Edited Rules in NIS 2001...
Results 1 to 4 of 4

Thread: Edited Rules in NIS 2001...

  1. #1
    Join Date
    Feb 2003
    Location
    MA
    Posts
    42

    Edited Rules in NIS 2001...

    I recently edited all the default Trojan rules in Norton Internet Security 2001 to block "Any local service" (Advanced Options; Firewall). Most had just one port so I figure, block all the Trojans on all the ports, what harm can it do.

    So almost right after I get 350+ security alerts that "Default Block Black Orifice 2000 Trojan"

    I had recently run Shields Up! and that said I had two "open" ports. So when I went and changed the rules to all services I ran the test again and they came back in full stealth. Good.

    What is making my computer so "attack worthy" esp all with in 6 hrs. and the 350 was an estimate because I got sick of counting after 200. I had a great deal of scroll still left in the log. Is it because the all services is unnecessary because it can only get through on one port?

  2. #2
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    24,389
    When you put all the ports under one rule each port being probed is now being logged under the single rule heading/title despite originally being from another rule with a different heading/title.

    It's also likely that one of the old rules was set up not to notify every time it gets hit whereas the all encompassing rule is set up to notify thereby giving you tons of notices that were previously blocked but not logged. It's probably a blocked port like 135 which gets hit a lot but as long as it's blocked it's merely being hit by benign probes and there's no need to know every time it happens.


    It would have been best to leave it as it was so at some point you'll be able to access the logs individually if you have to in order to see what's been happening on your computer without sorting through so many hits.
    Don't believe everything you think.
    _____________________
    cat lovers click here

  3. #3
    Join Date
    Feb 2003
    Location
    MA
    Posts
    42
    Thanks, I went back and edited that one but then last night I had many many many from now NetBus and another so I just unistalled and re-installed it. I'll just leave the program to do it's job

  4. #4
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    24,389
    "I just unistalled and re-installed it"

    That's what I would have done
    Don't believe everything you think.
    _____________________
    cat lovers click here

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •