Firewall settings for IBB Breeze????

campers

After contracting a Trojan lately (win32:trojan-gen{vb}) I decided to ditch the Windows firewall and Norton AV 2005.

I switched to Avast AVG and Kerio Personal Firewall 4.2 (KPF).

But the sheer volume of traffic hitting off my KPF makes configuration difficult & confusing.

My connection is Breeze 1MB from IBB. They gave me a sheet with my Static IP, Subnet Mask, Gateway and DNS servers.

My question is: which traffic do I absolutely have to allow through my KPF, for IBB Breeze to function properly?

I've granted access to lsass, winlogon, userinit, svchost and betbios; and stuck my subnet, gateway and DNS server IPs into the Trusted Zone (as per screen grab):



Some other details:
- When I first launched the KPF, it flagged something coming from host6-194.pool876.interbusiness.it:1935 and also fastcolocation.net.
- According to Avast's Network Monitor there are several PCs on IBB's LAN trying to spread the Blaster worm through port 135(?).

As I type this in Firefox, KPF is prompting that Generic Win32 svchost is getting incoming traffic from:

Direction: incoming
Local Point: 87.19x.xx.xxx, port epmap [135]
Adapter: Local Area Connection
Remote Point: 87.19x.xx.xxx [87.19x.xx.xxx], port 3609
Protocol: TCP

Direction: incoming
Local Point: 87.19x.xx.xxx, port epmap [135]
Adapter: Local Area Connection
Remote Point: 87.19x.xx.xxx [87.19x.xx.xxx], port 3703
Protocol: TCP

Why does my svchost need to take traffic from these IPs (other than the IPs IBB listed on my installation sheet)?

I've uploaded a network log of what's being blocked by KPF (attached).

I'd appreciate any advice from people! Thanks.

unhappy_galway_

Real firewalls are boxes not bits of software on an end node. That said Windows firewall isn't all that bad. Scrap that Norton crap and get proper antivirus e.g. Kaspersky or McAffee and subscribe to the updates AND check for the updates at least every hour!
You dont need to let anything in that is not a response to something you sent out, unless of course you are hosting some service?
Why on earth are you granting incoming access to lsass and svchost?

watty

If you do nothing else disable ALL Microsoft bindings to the Network interface used for Internet and disable all non Netbios / SMB applications like Personal Web Server, Telnet etc.

This free solution works better than most so called firewalls.

Nothing protects you against installing so called Spyware diagnostics or Email attachments or Search toolbars or Anti Adware tools that are all simply Trojans.

campers

watty wrote:

If you do nothing else disable ALL Microsoft bindings to the Network interface used for Internet and disable all non Netbios / SMB applications like Personal Web Server, Telnet etc.

Thanks Watty... but could you explain that in English please:eek: :eek:

Are you talking about lsass, winlogon, userinit, svchost and netbios??

BTW: does anyone know if it's "normal" for IBB Breeze to just stop working every now'n'then (i.e. zero packets, no pings); or could it be a local issue (cos a restart seems to cure it most times)?

Thanks guys for the replies.

watty

Its normal for IBB to stop working.

How you disable Netbios/ MS Bindings and have ONLY TCP/IP on the network interface depends on the version of Windows.

On NT 4 it is "Bindings" tab on Network

On XP Start Settings "Network Connections" Advanced "Advanced Settings" then "adaptors and Bindings" Tab.
Select in top window the NIC or Interface used for Internet and untick all the boxes in lower window

campers

Does anyone recognise this problem I'm having with IBB Breeze 1Mb [Clarion, Limerick]?

Sympthoms are 100% packet loss & can't ping gateway. The outage can last anything from 10 mins to several hours.

I had an IBB techie out who changed the connectors on all my RJ45 cables, gave me a new PoE, and changed the connector on the radio. But the problem is still here!

Screengrab of my sad scenario :mad: :



I'm keeping a log of the outages myself. If I can't fix this, I'll just have to quit IBB.

Any/all advice appreciated! Thanks

watty

Yes, it happens to many IBB users. I have seen it on a system 200m from Clarion.

(I have Digiweb Metro)

The_B_Man

whats the little lock icon on ur connection on that picture on the right? it looks like the windows firewall is up! are u using kerio AND windows firewall?

Red Alert

a hardware router/firewall is always a better solution. that way you it's secure by default and anything incoming needs to be explicitly allowed.

Rattlehead_ie

buy a really cheap machine and put BSD on it
But thats not what this topic is about. Ive found that the windows firewall cause me MORE issue on Breeze than anything else. Make sure that is disabled when u have another firewall installed(if ur going for software). Ive found zonealarm or blackice to be great firewalls for DSL connections, but for breeze and way IBB network is setup, i decided to go the hardware option.

Nevyn

campers wrote:

BTW: does anyone know if it's "normal" for IBB Breeze to just stop working every now'n'then (i.e. zero packets, no pings); or could it be a local issue (cos a restart seems to cure it most times)?

Thanks guys for the replies.

Unfortunatly yes this happens with the IBB connection, it is damned anoying to say the least.
You will have to keep logs of it and traceroute and just keep on at thier customer support people about it every time it happens.

We have router with a firewall and Kerio on all the pcs on the home network,
yes setting the options and catching the promts for it can be a bit of a pain at first but it is worth it.