windows 7 firewall

id1x · Post by **id1x** » Tue Mar 16, 2010 3:12 pm

hi , i havnt been using any firewalls on xp because i dont surf the net much often
and i didnt want to slow down my internet with it .

but am thinking about what to do in windows 7 . is the integrated firewall any good?
i can always use the zone alarm free edition which means disabling win7 firewall services .

do i really need firewalls at all ? and what do u recommend using if i do ?

i have one on my router also but its disabled by default and i couldnt figure out its
settings so i left it disabled

so far i have only AVG free edition installed and i disabled windows 7 defender

YARDofSTUF · Post by **YARDofSTUF** » Tue Mar 16, 2010 5:46 pm

Yes you need one and it doesnt slwo your net down.

Turn on the routers NAT feature and enable windows firewall, thats really all you need, but you do need it, no matter how little you are on the net.

EDIT: And don't disable windows defender, drop AVG and get Microsoft security essenials or Avira Antivir, either virus program is better than AVG and is lighter on the system.

id1x · Post by **id1x** » Tue Mar 16, 2010 6:55 pm

yes but Microsoft security essentials refused to work along with defender
and had disabled it !!

can u teach me haw to set my router firewall please ? when i click on firewall i see this

IP Filtering

This page allows you to specify the IP packet filtering rules to prevent the services accessed from the Internet hosts or limit the Internet access for local hosts.

enable disable

and nat has nothing to do with it .

YARDofSTUF · Post by **YARDofSTUF** » Tue Mar 16, 2010 7:59 pm

Dont worry about IP filtering as long as NAT is enabled.

Just noticed that my defender is disabled as well, ddint notice that at first when I installed MSE.

Post by **YeOldeStonecat** » Tue Mar 16, 2010 9:42 pm

MSE disables Defender because it takes its place, it has a bit of Defender in it already, plus quite a bit more.

id1x · Post by **id1x** » Wed Mar 17, 2010 12:03 pm

here is haw things looks . what do u mean by enable nat ? i dont see that
option .

and in fire wall when i click enabled it shows those 2 boxes out bound traffic
and inbound traffic . and IGMP proxy . haw should i set these things ? thanks

Post by **YeOldeStonecat** » Wed Mar 17, 2010 12:42 pm

There's usually no "enable or disable NAT" function with home grade routers. That's how they work, in gateway mode..using NAT, it's what your basic hardware firewall protection is. You don't want to disable it, it's a good thing.

If you have do let services through NAT, you do it via port forwarding.

id1x · Post by **id1x** » Wed Mar 17, 2010 12:54 pm

ok i dont think i understand anything from all this .

can u just tell me what to do in those screen shots to enable my firewall thanks ?

id1x · Post by **id1x** » Thu Mar 18, 2010 6:16 am

u keep telling me wrong thinks . first about defender then u keep saying enable nat
and nat dosnt have enable option
what is gateway mod and so on . am new and u dont look like someone who
likes to help
am leaving this web site .

YARDofSTUF · Post by **YARDofSTUF** » Thu Mar 18, 2010 6:37 am

Maybe you should explain what you to accomplish with ip filtering?

A router with NAT makes for a basic or simple firewall, good enough for home users.

IP Filtering is just going to open ports to pass through the router, its not going to enable any firewall like feature.

akbarri · Post by **akbarri** » Thu Mar 18, 2010 8:35 am

- do i really need firewalls?
- recommended firewall?
- how to set router firewall?
- how to set router firewall > IP Filtering?

how we can help if we dont understand ur main purpose?

ur scrshoot's too small!

id1x · Post by **id1x** » Thu Mar 18, 2010 9:53 am

these are thumbs if u click them and go to imgshake u can see full size
strange u donr know that already

id1x · Post by **id1x** » Thu Mar 18, 2010 9:56 am

http://img101.imageshack.us/img101/5561 ... e005fn.jpg

http://img100.imageshack.us/img100/7867/picture004k.jpg

http://img524.imageshack.us/img524/8131 ... e003dv.jpg

here is direct link

id1x · Post by **id1x** » Thu Mar 18, 2010 10:03 am

well i just want to enable the router fire wall properly . i understand the rest of the
question u said

YARDofSTUF · Post by **YARDofSTUF** » Thu Mar 18, 2010 3:31 pm

id1x wrote:well i just want to enable the router fire wall properly . i understand the rest of the
question u said

Well with no Disable/Enable option for NAT, the router is most likely functioning as a basic firewall now.

http://www.speedguide.net/scan.php

Click the Start button and let the page load. Does the scan come back with your ports being open closed, or filtered?

id1x · Post by **id1x** » Thu Mar 18, 2010 9:28 pm

Total scanned ports: 309
Open ports: 1
Closed ports: 0
Filtered ports: 308

1863/tcp open unknown

http://www.speedguide.net/port.php?port=1863

YARDofSTUF · Post by **YARDofSTUF** » Fri Mar 19, 2010 11:12 am

So its already filtering your ports, the router is acting as a basic firewall for you. Not sure why 1863 is open with nothing listed in IP filtering, but if you are worried about the worm, run malwarebytes to clean up anything running on your system.

http://www.malwarebytes.org/

trogers · Post by **trogers** » Fri Mar 19, 2010 11:30 am

YeOldeStonecat wrote:There's usually no "enable or disable NAT" function with home grade routers. That's how they work, in gateway mode..using NAT, it's what your basic hardware firewall protection is. You don't want to disable it, it's a good thing.

If you have do let services through NAT, you do it via port forwarding.

A router can be basically set into one of 2 modes: NAT routing or Bridge mode.

In NAT routing mode, your router receive the WAN IP address from your ISP and creates a Local Area Network (LAN) and assign an internal LAN IP address to your computer, usually in the format 192.168.xx.xx

In Bridge mode, the routing function is turned off and your computer receive the direct WAN IP address issued by your ISP. Thus, your computer is exposed directly to the internet.

If you want to learn more about how NAT routing acts like a firewall, try reading through this link:

http://www.grc.com/nat/nat.htm

id1x · Post by **id1x** » Fri Mar 19, 2010 11:31 am

maybe windows MSNP (Microsoft Notification Protocol), used by the .NET Messenger Service and a number of Instant Messaging clients (official)

is using it ? it cant be a malware i have done 3 clean installed yesterday on different
partition and they gave same result .

anyway u recommend keeping this setting ? and using ip filtering for Outbound traffic

thanks

id1x · Post by **id1x** » Fri Mar 19, 2010 11:34 am

trogers wrote:
If you want to learn more about how NAT routing acts like a firewall, try reading through this link:

http://www.grc.com/nat/nat.htm

thanks but u are talking to a total nob here . i just want to see haw to
enable my router firewall if its any good .

id1x · Post by **id1x** » Fri Mar 19, 2010 2:35 pm

i made this test and tested all common and services ports and all were stealth i dunno
why ure test showed that port opened

https://www.grc.com/x/ne.dll?bh0bkyd2

GRC Port Authority Report created on UTC: 2010-03-19 at 18:23:58

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

GRC Port Authority Report created on UTC: 2010-03-19 at 18:27:36

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

0 Ports Open
0 Ports Closed
26 Ports Stealth
---------------------
26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

YARDofSTUF · Post by **YARDofSTUF** » Fri Mar 19, 2010 3:02 pm

Hmmmm, thats a good question. I shall ask the man with the answers to share this thoughts here.

id1x · Post by **id1x** » Fri Mar 19, 2010 7:19 pm

u mean the first most evil ?

YARDofSTUF · Post by **YARDofSTUF** » Fri Mar 19, 2010 7:40 pm

id1x wrote:u mean the first most evil ?

Nope,

The man that runs the site, Philip. I sent him a pm and linked this thread to see if he can shed some light on it.

Post by **Philip** » Sat Mar 20, 2010 12:36 am

Seems that the GRC scan simply does not scan port 1863, that's why it showed no open ports. There are 65535 tcp and 65535 UDP possible ports, different sites choose to scan a different subset of all those (common vulnerabilities, most often open ports, etc.), since a full scan takes too much time and resourses.

Port 1863 is most commonly used by MSN Messenger, there are also a couple of worms/trojans that use it: http://www.speedguide.net/port.php?port=1863

id1x · Post by **id1x** » Sat Mar 20, 2010 11:10 am

i did that scan after a clean install . maybe its a flow in windows messenger .

anyway so if my ports are stealth dose that means i am protected ?
do i still need a software firewall ?

id1x · Post by **id1x** » Sat Mar 20, 2010 12:51 pm

GRC Port Authority Report created on UTC: 2010-03-20 at 16:42:30
Port
Status Protocol and Application

1863
OPEN! msnp
MSNP

Results from probe of port: 1863

1 Ports Open
0 Ports Closed
0 Ports Stealth
---------------------
1 Ports Tested

THE PORT tested was found to be: OPEN.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

yes ure right msn protocol that means am not the only one with that port
open . so what do u recommend for me as a final solution
i dont want outbound protection just inbound so am i ok with that
nat and that port open ?

YARDofSTUF · Post by **YARDofSTUF** » Sat Mar 20, 2010 4:09 pm

id1x wrote: anyway so if my ports are stealth dose that means i am protected ?
do i still need a software firewall ?

Yes, you are protected.

id1x · Post by **id1x** » Sat Mar 20, 2010 4:49 pm

ok great thanks . now i will turn windows 7 firewall and those services
off . would that be ok ?

Internet Connection Firewall (ICF)

* Application Layer Gateway Service
* Internet Connection Sharing (ICS)
# Base Filtering Engine
# IKE and AuthIPsec Keying Modules

# IPsec Policy Agent
# Routing and Remote Access

YARDofSTUF · Post by **YARDofSTUF** » Sat Mar 20, 2010 4:55 pm

Base Filtering Engine Cand be disabled.

Application Layer Gateway Service
IKE and AuthIPsec Keying Modules
IPsec Policy Agent

Those should be left on or set to manual.

And Internet connection Firewall I would leave on.

id1x · Post by **id1x** » Sat Mar 20, 2010 6:29 pm

YARDofSTUF wrote:Base Filtering Engine Cand be disabled.
.

u mean can or cant ? sorry but that would be my final question and thanks
a lot for setting my system .

YARDofSTUF · Post by **YARDofSTUF** » Sat Mar 20, 2010 6:53 pm

id1x wrote:u mean can or cant ? sorry but that would be my final question and thanks
a lot for setting my system .

Ya, I meant cant, or shouldn't, guess I combined those. lol

A good guide to services:

http://www.blackviper.com/Windows_7/servicecfg.htm

id1x · Post by **id1x** » Sun Mar 21, 2010 1:01 pm

YARDofSTUF wrote:
http://www.blackviper.com/Windows_7/servicecfg.htm

but it was that web that recommended disabling win firewall and those
services if i have a router firewall

http://www.blackviper.com/Windows_7/Ser ... rewall.htm

so u got me confused again

akbarri · Post by **akbarri** » Sun Mar 21, 2010 3:06 pm

id1x wrote:but it was that web that recommended disabling win firewall and those
services if i have a router firewall

http://www.blackviper.com/Windows_7/Ser ... rewall.htm

so u got me confused again

Win Firewall vs Router Firewall => Software Firewall vs Hardware Firewall

Just make ur Firewall 2 Layers :
1st Defence, Hardware Firewall (Router Firewall)
2nd Defence, Software Firewall (Win Firewall / 3rd Party Software)

http://www.speedguide.net/faq_in_q.php? ... 102&qid=64

id1x · Post by **id1x** » Sun Mar 21, 2010 4:11 pm

yes i got what u mean from the start its just at that web they said something difrent than u said :

If you use an external hardware firewall/gateway/router between your computer and the internet, do not use IPsec (VPN tunneling, etc) and Internet Connection Sharing (ICS), then this service and the following group of services can be disabled:

* Base Filtering Engine
* IKE and AuthIPsec Keying Modules
* Internet Connection Sharing (ICS)
* IPsec Policy Agent
* Routing and Remote Access
* Windows Firewall

i have read that web before i asked u but when advised me to use it , i got confused
but i will keep those services on like u said . wont be using 3rd part s/w

i got another problem now :

i got my isp dns numbers working fine with xp but in windows 7
it says dns servers are not responding . when i used
a public dns server it worked . what should i do ?
i asked the isp company they said its better that i ask you .
maybe i can give them feed back . thanks

YARDofSTUF · Post by **YARDofSTUF** » Sun Mar 21, 2010 5:30 pm

On that same article you link it says it recommends not disabling the windows firewall.

As for the DNS, what type of connection do you have DSL/Cable? Have you tried leaving it on obtain ip/dns automatically?

id1x · Post by **id1x** » Sun Mar 21, 2010 6:49 pm

aha i didnt see the recomended . ok then

i have adsl and am used to set it at xp cause it dosnt work on auto
but no i didnt try to leave it at auto with win7 ill try and see if it works
it works .

should i uninstall anything in the connection properties such as clients
or so ? or just leave it as it is?

id1x · Post by **id1x** » Mon Mar 22, 2010 11:36 pm

YARDofSTUF wrote: As for the DNS, what type of connection do you have DSL/Cable? Have you tried leaving it on obtain ip/dns automatically?

that didnt work . i put down my DNS anyway and it worked despite
the error message . when i use that new public dns it works normally
maybe they are behind all that . i would use them but they kinda take
over my browser some times and i dont like that .