Post by: jcarter on September 14, 2003, 12:24:09 PM
Bought it, plugged it in to my cable modem, and it has worked flawlessly. But now, I find that I need to reset it every morning or a couple times a day so re-connect to the net. I unplug the power for a minute or 2. I wonder why?
Do I need to upgrade the firmware perhaps? If so, I better find out how to do that properly.
Also I was looking at the router log, and found "unrecognized access" from several IP addresses to port 1026 from places around the world. I have not a clue what is happening, but I thought that a router would provide a firewall, so people could not get 'into' my Mac.
My learning process is unending and sure is fun, thanks to you people. I have been learning Photoshop, so havent been back here for a while.
Thanks again, Jane
Post by: bobw on September 14, 2003, 01:11:48 PM
Post by: jcarter on September 14, 2003, 02:18:21 PM
Wondering whether their "Unauthorized Access" was blocked by the router(any router). Nothing strange has been going on with my Mac. Would I know? This sure is an interesting topic.
In all the years that I have had these Mac computers, I have never had a virus, now that I have the router, I leave the net on all day. I wonder if I am 'living dangerously'.
I would like to learn more about routers and this sort of troubleshooting.
Jane
Post by: jcarter on September 14, 2003, 02:44:19 PM
Maybe I should just live with the rebooting process, but the little fragile plug will wear out soon.
Will the "Unrecognized Access" spammers going after my port 1026 and 1027 create problems? I really should learn how to block them. to be continued,,,,,thanks
Jane
PS, I LOVE the banner, almost could be my doggies eyes.
Post by: tacit on September 14, 2003, 02:56:37 PM
QUOTE(jcarter @ Sep 14 2003, 7:18 PM)
Thank you, Bob, I will consult my manual for that. This is something that I know nothing about. It is interesting, though, as I get a lot of spam, too darn much. I have Earthlink and have my mail forwarded to my cable ISP, Adelphia. We are bombarded with spam.
Wondering whether their "Unauthorized Access" was blocked by the router(any router).
Wondering whether their "Unauthorized Access" was blocked by the router(any router).
The access attempts on port 1026 have nothing to do with the amount of spam you get.
Here's what happens:
Spammers have a big problem. Almost nobody allows people to mail spam through their mail servers any more. Even ISPs in places like China, Brazil, and Western Samoa, which used to be spam havens, are cracking down.
So some enterprising spammers found a solution. They wrote a computer virus that is a mail server.
They release the virus, which can infect millions of PCs. The virus listens for connections on port 1026. The spammers scan for infected people, then take control of those people's computers and use them to send the spam.
Your router is listing the unauthorized access attempts that it blocked. If it's in your firewall's logs, it was blocked.
The virus only infects PCs, so you are safe. The access attempts are there because the spammers scan millions of IP addresses at random looking for infected computers. You are on a Mac, so you are not infected. Efen if you were infected, your computer would still be safe, because your router blocks the spammer's attempts.
Post by: jcarter on September 14, 2003, 05:10:36 PM
The fact that I have to re-set the router is sure a minor complaint. I found that my firmware is up to date, so I will just put a line switch in the router's power cable and use it to switch it on and off, so that I don't wear the little plug out.
I would love to take a course in all this wonderful information, you could easily be the instructor! Thanks again, Jane
Post by: kimmer on September 14, 2003, 05:45:15 PM
Edited because I just saw that you've checked the firmware. I would suggest you contact your ISP and see if they have changed any settings. If so, make sure you note all your settings as they are now before you get started. My ISP would only help me log on without my router.
Once I had that info, I had to contact Asante and they helped me reset everything. It was very frustrating.
kimmer
Post by: jcarter on September 14, 2003, 07:42:03 PM
There are days like today, when I have only rebooted the thing twice, but it is annoying. My Mac neighbour has the same problem, and he just unplugs and plugs all his Macs constantly.
I have the Mac firmware v. 2.15, and the upgrade is for v. 2.02. So I guess I better leave that alone. I saw somewhere that v. 2.16 has a nasty bug. I could be wrong, as the information overload on these routers is rather large! And my brain is not that large, at least today.
The problem is with the router as far as I can see. I should like to see what the tech support people at Asante say, I should try them as you have done.
What I have learned today is enuf to put this old girls brain into 4WD. Thank you immensly for the info!!!
Jane
Post by: MamaMoose on September 15, 2003, 02:44:11 AM
In technical terms there are capacitors that must discharge before one can connect.
Since you have no problem when you are directly connected without the router and that this happens in the middle of asession, I suspect that the frequency with which you have to power down the router means that the router is bad, I would contact Asante tech support and explain the problem to them. They will also, send you a site from which you can download and upgrade your firmwar.
MamaMoose
Post by: jcarter on September 15, 2003, 09:27:34 AM
I just unplugged it this morning for 30 seconds, and then got right onto the web. Don't have to unplug anything besides the router power, even tho the ISP says to.
Interesting if they are doing something to thwart router users. I do leave the net on most all day, that's one reason I want the firewall, as Tacit explained to me what "unrecognized access" meant in the router log. I found that my firmware is up to date, according to the Asante help.
I will go through the Asante instructions once again, then get in touch with their tech support, I sure will post their reply here.
Thank you!
Jane
Post by: jcarter on December 17, 2003, 08:40:36 AM
It never ever disconnects as long as Netscape or IE is running, then I turn it off for the night. I meant to post this long ago, and thank you all for the great info, I passed it along to my local friends.
Jane
Post by: Gary S on December 17, 2003, 06:47:08 PM
I use a D-Link router but have never heard of a log af any sort.
Post by: jcarter on December 21, 2003, 11:49:32 AM
You use this URL, 192.168.123.254 then it takes you to the login page, login,(Asante uses "admin" for most), then go to VIEW LOG. It will show you everything that has come out or gone into your computer. But I sure don't know what much of it means. Tacit knows all about this router stuff. I would love to learn more, maybe after I have finished this semester, I will look for an easy course or at least something to read about this topic. I should ask him what book or site he recommends.
He explained that anything that says "Unauthorized access" means that my router firewall blocked that attempt. Look back here to his September post for more details.
I wonder why my 'outgoings' dont show, Ive been on the weather channel, amazon.com,loc.gov, and lots of book sites this morning, but they dont show up in my log.
This stuff in really interesting, I would love to learn more.
Maybe Tacit will be here and give us more good info.
Thanks, Jane
Post by: tacit on December 21, 2003, 12:22:29 PM
By default, a router will (unless you explicitly tell it otherwise) permit all outgoing connections, and block all incoming connections. So your computer may request any information from other computers on the Internet at any time, but other computers on the Internet may not send any data to you that you did not request.
Post by: Epaminondas on December 21, 2003, 03:00:25 PM
The Asante 3000 series routers are good routers. They are fast and they do a good job for what they are. You made a good choice two years ago.
Tacit wrote:
<< By default, a router will (unless you explicitly tell it otherwise) permit all outgoing connections, and block all incoming connections >>
For security purposes, the next step up is to have the knowledge and ability to block specific outgoing connections.
The next step up in security after that is to have the knowledge and ability to actually monitor outgoing connections.
How to gain that sort of knowledge?
Aye, there's the rub.
A careful reading of your 82-page Asante manual (or whatever) will likely lead you to a paragraph that your router can do some or all of the above, but there will likely be no further explanations - or the manual will say that this is only for "experts." With no indication of how to obtain the requisite expertise.
You can check out the Asante web page for further information. Click on "support" and wade through - they used to have a support bulletin board but I do not know whether or not they still do.
By golly, I just found it -
http://www.asante.com/support/index.html
_______________________________________
You could try reading a book to understand all this stuff.
I bought "Firewalls for Dummies" with just that in mind.
Basics - all I wanted was the basics.
This book was way over my head. I did not understand anything useful from my encounter with this book - and I was highly motivated and I have done postgraduate work in the sciences.
This book may help other dummies, but this is one dummy who cannot recommend it.
______________________________________________
In reading reviews about firewalls in PC (not Macintosh) magazines, the overall information seems to be that hardware firewalls and software firewalls tend to be complementary to one another.
Hardware firewalls tend to be strongest at making your computer invisible to the Internet and in blocking incoming materials. Do not neglect upgrading the firmware!
Software firewalls tend to be strongest at letting you know what the heck is actually going on and in blocking and monitoring outgoing materials.
The general advice from such articles is to use both.
I now use both - on all my computers - Macintosh and Linux.
______________________________________________
Which software firewall to use on the Mac?
Norton's is the most well-known. It does not tend to get the best reviews.
NetBarrier tends to get the best reviews - and it is available for you to try out and use for free for one month.
Plus - you can download the manual which will actually teach you some useful things about both limiting and monitoring outgoing materials in a way that is understandable to people who are not computer science majors.
Available for MacOS 9.x (and maybe 8.x - I forget) and MacOS 10.x.
NetBarrier
NetBarrier User Manual
_____________________________________________
Once you have a good firewall situation up and running, it is important that you use a relatively secure Internet browser.
For example - Internet Explorer, Netscape, and Mozilla up through 1.2.1 all have widely known, exploitable security vulnerabilities.
I am not yet aware of any vulnerabilities in the CURRENT versions of Mozilla, Opera, or iCab. There probably will be eventually - but not yet. Not widely known ones, anyway.
Concept - it is important in Internet security to keep up to date on your browsers.
To illustrate: putting up a secure firewall solution on your computer and then running Internet Explorer on it is like carefully locking all the external doors of your house with excellent locks and then leaving all the windows wide open.
If you are going to set up a secure firewall solution, then do not run a known insecure browser.
If you are going to run a known insecure browser, then there is no reason to bother with a secure firewall setup.
- - - Computer security is only as strong as it's weakest link. - - -
Other things that may be helpful in regard to Internet security include turning off Java, JavaScript and cookies when they are not needed. Monitoring and deleting cookies regularly. Turning off file-sharing. Not leaving passwords or forms on the computer. Up-to-date antivirus software (Virex is pretty darned good). Several browsers also allow you to turn off browser referrer information (notably Opera and Mozilla Firebird).
There are also proxy servers - I have not pursued that angle, and cannot advise.
A good site for checking out the security of your computer:
Online Security Check
All-in-all, making an overall habit of practicing safe computing will not make your computing experience 100% secure, but it will improve your odds against something unfortunate happening.
Best regards,
Epaminondas
Post by: jcarter on December 21, 2003, 03:21:32 PM
I do see many "Unrecognized access from' 67.78.124.152:44415 to TCP port 30260" as an example. Indeed I am very happy that you tell us that they are unsuccessful attempts. What if I had a PC and no router, would these get into my computer and do damage?
Is there a site that we could look these up to see where and who? I did plug this one into Netscape and it said 'contacting host' so I chickened out and stopped it connecting. Hey, this is fun!
Hi E. Thank you for your great info! I will look at these sites, and yes, I think I looked at that book in the bookstore and my dummy brain rejected it. The Asante info was beyond me. The more I learn about these computers, the more I want to know, it sure is fun! It just is difficult to find where to start.
I really enjoy learning new things and now that I'm retired, I have the time.
Thanks again,
Jane
Post by: Mayo on December 21, 2003, 07:54:35 PM
I have come to believe that a software firewall is redundant if your router firewall is doing its job. Why spend the money if you don't need to? And when you upgrade to OS X sometime in the future you will have the firewall that is built-in to the OS.
Use the security link that Epaminondas provided and you will know in a couple of minutes how well your router firewall is working. Use the port scan test on the left at this website Security Check to see whether your ports are in "stealth" mode, the best possible protection.
Disabling Java, cookies and the other suggestions made by Epaminondas can make web surfing more secure, but they can also make the experience a real hassle. I think the potential problems associated with Internet use are minimal. We face bigger problems from spammers and the physical relocation of our Macs (theft...) because most people leave vital personal information readily accessible to prying eyes.
Web Confidential is a perfectly safe application that stores all kinds of passwords, credit card numbers and the like that can be encrypted. There are also programs available to provide various levels of security for drives and files Security Software Using the OS X Secure Empty Trash command or an inexpensive OS 8/9/X app like ShredIt is a good habit to establish.
Basically, with a few precautions and a pinch of Common Sense there is no reason to be paranoid. Just have fun!
Post by: tacit on December 21, 2003, 10:34:20 PM
QUOTE(jcarter @ Dec 21 2003, 9:21 PM)
I do see many "Unrecognized access from' 67.78.124.152:44415 to TCP port 30260" as an example. Indeed I am very happy that you tell us that they are unsuccessful attempts. What if I had a PC and no router, would these get into my computer and do damage?
It depends.
Many of these access attempts represent a computer searching for other computers infected with a specific virus or Trojan.
Here's how it works:
Let's say i write a virus. I release the virus into the public through email or by infecting another program or whatever. The virus is designed to do two things: spread to other computers, and wait for connections on a certain port.
After the virus has been out for a while and spread to a lot of computers, I start running another program. It scans through millions of IP addresses at random trying to connect on the virus port.
Most computers are not infected; nothing happens. However, if it finds a computer infected with my virus, it gives me complete control over that computer. I can do whatever I want.
Why would I do this?
Often, it's because I'm a spammer, and I want to take your computer over and make it send out spam. Or perhaps I want to take your computer over and use it to store and trade illegal files, or use it to hack other computers--if the FBI traces my hacking, they end up knocking on your door, not my door.
So: If your computer had no firewall and was not infected with a virus, nothing would happen. If you had no firewall and you were infected by a virus, though, your computer would be completely compromised.
Post by: jcarter on December 22, 2003, 08:35:06 AM
But I have never had a problem ever with any virus or anything. My only problem is spam, and I just delete them every morning.
I have never bothered using my virus software, it is turned off.
I never have looked at 'bad' sites, and nobody has access to my Mac other than family. I still have OS 9.2.2 because I am a bit intimidated by reading my MacWorld magazines, and reading the problems on my Adobe forums of the software problems with the new OS. I do know that things are improving, and my husband is wanting to get me a new Mac.
I did call Asante a while ago, and my firmware is up to date, and they dont know why Ihave to restart the router every morning. It doesn't really bother me, just doing one unplug once a day. Our ISP is against us using routers.
I dont have anything on my computer that I would be not wanting people to read, except for the banking and credit cards. Of course we have passwords for them and they are not in the computer room. All the other stuff like Amazon and my picture pages have passwords, but I dont think anybody would be interested in those.
Hi Tacit, I am very glad I have a Mac and a good router. The thing seems to be repelling all these attempts, I hope.
OS X is even more secure from what I hear.
Spam, that is the root of all this evil isn't it. Most of it comes from outside the USA, so I guess that we really cant do much about it.
Most of mine is pushed into my 'spam and garbage' folder, so I just scan it to see if something good is hiding there, usually not, so I just delete the mess.
Wow, you people have given me a wonderful lesson in this!
I thank you greatly!
Sorry my questions are so long, but I sure feel more confident after I read your answers. Now I will be able to ignore my classmates talk about their infected PCs.
I better stop now, even tho I have more questions, the dog is waiting for our morning walk.
Jane
Post by: tacit on December 23, 2003, 02:32:48 PM
QUOTE(jcarter @ Dec 22 2003, 2:35 PM)
Spam, that is the root of all this evil isn't it. Most of it comes from outside the USA, so I guess that we really cant do much about it.
Actually, that's not quite true. over 90% of spam comes from the USA, but it is sent through overseas servers.
The Internet makes it easy for anyone to set up a mail account on a server anywhere. I am living in Florida; I use AOL and Earthlink for my email, so the email servers I use are in Virginia and Atlanta. And just like I can create an account with a company in a different state, I can create an account with a company in China; it only takes a few mouse clicks.
The spam is coming from the US, but the American who is sending it is using a server in China to relay it.
In fact, over 90% of the world's spam comes from one small handful of people, most of them living in Boca Raton, Florida and the rest living in California. This small group of people sends out spam on behalf of all the porn sites and phony drug sites and whatnot that you see.
Post by: Mayo on December 23, 2003, 03:01:06 PM
A search of the TS archives will turn up posts that myself and others have made that detail the ways to minimize spam.
Post by: jcarter on December 23, 2003, 05:12:31 PM
Boca Raton is a small target, I would love to see the spam obliterators see if they could do something to them! 'About' them is nicer wording.
Spam is only a nuisance for me, as I am only a grandmother having a great time with computers as a hobby, but it must be costing time and REAL money for business.
This is interesting, I am learning a lot from you! I had no idea that they originate inside the USA. The bottom line; who would ever click on this stuff, who would ever buy it, where are their brains? If nobody ever looked at this stuff, just deleted as we all do, would spammers stop, what is perpetuating this?
Love to see some numbers on this,
Jane
Post by: jcarter on December 25, 2003, 07:53:46 AM
I just ran the Symantec port and trojan horse security check on my G4, and all the ports for both checks were 'stealth', except one. (Symantec said that this computer is "secure".)
That one is the ICMP ping port and it said it was 'open'.
My kids have tried to ping this computer from their school and each attempt was unsuccesful, so I wonder what that means. It must not be open then?
Also when I log on to my classroom, I see my IP address and the cable location of my town thru Albany NY, where the company is, Adelphia.
I wonder what it means if that IP address is out there for whoever to see, or if it is just available to the classroom and the security check people. Or just to places that I log on to.
Whew, that's another lesson!
You people are wonderful!
Merry Christmas to you all, and I better get back into the kitchen, thank you again, Jane
Post by: tacit on December 26, 2003, 05:57:03 PM
What IP address are you trying to ping? Because you have a router, you have two IP addresses: an "external" address that is assigned by your ISP, and an "internal" address that the router assigns to your computer. The internal address always begins with 192.168.
If you try to reach the internal address from the Internet--you can't. You can only access the external address, which will not begin with 192.168. You will not be able to ping your computer using the internal 192.168 address from the Internet. You should be able to ping the external address, though--the router, not the computer, will answer the ping.
Post by: jcarter on December 27, 2003, 09:29:41 AM
Yes, the router address starts with 192.168, but the IP address of the computer shows up on my classroom page after I log in. And when I do the security check, it also shows up. Is that bad?
It starts with a 68. DNS and IP address and Asante Gateway all are the same?
Sorry to bother you again, but your explanations are so good that I am understanding more. This is really interesting.
Another reason that Macs are better than PCs.
Thanks again,
Jane