I am very cheap! I have used TFAK (now defunct) and "AntiTrojan" (5 free runs). The only other free one is ANTS, and most of it is in German.

    Now, the question becomes -- if you have a firewall with good Outbound protection, do you need an Anti-Trojan? Maybe not. Again, it would depend on your level of paranoia. Frankly I run an Anti-Trojan scan about once a year. Others have them on in 'real time'. With a good firewall, a good anti-virus program, a secured Internet zone, and good email habits, I think I am fairly safe. That is where I draw the "enough" line. Everyone is different. ;-]

  7. #7
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Is my computer invisible?

    Thanks for the pointer. Looks to be a good source of information. One can never have too many resources, especially where security is concerned. <img src=/S/duck.gif border=0 alt=duck width=23 height=23>
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  8. #8
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Long Beach, California, USA
    Posts
    1,912
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Is my computer invisible?

    If you would like to hear multiple opinions on Anti-Trojans, I would recommend asking at the DSLR Security forum.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •