[Westy]

My ISP just called me to say they had to disable my service because 22,000 spam messages were sent from my IP address. I run AGV and it looks like it found some virus/trojan or whatever but required a reboot to kill it. I wasn't around so it looks like someone took over my 'puter to spam people with.

Would adding a router help? Any recommendations on other software to install to stop this?


-Thanks

 

[Tenchiro]

Make sure your PC is clean (I would totally reformat), then get yourself a NAT enabled firewall/router. Look up some tutorials on port forwarding and stealthing when you configure it. I use the DLink DI-604, it works great and was cheap.

Finally, don't install stuff from porn sites anymore.

 

[binary visions]

^Pretty much what he said.

Make 100% sure your PC is clean before you bother to do anything. There are a million routers that will all work fine. I've always been partial to Linksys products, but any broadband router will work fine.

As Tench also said, you'll need to do a certain amount of config to the router. Basically, people trying to access your IP address will hit the router and the router won't allow traffic to flow into the internal network. That's good for most things, but some programs need to access your computer, so the port forwarding section allows you to say, "I'm running such-and-such service on such-and-such port, so external requests should be allowed in".

Unnecessary for standard web browsing or other basic applications like email, but if you do anything like IRC, or if you host any kind of files on your computer, you might need to do some setup.

Something must have allowed this to happen, though, so aside from the router, make sure you've always got the latest Windows updates, the latest virus definitions, and don't install unknown programs. But you knew that already

 

[Tenchiro]

As Tench also said, you'll need to do a certain amount of config to the router. Basically, people trying to access your IP address will hit the router and the router won't allow traffic to flow into the internal network. That's good for most things, but some programs need to access your computer, so the port forwarding section allows you to say, "I'm running such-and-such service on such-and-such port, so external requests should be allowed in".

Unnecessary for standard web browsing or other basic applications like email, but if you do anything like IRC, or if you host any kind of files on your computer, you might need to do some setup.

I use port forwarding instead of simply closing ports so that if any attacker were to scan me they would get zero response. If I were to simply close the ports I would be secure but I would also be sending TCP responses and alerting any would be attacker to my presence on the internet. So incoming packets simply get forwarded to a non-existant computer on my network, 192.168.0.250 for example.

One thing you can do right now is go to http://www.grc.com/default.htm and run 'Shields Up' to see just where your security problems lie.

 

[sanjuro]

btw email spam is not necessarily a firewall or a port issue. my first instinct is a trojan horse, or just bad mail server security.

 

[binary visions]

I use port forwarding instead of simply closing ports so that if any attacker were to scan me they would get zero response. If I were to simply close the ports I would be secure but I would also be sending TCP responses and alerting any would be attacker to my presence on the internet.

Does your Netgear router default to actually denying the requests? I was under the impression that most routers default to stealth mode. All of my Linksys routers do - when I've run port scans in the past, they detect no responses.

Just checked out that Shields Up deal, and did the scan. Got a perfect "stealth" rating.

I thought most consumer routers did this now - just ignored requests for ports that aren't open, instead of actually denying it.

 

[Tenchiro]

I think that may be the case on my DI-604, except for port 113. I had to actually forward that to a non existant IP before it showed up as being stealthed instead of just closed.

Although I also use port forwarding for certain games and apps, since I have a blanket rule set up to deny all incoming traffic.

 

[Westy]

Thanks for the help. Looks like my Mother Board just crapped the bed too so I have a bit of shopping to do.