Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Can someone please shed some light on this Alert?
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Michigan SB0151 (installing spyware or adware) »
« Difference a year makes, good news, bad news  
AuthorAll Replies


jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA

reply to temp-name
Re: Can someone please explain this Alert

Okay, just item 4) for me . . .

said by temp-name:

. . . .
4) Hi jvmorris - how would I get the details you mention i.e. "Could we have some details on the specifics of the rule and what it was intended to accomplish". That's a little above my head. I know that Norton IS is essentially configured as it would be out of the box. I think the only thing changes was that I bumped the security level up to the maximum (from memory, I set it to Supervisor...or similar). . . .
Well, the first thing you need to do is find the rule in question, the one labeled simply "Firewall Rule". I was rather hoping you yourself might know how to do this, since the version of NIS I'm currently running is NIS 2002 and Symantec has changed the User Interface since then. In the olden days, you'd open up the NIS console from the System Tray, select "Personal Firewall" and then click on "internet access control" (but I don't think it works this way anymore). I'm fairly certain that the rule in question is in what is now referred to as the "General Rules" (used to be System-Wide Rules) category. If nothing else, it's obviously not application-specific and the Rule Action appears to be set to IGNORE, rather than BLOCK or PERMIT.

If you can't find the rule on your own, we're going to have to wait until one of the NIS 2004/2005 users shows up and tells you how to find it.

Once you find the rule, you need to examine the rule details. To do that, you select the rule labeled "Firewall Rule" and then click on the command button that's labeled "Modify" (or somesuch). No, you're not going to modify the rule, this is simply the only way you're going to get to the details of the rule. So when you're finished recording the following information, just cancel out of the resulting window.

At any rate, at this point, you'll get a new window (probably labeled "Modify Rule" with six tabs. Unfortunately, you're going to have to step through each of these tabs and write down the user-modifiable inputs manually in order to post them here.

I think the first tab will be labeled Action and you'll find the "Monitor Internet Access" option selected. The next tab will probably be labeled Connections and you will probably find one of two options selected here: either "Connections from other computers" or "Connections to and from other computers". The third tab is most likely labeled Computers. There are any number of options that might be specified here, but I suspect it's most likely "Any Computer". The next tab is most likely labeled Communications and I'm not going to tell you what I expect to find here, but I think you're likely to find multiple options (at least two) (one for protocol and at least one for ports). Need to know the specific details in both fields. Next tab is labeled Tracking. What's selected there? The final tab is labeled Description and that's where you're going to find the label of "Firewall Rule".

Write all this down (very carefully) and post it back here. There are (thankfully rare) occasions in which a rule can get corrupted and that's why it's so important to be very precise about what you find in these fields.

In the good ole days, it was quite simple to use a third-party utility to do this. For example, here's what I would find in NIS 2002:

Rule 1          Monitor Ports
Category:       NIS System Keeping
Rule in use:    YES
Logging:        NO
Protocol:       TCP or UDP
Action:         Ignore
Direction:      Either
Application:    Any Application
Local  service: Any Service
Local  Address: Any Address
Remote Service:
..........Port: 110
Remote Address: Any Address

But that's all gone now and you have to do it the hard way. :(

--
Regards, Joseph V. Morris
to forum · permalink · · 2005-03-08 18:39:53 · Reply to this
Forums » Up and Running » Security » SecurityMichigan SB0151 (installing spyware or adware) »
« Difference a year makes, good news, bad news  

Tuesday, 08-Dec 18:05:22 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [191] Sprint Sued For Distracted Driving Death
· [81] 3G Network Test Says AT&T Is Tops
· [71] Mediacom Unveils 105 Mbps Pricing
· [51] Sprint Poised For A Turnaround?
· [49] The Future Of Wi-Fi Is Bright
· [47] Site Leaks Yahoo, Verizon Fed Data Share Pricing
· [43] Microwaving Your Innards Is Not 'Extreme'
· [39] Verizon LTE: 5-12 Mbps Downstream
· [36] WPA Cracker: Test WPA-PSK Networks In 20 Minutes
· [18] Verizon Settles With NJ Over Misleading FiOS Marketing
Most people now reading
· Servers UP!!! [World of Warcraft]
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· Triumph Emblems [World of Warcraft]
· World of Warcraft Client Patch 3.3 (12-8-2009) [World of Warcraft]
· World of Warcraft Client Patch 3.3.0 (12-08-2009) [World of Warcraft]
· Comcast Customers: Would You Prefer Metered Billing? [Comcast HSI]
· Account Hacked With Authenticator [World of Warcraft]
· buffs, nerfs, and 3.3 [World of Warcraft]
· 3.3 Out today [World of Warcraft]
· Windows 7 boot manager editing questions [Microsoft Help]