More Windows Computer Help-Desk 4 U !!!

[Azo-999]

As I've noted under the below thread from SuPrEMeBeInG, I'm NOT a selfish human being. I used to be that when I was younger, but the age let's us all be viser afterwards...
I've played with computers, programming, electronics and hacking for 'bout 20 years and seen throuh whole PC's evolution since 8086-based machines with DOS / CP/M op. systems, then windows 1 to 3.11, win95, 98 (+se), NT and now having a p2p loaded XP-Prof. using many apps daily. I've been through most registry tricks, system.ini tweaks, hosts-file configs, etc.... Programmed with VB3 to VB6, pascal to delphi and some C (and ++), last job-titled as a Systems Analyst / Programmer.
So to my point : this is a place to talk about windows (and make good questions when needing help!). Bother me with Your questions and I try to give (at least a non-dummy) answer for each. If I cannot help enough in a specific problem, then will Mr. X come hear and complete my answer (That's how we all learn more).
P2P questions I can mostly help with KaZaA related things, a little 'bout Bearshare, WinMX, e2k apps and so on.
Security against hackers is one of my specials (now having apps and shields against nearly all attacks feeling quite safe just now...)

P.S : I quess that first reply (if none) will concern about me, not windows ;-) . Hey people, You can just say hello 4 me or tell how bananas I am. I am a simple self-made guru (can even meditate when needed...)

:sw :sw :sw :sw

[Sephiroth]

Since security if your expertise then Gnutella could use some ideas to prevent malicious attacks who do things like flood the network with traffic, bad data and etc..

[Azo-999]

I noticed that broadcast traffic too after using gnutella, Bearshare, Overnet, eDonkey etc...

Then I put a stop by just xxx-downloading Sygate's personal firewall pro, configured it to block certain ports and protocols :
It is found at http://www.acedown.net, enter SyGate at the search field (Sygate Personal Firewall Pro v5.0 Build 1150)
It is far more better than Nortons Firewall / Internet Security (which are blocking too much and are hard to configure) or ZoneAlarm pro (always wining about intruders, even Your own adresses - Too much work to configure...)

With Sygate do the following :
At first find your trusted apps and set them as allowed. Others will then ask one ofter one and U decide which ones to go to net or not. Do not at first time press the "always remember my answer" - You could accidentally block something important....
Then add advanced rules for these:

TCP local and remote ports 25,110,135
"This rule will block incoming traffic from all hosts on TCP remote port(s) 25,110,135 and TCP local port(s) 25,110,135"

UDP local and remote ports 25,110,135,1025,1027
"This rule will block incoming traffic from all hosts on UDP remote port(s) 25,110,135,1025,1027 and UDP local port(s) 25,110,135,1025,1027"

Then block NwLink (at XPit's at \windows\system32\drivers\nwlnkipx.sys.) if U absolute don't need it.

These are most listened / broadcasted ports at trojaners and malicious port scanner places - the rest of ports are safe at sygate by default. It lets U do a test with its homepage to check whether it finds any way to get info from Ur PC (Mine's getting out or in nothing now - dun the same check with Norton's page too - these places are good for simulating attacks and broadcast etc...)

Also be twice-secure and edit Your hosts file (Win9x at \windows dir, NT 2K XP at C:\WINDOWS\SYSTEM32\DRIVERS\etc\ dir - edit (if not found then create one or at win9x case copy hosts.sam to hosts) and put these lines there :

# localhost: Needs to stay like this to work
127.0.0.1 localhost

# Known Trojan Attacks Localhosted here
127.0.0.1 *:25
127.0.0.1 *.*:25
127.0.0.1 *.*.*:25
127.0.0.1 *:110
127.0.0.1 *.*:110
127.0.0.1 *.*.*:110
127.0.0.1 *:135
127.0.0.1 *.*:135
127.0.0.1 *.*.*:135
127.0.0.1 *:139
127.0.0.1 *.*:139
127.0.0.1 *.*.*:139
127.0.0.1 *:1025
127.0.0.1 *.*:1025
127.0.0.1 *.*.*:1025
127.0.0.1 *:1027
127.0.0.1 *.*:1027
127.0.0.1 *.*.*:1027
127.0.0.1 *:800
127.0.0.1 *.*:800
127.0.0.1 *.*.*:800
127.0.0.1 *:8080
127.0.0.1 *.*:8080
127.0.0.1 *.*.*:8080

Try these and (maybe) You're done....

:sw :sw :sw :sw

[«°¤§téålth§t®îk餰»]

I have ZoneAlarm Plus v3.1.395, and I would like to have some tips on tweaking it!

Thanx

[Azo-999]

Originally posted by «°¤§téålth§t®îk餰»
I have ZoneAlarm Plus v3.1.395, and I would like to have some tips on tweaking it!
Thanx

Do You have ZoneAlarm Plus or PRO, they are slightly different to use. The Plus one lacks many features of the pro...

Fist of all - if you have a home network and have two internet adapters at the server, then U first have to allow all local traffic. In my case my local IP is 192.168.0.1 and the last one is 192.168.0.5. In ZAP I first after a fresh install name this net as "Our Home" and allow all traffic there (trusted zone with an IP range from 192.168.0.1 to 192.168.0.5), then I name my ADSL adapter as "The Internet" putting it in Internet Zone, then set the app in learning mode by lovering the security level. I manually enter my ISP's gateway and DNS's to the trusted list and then leave the upcoming alarm notes to pop-up and decide which ones to allow, and which not. If I'm not sure of allowing I say no without putting the bit "Remember my answer". If some of my apps won't work and the same port is screaming access to net all the time I'll trust it and let it remember it.
After a few days of learning mode I scroll the log files and the apps and ports that's allowed / banned and decide which ones to allow / trust and vise versa.

I don't remember all the terms of ZAP, cause I've uninstalled it 3 months ago and used the Sygate. You could also give it a try, because it's much more preconfigured, learns faster, don't scream all the time, has good logging, tracing, traceroute etc...
Restrictions can be made by App, by Port, By IP, By protocoll etc...

One way to get rid of the yelling is a well hosted hosts file at windows directory. If U install KaZaA Lite, U'll get one with the pack if U allow it. Just edit afterwards the lines I noticed in the upper column under the "localhost" section. Those port are for port-scanners and trojaners, that are always breathing to our machines - especially when having xDSL with line open all the time.
http://doa2.host.sk/ is kazaa lite site where U can (at the download page) get kazaa's latest ad-banning hosts file and other tools : Socks2HTTP, Sig2Dat, Ad-Aware, Spybot's Search and Destroy, eDexter (good bg app), Local Port Scanner (LPS) and the famous dummy "CD_Clint.dll" to replace and stop the Full KaZaA's version's spywarez.

Don't load the KaZaA cheater - that's only my opinion, but it seems to send an e-mail everytime U use it - It's spyware too. Ya Hell Knows what's send and to whom...???

Good Links to Check Your security:

http://scan.sygate.com/
Norton's site is often "down"....
http://security.norton.com/default.a...d=us&venid=sym


These sites do us a favor - they're actin' as intrudors and trojans to find out everything starting from IP to e-mail settings and passwords with newest levels of hackin through. No personal info is collected. You will get info, which ports are open, closed or blocked. The last one should appear to all those checked ports to feel safe.

P.S If U're firewalled through ISP, certain ports can be already trusted for U. And those upper links at ISP cases sometimes gets Your "pseudo" IP, not the real one. That's absolute a good thing. Some ISP's get angry whilst peeps use those hacker-simulators, so do NOT use them all the time ;-)

:sw :sw :sw :sw

[«°¤§téålth§t®îk餰»]

LOL this is so stupid but, how do i know if i have PRO because all it says is Zone Alarm Plus

[Azo-999]

Originally posted by «°¤§téålth§t®îk餰»
LOL this is so stupid but, how do i know if i have PRO because all it says is Zone Alarm Plus

The PRO has to be registered with a key (or Regged with a keygen). You'll find the PRO with KG from:
http://www.acedown.com/
or
http://www.acedown.net/
it depends which one is up and down now and then

:sw :sw :sw :sw

[iq214]

mkay my Q is about ten miles outta the league here so Ill leave it in the windows main forum as Defragmentation q...if one of you have the time and inclination it would be great if you dropped by and took a look, thus thy shall be spared the nonnerdy question level hither ;-)))

[«°¤§téålth§t®îk餰»]

Then I have PRO, Thanks for the tips Azo!