I read that some of these ISP's servers could be infected passing it onto your computer. If I have a firewall and I am allowing it access to my computer to connect, what good is my firewall then during this time. Is there any way I could prevent a trojan from being passed onto my computer.

Also, I get security breaches while logged on to the Internet (seems pretty common these days) and they are stopped by my firewall. However, while I logged off the other day from Compuserve (AOL network) I got a security breach after the computer logged off from the network saying a computer with the IP address of 0.something sent information. Is there any software to diagnose where it snooped and what it sent? One thing I noticed is it happens with their new version (7.0) after log-off. Since I saw this happening with these 0 numbers exclusively I denied them access (whole range). Now that I have excluded these 0 numbers it won't let me log on at all with 7.0, 6.0 during the first log-on attempt then will connect me at a slower connect speed, and no problems with 5.0.

I think initially when I installed the software it never did this and was wondering if it is something they put in their automatic updates. I'm wondering is AOL snooping? I think it must be coming from their network.

Dave

Your firewall rarely gets breached. It is characteristically hard to break firewalls. A firewall usually does not filter based on indentity, but rather source, destination, port, protocol, and a few other easy-to-find things.

So, with a trojan, you want to keep as many ports completely closed to incoming traffic as possible (try all of them). For outgoing traffic, you will have to be more specific (search google for a port list).

an IP of 0 is not routable. It is probably AOL's client.

The reason your ISP's firewalls may pass the exploit along are because they are meant to move traffic, not filter it. Whatever sort of configuration your ISP has, you can block whatever you please.

Incidentally, the most recent big exploit for Windows does not affect ME. Go figure, your patience has a little payoff.

Maybe breach isn't the best word. I am always getting security warnings that my firewall stopped the Trojan Backdoor Virus while online. How do you block whatever you please when you are granting access through your firewall saying that it is okay to connect to their computer (Your ISP)? It seems like you are vulnerable for infiltration. How do I know they aren't looking around my computer? I don't. I got a warning after log-off saying such and such computer sent information so I'm a bit leary especially when I didn't get a warning before with the same software. Was it something in their software upgrades causing it? Don't know. Not sure what you meant by AOL Client either. Maybe you are talking about the network settings I use? Haven't touch those. I use the same settings no matter if I use 5.0, 6.0, 7.0. I get no security warnings using their old software 5.0 after log-off saying information was sent. Also not sure how to monitor ports.

Dave

AOL has been sending system updates that prolong your connection to them for a minute or so after you log off(right after you log off). This maybe what it is.

I don't know. I have my doubts about that. I'll use 5.0 as I'm not getting anything from that. I'm with Compuserve (AOL network) and technical support while okay for most people is about zilch when you ask something specific like this. When I told them of this problem they told me to never give your password out to anyone no matter if they say they are a Compuserve employee. What does that have to do with the question I asked about my firewall? When My firewall is giving me another IP address and saying they sent information I start to get a little nervous. Sometimes I wonder if the government is getting involved with these ISP's to fight terrorism. They already scan your emails through NSA. Well, I took the offending software off my machine for now and will install and try later. If they don't have it fixed by 1/30/04 (3 year contract) I'll find someone else.

Dave

"They already scan your emails through NSA."

Yes, but the extent of this is not known. To be sure, not every email goes through NSA. The information that does is sorted accorded to immediacy via keywords, source, destination, and other variables. It is then categorized for further processing, and possibly human view. There is so much email, though, that the odds of your email ever reaching the refined indexes of this system is scarce.

Most firewalls allow you to configure a confirmation prompt to appear before any connection which does not have an explicit rule executes. When program xyz wishes to connect on port abcd, via UDP, the firewall looks at its rules. If there is no rule that matches this condition, then you are prompted to allow or deny the action. These firewalls are software-based (not on routers).

I would not worry.

This little free proggie monitors your ports in realtime http://www.sysinternals.com/ntw2k/source/tcpview.shtml

Clover,

Thanks for your recomendation of software. Maybe that is what I wanted to get out of the question I asked. How to monitor my Internet connection better than what my firewall is telling me that such and such computer sent information. What information? Maybe this software will tell me. Thanks.

Anonproxy,

Thanks for your responses. Regarding NSA that is why I said scan email. I'm aware of the phrases it scans for. Heard about it first on the radio a couple years ago. I believe it also was on 60 minutes. When the little warning goes off on Norton firewall I pay attention. Don't take nothing for granted. If the government should enlist these ISP's and we sit back and don't do anything about it, it is more privacy rights you can flush away. I came up with the idea because it would be a great way to monitor what people do because so much about a person is stored on the computer. I'm sure they've thought of this idea already.

Dave