NIS 2010 v 17.8.0.f
Vista Home premium 32 bit
Guess what I’m asking is, would there be a way that incoming unsolicited traffic from an P address be able to fool smart firewall into allowing it to connect to my PC?
Or is all unsolicited incomming connection attempts automatically blocked?
A firewall always blocks unsolicited incoming traffic, unless your system has been comprimised by malware that isn't being recognized.
Again, get a router. It will preven unsolicited incoming traffic from ever reaching your computer and your software firewall.
NIS 2010 v 17.8.0.f
Vista Home premium 32 bit
Guess what I’m asking is, would there be a way that incoming unsolicited traffic from an P address be able to fool smart firewall into allowing it to connect to my PC?
Or is all unsolicited incomming connection attempts automatically blocked?
All unsolicited traffic is blocked. If you want more layers of protection, install an inexpensive router - the router will perform the blocking, thus separating your PC from direct contact with unsolicited internet traffic.
here is what brought this up for me.
My ISP is the type that if my PC is turned off and remains off for more than 10 minutes, I will receive a new IP address.
So today when I logged back on my PC, I was assigned an IP address that I had once before that caused some problems for me.(seemed the previous PC assigned that particular IP address had been doing file sharing, which I do not)
Now the last time I had this particular IP address was over 1 year ago when I was still using NAV2008.
But when I had been given this IP address by my ISP, somehow a rule was made to allow incoming traffic from an IP adress (not mine) to access my wininit.exe.
So since that time, whenever I receive a new IP address from my ISP, I always check it to make sure that it is not the one that I had when this strange connection took place.
But today I was assigned that IP address.
So I was wondering if I was sucseptable to again having wininit.exe acess by that same unsolicited IP from China.
Now as soon as I realized that I had this same old IP address, I did shotdown and wait to get another IP address assigned by my ISP.
But I was just wondering with now having the smart firewall, would it stop a rule being created that would allow an unsolicited connection to my wininit.exe
let me add that the original incident over a year ago where connection was made to my wininit.exe, a Norton staffer said it was because the previous person assigned to that IP adress that I later received, had set up file sharing using the sae port that my PC used for wininit.exe
Unsolicited traffic means traffic that shows up unannounced - that is, not in response to a request by something on your computer. Generally, unless something on your computer asked for the incoming packets they will be blocked by the firewall. Or, unless you have opened ports to allow certain unsolicited traffic to gain access, then that traffic cannot get through. You don't need to worry about specific IP addresses.
Wininit communicates and listens on several ports in that range. That is why they are called ephemeral. Also just allowing access to something does not mean that it was not also blocked at that point. You now have a two way firewall so that things listening as they are supposed to do, do not answer an incorrect packet.
Thanks all
so if something unsolicited acess an item on an open port, such as wininit.exe, just because it makes contact with wininit.exe, does not mean that it will get access to my PC? Is that were the other parts of NIS come intoi play?
Srt of like if someone rings the doorbell and you open the the door, but leave the screen door locked so they can't get in?
in other words, if that were to happen again that an unsolicited IP address makes contact with my wininit.exe, it does not mean that anything malicious could take place, that is where the smart firewall blocks anything further from happening??
It doesn't. It would be wininit.exe that makes contact, and then it would be solicited traffic, since it originated on your computer. Someone out on the interet can't access your wininit.exe
Bombastus
Are you saying that in the incident that I described from Feb 2010 when I still had NAV2008, that my wininit.exe was soliciting the connection from that IP address?
Can you check the firewall rules for wininit?
Settings -> Network settings -> Configure program control -> scroll down to wininit.exe (Windows start-up application) -> Modify > select the Inbound rule -> Modify. Under the Communications tab, it should only allow Local tcp inbound.
Bombastus
Is that what it should be by default?
See the incident I was referring to happened over a year ago and I was using NAV 2008
Iam currently not using that, using NIS now.
So if that is the default setting in NIS program control/ Smart Firewall, then that should already be in place as I have not made and firewall/program contril changes from the defaults.
I’m assuming smart firewall also refers to program control rules?
I would hate to even mess anything up even just by looking at it and run the risk of a slipped finger
I suppose that if I accidentally made some modification to the rule, it would NOT take effect as long as I did NOT hit apply, right?
The default rule in NIS, at least in my machine is for wininit to only allow TCP communication on port 49152. TCP is direct guaranteed communication. It is not something that you get by accident.
Since a year ago, your entry was 0.0.0.0 port 49152, which is:
"Default Network - The IP address of 0.0.0.0 is used for the default network." Not anything else.
You need to remember that at that time, your power went out, scrambled your machines wits, scrambled the DSL box's wits, and you ended up some hal entries as a result. Nobody knows what communication was happening because you only had a one way firewall logging anything.
Leave the default rules alone, before something weird happens. You locked yourself off the net last time.
Does this question never go away???????
First I want to say i do appreciate all the help folks give me on here. Sorry I’m not always able to understand things so easily.
First let me just clarify that I DO NOT intend to change any firewall or program rules. I just want to let NIS do its work. Now I did look at the program rules for wininit.exe.
There were two rules actuallly.
One for outbound and one for inbound.
Now my inbound rule does show only TCP connection and to local port, so I assume that is what Bombastus was referring to?
So all looks cool in that regard, eh?( I mean should there be outbound rule too?)
Yes, my is port 53. Again, it is specific communications.
Now my inbound rule does show only TCP connection and to local port, so I assume that is what Bombastus was referring to?
Yes, that is correct, and how it's supposed to look. So you wininit.exe will not just accept unsolicited traffic. Such traffic will be blocked.
And yes, there should be an outbound rule, too. It should allow all outbound traffic on port 53.
Thanks all. I think I understand the wininit.exe thing.
One more question on this though, when I start my computer, should any entry for wininit.exe show in my Norton Security History log? Like should it show under FireWall Activities log?
Because I have looked at that and I do not see anything that shows wininit.exe . Isee entries that show other items such as ccsvchst.exe. But nothing for wininit.exe.
I even checked under the Firewall-Network and connections log and nothing there.
Could that mean that wininit.exe is not starting up when the computer is on?
Iis it normal not to see it in the logs?
It should be there, but I also know that the logging during startup in NIS 2010 was buggy and incomplete, most often not showing everything that has happened. This was fixed in 2011. You really should upgrade, you know. NIS 2012 is out in a few months, and you're still on 2010.