Cable Forum - Firewall allowing connection

Cable Forum (https://www.cableforum.uk/board/index.php)

- General IT Discussion (https://www.cableforum.uk/board/forumdisplay.php?f=19)

- - Firewall allowing connection (https://www.cableforum.uk/board/showthread.php?t=1808)

It's still happening:

Allow activity for application SVCHOST.EXE SVCHOST.EXE 14/08/2003 09:27:21 pc1-clif2-5-cust97.nott.cable.ntl.com 3500 Inbound TCP 0 bytes 0 bytes
Allow activity for application SVCHOST.EXE SVCHOST.EXE 14/08/2003 09:27:44 cache1.ntli.net DNS Outbound UDP 5870 bytes 1061 bytes
Allow activity for application SVCHOST.EXE SVCHOST.EXE 14/08/2003 09:27:21 pc1-clif2-5-cust97.nott.cable.ntl.com 3500 Inbound TCP 0 bytes 0 bytes
Allow activity for application SVCHOST.EXE SVCHOST.EXE 14/08/2003 09:27:21 pc1-derb2-5-cust208.nott.cable.ntl.com 3800 Inbound TCP 60 bytes 72 bytes
Allow activity for application SVCHOST.EXE SVCHOST.EXE 14/08/2003 09:27:21 pc3-bary1-6-cust113.cdif.cable.ntl.com 4758 Inbound TCP 60 bytes 72 bytes
Allow activity for application SVCHOST.EXE SVCHOST.EXE 14/08/2003 09:27:21 81-86-170-247.dsl.pipex.com 1857 Inbound TCP 60 bytes 72 bytes
Allow activity for application SVCHOST.EXE SVCHOST.EXE 14/08/2003 09:27:21 pc1-leic4-3-cust105.nott.cable.ntl.com 2284 Inbound TCP 60 bytes 72 bytes
Allow activity for application SVCHOST.EXE SVCHOST.EXE 14/08/2003 09:27:21 81-86-228-6.dsl.pipex.com 2993 Inbound TCP 0 bytes 0 bytes
Allow activity for application SVCHOST.EXE SVCHOST.EXE 14/08/2003 09:27:21 pc1-stme1-5-cust56.cdif.cable.ntl.com 3817 Inbound TCP 100 bytes 1776 bytes
Allow activity for application SVCHOST.EXE SVCHOST.EXE 14/08/2003 09:27:21 pc1-ldry1-3-cust145.blfs.cable.ntl.com 2872 Inbound TCP 0 bytes 0 bytes
Allow activity for application SVCHOST.EXE SVCHOST.EXE 14/08/2003 09:27:21 pc1-glfd2-6-cust226.glfd.cable.ntl.com 3182 Inbound TCP 0 bytes 0 bytes
Allow activity for application SVCHOST.EXE SVCHOST.EXE 14/08/2003 09:27:21 pc1-bolt5-5-cust139.mant.cable.ntl.com 3370 Inbound TCP 60 bytes 72 bytes
Allow activity for application SVCHOST.EXE SVCHOST.EXE 14/08/2003 09:27:21 pc4-bsfd2-4-cust103.cmbg.cable.ntl.com 1741 Inbound TCP 0 bytes 0 bytes
Allow activity for application SVCHOST.EXE SVCHOST.EXE 14/08/2003 09:27:21 pc1-with1-4-cust109.bagu.cable.ntl.com 3878 Inbound TCP 0 bytes 0 bytes
Allow activity for application SVCHOST.EXE SVCHOST.EXE 14/08/2003 09:27:21 pc1-darl2-6-cust19.midd.cable.ntl.com 3955 Inbound TCP 0 bytes 0 bytes
Allow activity for application SVCHOST.EXE SVCHOST.EXE 14/08/2003 09:27:21 pc3-blfs2-6-cust208.blfs.cable.ntl.com 4658 Inbound TCP 0 bytes 0 bytes
Allow activity for application SVCHOST.EXE SVCHOST.EXE 14/08/2003 09:27:21 pc3-bary1-6-cust113.cdif.cable.ntl.com 4501 Inbound TCP 0 bytes 0 bytes
Allow activity for application SVCHOST.EXE SVCHOST.EXE 14/08/2003 09:27:21 pc4-ely11-4-cust40.cdif.cable.ntl.com 1685 Inbound TCP 0 bytes 0 bytes

Right i have updated my virus definations and done an anti virus scan on my PC. I also used the msblaster tool to check weather i had been affected or not. is there anything else i should do to protect myself?

I use the Outpost firewall and have Windows 98 SE. When I recently tested my computer against the Shields Up testing at Steve Gibson's site I was told that all my ports were stealthed apart from 110 and 143, which were shown as 'closed'.

As I wanted all ports to be 'stealthed' I went to the outpost options, selected the application tab and removed all the trusted applications. When I retried the test all ports were 'stealthed'.

Though 'stealth mode' means that your ports do not respond and therefore do not show they exist, it also means that you cannot have any trusted applications and all applications have to have rules written for them.

I think you might find that doing this will solve your problems, Taf.

Actually, I use Sygate Pro and have trusted apps, all ports STILL show stealthed

svchost.exe is a windows system file targeted for attack by the msblast virus. Ensure your firewall is set to block absolutely everything (I'm assuming you're not running anything for which you would actually want anyone to be able to access your PC remotely) and that should keep you covered.

I noticed that the majority of hits stopped by my firewall in recent days were from other ntl customers. Interesting to find out why...

As to what they're doing about it, you should have had an email from them warning you about the msblast virus and explaining where to go to get a windows patch to protect yourself, and where to get a fix if you're infected.

Quote:

Originally posted by Lord Nikon
Actually, I use Sygate Pro and have trusted apps, all ports STILL show stealthed

Interesting. Maybe, with Outpost that would work too. I suppose it depends on which applications you trust, thus it might be possible to have stealthed ports and some trusted apps after all. Worth a little experimentation, methinks!!

Thanks for that!!

Re: Firewall allowing connection

I have Norton Antivirus installed it just gave me a warning "port 1027 attempting inbound blah blah" and i blocked it and it never came back.
I installed IDman with browser integration this doesnt have to do anything with that,does it?....if i am way off sorry i am a fool.

Re: Firewall allowing connection

Blimey, bit of an old thread to revive.

Welcome to the forum, by the way :welcome:

Re: Firewall allowing connection

Bump of the year award.

I am sure if you re-read the main of this thread you will get jist of it, generally the blaster worm tends to reboot your computer, by force by terminating a .exe system command process.

There is many patches on www.google.com if you search under msblast.exe patch.