Thank you for the reference to Microsoft Baseline
Security - I definately want to get rid of some services
from this fresh install of Windows 2000 I did the other
day. I too had constant internet activity upon installing
Windows 2000 (not an upgrade - but a new install). So I
got all the security packs and updates installed and it
stopped SVC.HOST from flipping out and getting on the
net. It didn't stop other things though. My DSL link
light flashes like a Banshee when I power this thing up.
Sooooo.......I installed Panda Virus protection and tried
a couple of firewalls. You can get Panda for a free 30
day trial. I tried Sygate's free firewall but personally
preferred the free firewall called Previx. It will trace
back a connection and tell you the host and domain name of
a possible rogue connection getting into your computer.
It does this without much effort or understanding on our
part. Boy, was I suprised to see what was going on behind
the scenes!
1. Panda keeps finding viruses infecting my windows
system files.
2. These infected files immediately go and access hosts
on the internet at about 150 KPS (hence the Banshee light
on the DSL hub).
3. The filewall and virus software do a wonderful job of
catching these buggers, and killing them, yet it still
keeps happening. I managed to get the Previx firewall to
keep at bay most of this crap coming and going and the DSL
Banshee light calmed down a bit.
So that's where I'm at. Whenever I power this thing up
now I am fully expecting it to try and access the internet
and for my programs to keep it from doing that. Any help
from you all out there concerning this would be nice. I
am in the position (and am currently willing)too perform
another fresh install.
About activity on your hub or wireless router or whatever
you have. If it's constant and you didn't initiate a
download yourself, you have an intruder accessing your
files. Normally, this link light will only flash
periodically. Network services must periodically
broadcast there address and update their router tables
held in memory. Again, these should be sporadic flashes -
not something constant and potentially dangerous. If
anyone can help with the virus issue - Thanks!
-----Original Message-----
OK. Glad to hear you have a firewall. I have noticed on my wireless card that there
is light activity even when their is no apparent activity which can be normal as I
believe it is a heartbeat type signal [for lack of better term] that may not actually
involve network data transmission. Sygate has extensive built in logging so I would
take a look at it's logs for more info. It is normal to have listening ports
depending on computer configuration. If you are not offering shares to other
computers on the network you can enable file and print sharing. The firewall blocks
access to those ports but you can only disable them by disabling the service or
application using them. Try using the free TCPView
utility from SysInternals which
will give you a GUI of port use and the associated
process/executable. Also run the
Microsoft Baseline Security Analyzer on your computer and it will warn you about
possibly unneeded services. Typically Windows 2000 has a lot of services installed a
user may not need such as messenger, alerter, telnet, and web server. --- Steve
http://www.sysinternals.com/ntw2k/source/tcpview.shtml
http://www.microsoft.com/technet/security/tools/mbsahome.m spx
http://www.microsoft.com/athome/security/protect/default.a spx -- Microsoft basic
security procedures.
.
