DodgeIntrepid.Net Forums banner

1 - 14 of 14 Posts

·
Registered
Joined
·
4,980 Posts
Discussion Starter #1
Quick question...

I am running Win2kPro and just installed Zone Alarm..I am running a cable modem through a Linksys router.

Well, one of the first warnings it gives me is that a program of mine is trying to act as a server and access the internet. The program is services.exe in the Windows/system32 folder.

Anyone know what the heck this program is and why it is trying to access the internet? I didn't let it by the way...The Zone Alarm help file advises not to let any programs act as a server.

Should I give it access? Any help is appreciated.

I haven't learned this one yet...so shoot me!!! ;)

[ August 30, 2001: Message edited by: Intrepidatious ]
 

·
Registered
Joined
·
1,061 Posts
Didnt Zone Alarm have problems with Win2k? I use TinySofts Personal Firewall, V.NICE and free :) What program is it exactly?????
 

·
Registered
Joined
·
2,676 Posts
I have Zone Alarm on both my Win2K pro machines. And yes, services.exe will always act as a server (damnit, I can't remember what it does off the top of my head again). Actually, when you install Zone Alarm, I think there was an question where it would ask you if you wanted it to automatically allow your default browser and services.exe???
 

·
Registered
Joined
·
2,676 Posts
OK, this is what services.exe does:

"A catch-all for many system services. Handles DHCP client, DNS queries, browser services, plug-and-play, messenger, and time services."
 

·
Registered
Joined
·
217 Posts
My Zone Alarm on w2k has services, icq, AIM, UT, all act as servers. If I dont, they dont run.
 

·
Registered
Joined
·
229 Posts
You may want to use the basic Firewalling functions that are inherant within the Linksys router. It has some excellent firewalling functionality for a device of it's type and you would gain the added benefit of not having to install 3rd party software on you box. In addition, since the firewalling is done at the router level, the rules will be in effect for any PC you put on the network.

Just a thought.
 

·
Registered
Joined
·
4,980 Posts
Discussion Starter #7
Cool, I thought it might be some of Microsoft's spyware going through my system checking my stuff out. I went ahead and enabled it anyway, because half of my internet related stuff stopped working anyway.

Thanks!
 

·
Registered
Joined
·
502 Posts
are you using the Linksys DSL/Cable Modem Router/Switch? because that has a hardware firewall which totally knocks any software firewall (like ZA) outa the water. but maybe you're just using a Linksys brand switch (not a router) so Zone Alarm is perfectly cool for your application.

Just lettin ya know
 

·
Registered
Joined
·
2,676 Posts
Originally posted by ATFCharger:
are you using the Linksys DSL/Cable Modem Router/Switch? because that has a hardware firewall which totally knocks any software firewall (like ZA) outa the water. but maybe you're just using a Linksys brand switch (not a router) so Zone Alarm is perfectly cool for your application.

Just lettin ya know
Let me tell you guys a little story....

I have a Linksys router and Zonealarm on each of my PC's on my network. I also have McAffe Virus protection on all my PC's and keep everything updated.

A little over a year ago, someone managed to hack thru both layers of protection (Linksys and Firewall). They then uploaded a virus and executed it. At first I thought it was just a trojan horse. It renamed notepad.exe to note.com and took the identity of notepad.exe and opened a port to listen on. No matter what I did with Zonealarm, I could not stop it from opening that port.

Everything I did to try and remove the file failed. I finally decided it was time to format the drive and start over.

After formatting the drive and trying to load an OS again, I was having a ton of problems. Long story short....the virus messed with my Flash Bios and infected any disk that the PC tried to boot from (except for write protected floppies).

We ended up having to short out the flash bios chip and re-flash it. Then we had to completely "zero" out the hard drive so that there were no remains left. It was a big pain in the ass!!

The moral of the story: Don't just be content with your Linksys router. It doesn't really have a real firewall application built in anyways; just NAT, that helps act as a firewall. No matter how much protection you have, someone can get in!!
 

·
Registered
Joined
·
229 Posts
You're right, Intrepid98. I had thought the Linksys did Stateful Packet Inspection but I guess it does not. I must have been thinking of the Netgear...or I may have just been spacing out. :rolleyes:

At home I use two firewall boxes that run FreeBSD. Box #1 is directly connected to my router and has my DMZ and protected network hanging off of it. Box #2 sits between my protected network and Box #1. The reason that I have two is to allow for some additional routing and security features that are required to be in place before I remotely connect to my network at work.
 

·
Registered
Joined
·
2,676 Posts
I've been thinking about taking one of my old PC's, throwing linux on it and turning it into another firewall.

You can never have too much protection :)
 

·
Registered
Joined
·
415 Posts
I used to use Black Ice and it warned me all the time of people probing me and I blocked everyone I came across. That was when I was using Windows 98 SE. Now, I'm using Win2k Pro on both of my machines and I have a shared dial up connection. Do you guys think I should run a fire wall on my gateway machine?

I didn't know that someone could do such a thing like screwing with your bios, especially through your firewalls. So someone could potentially upload a virus to my machine with just my IP? Thats crazy. :eek:
 

·
Registered
Joined
·
4,980 Posts
Discussion Starter #13
Well, Win2K ha much better security inherently then 98...and if you are using a dial-up, then you don't have a static IP address anyway. But too much security never hurt!
 

·
Registered
Joined
·
229 Posts
People cannot just load a virus to your machine if they just have your IP. While having your IP is a key component to a successful hack, there must be some sort of software on the target machine that will allow the person to connect to. This can be something as simple as having "File & Print Sharing" enabled.

In order to see what ports are open on your machine, you can either have someone perform a port-scan on you such as the Gibson Research Center or DSL Reports or you can simply perform the following command at a command prompt:

NETSTAT -a

All of the lines that say "LISTENING" can, in theory, be used by the would-be hacker to compromise your system. However, seeing as you are on dialup, it is highly unlikely that someone would be interested in hacking you. First, you have a slow connection. Second, your IP and DNS names are most likely dynamic and the hacker would have to setup something on your machine to notify him of the IP and name change in order to connect to you in the future.

In your situation you are more at risk from an email virus/trojan than you are from the net at large.

As for a second firewall, you may want to play with Freesco. It's a fairly neat little firewall that fits on a floppy...you can run in on almost anything that has a 386 or higher. It still uses IPFW for it's firewall as opposed to IPCHAINS or IPTABLES, but it should do the trick for most personal uses.
 
1 - 14 of 14 Posts
Top