XP vulnerabilities?
joe
searching the net for a while now without finding a clear answer to the
following, and I am hoping you can help.
I have recently changed from Win98SE to WinXP corp pro, running Norton
Internet Security 2003. Under Win98 I had Atguard and BlackIce running in
addition to NIS and I came up undetected at every security test site I could
find. I understand that WinXP has some (many?) holes and was wondering:
1. How important is it to install the SP's from MS, and what "surprises"
should I expect from them?
2. What additional software should I have and/or what settings should I
change in WinXP to be invisible on the net?
3. Does Steve Gibson know what he's talking about or not?
I have also recently changed from dial-up to DSL, hence my increased
concern.
TIA
*Vanguard*
<snip>
> I have recently changed from Win98SE to WinXP corp pro, ...
Then you are probably running a pirated copy of Windows. The "Corporate
Edition" is what the pirates call an instance they illegally sell off from a
volume license they supposedly purchased. All instances of the OS in a
volume license are to be used and remain within the same organization; i.e.,
buying a 5- or 100-license version of Windows means all of them get used
within the same organization. There is no such thing as a "volume" license
for 1 instance of Windows. The minimum for a volume license is 5 instances.
Selling off "Corporate Editions" of instances from a volume license to
outside their organization (since there would be no point in *selling*
anything within their own organization) at the much greater retail price of
a 1-license copy is a violation of the EULA or contract they made when they
purchased the volume license. Whomever you purchased the "Corporation
Edition" is buying the volume license at far cheaper for each instance and
then selling them off illegally at the full retail 1-license price. A
single "Corporate Edition" is a pirated copy illegally sliced off from a
volume license. A "Corporate Edition" of Windows is *NOT* the same thing as
an "OEM" version.
<snip>
> I understand that WinXP has some (many?)
> holes and was wondering: ...
Same ones in Windows 2000. Windows XP is to Windows 2000 what Windows ME
was to Windows 98: some minor changes, some fluff added, but basically the
prior version on [mild] steriods. Windows ME and XP were not critical for
businesses nor gave much bang for the buck. They got created because
marketers recognize that consumers have a need to upgrade and so they
fulfill that need while making a buck at it. Why do people buy a new car
after using their old one for only 3 to 6 years? They want something new,
different, improved, and shinier. Don't confuse continuing updates to, say,
Internet Explorer, as updates to the OS since IE installs on all the Windows
platforms and will incur the same security risks across all of them. If a
buffer run overflow exploit exists in IE then it exists on whatever version
of Windows it is installed (and the exploit may actually be easier to
exercise on 95-based Windows due to lack of security).
> 1. How important is it to install the SP's from MS, and what
> "surprises" should I expect from them?
You could always ignore the updates (turn off Windows Update on your Windows
and never visit windowsupdate.microsoft.com) and leave the security holes
there. There is no software in which a patch, fix, or upgrade cannot
introduce another problem. Sometimes they fix the problem. Sometimes they
trade off a more severe problem to incure a lesser problem. Sometimes they
fix one problem and create 2 others. Change will always incur risk in
creating new problems, but stagnation also incurs risk from existing
problems. That's the world of software whether it be for an OS, word
processor, defragmenter, or whatever program.
> 2. What additional software should I have and/or what settings should
> I change in WinXP to be invisible on the net?
Got a NAT router? Does it have a firewall? Running a software firewall on
your computer? Got anti-virus software, having it load and remain enabled,
and letting it automatically update frequently? Running anti-spyware
scanners, like Ad-Aware and Spybot? Are you opening any executable
attachments on e-mails?
> 3. Does Steve Gibson know what he's talking about or not?
Depends on who you talk to. I personally don't understand why some folks
attack him but then some folks are very peurile when you debate their
opinions, views, or their perceived facts. He's been around in the computer
arena longer than I have (25 years). I remember figuring out how to detect
the pattern of the plated media separating from the platter using his
Spinrite utility over a decade ago when nothing else could. He works with
the FBI and other gov't agencies in writing software that we'll never see to
hunt down script kiddies and zombie scum. There are undoubtedly some folks
around that know more than he does, but he's a far league away from what I
know. As with any information, it's best if you can corroborate it with
other "experts" (that you've chosen to recognize as such) and possibly
educate yourself enough to know whether the advice or information is
applicable to you. I'd have to see convincing evidence from another expert
with real facts and corrobated by others before I'd let that other expert
topple something by Steve. Yeah, he's still human so he will make mistakes
but he's got a huge foundation of experience and knowledge to draw from that
we don't. I regard Steve's statements as reliable just like I consider
articles at tomshardware.com to be reliable.
> I have also recently changed from dial-up to DSL, hence my increased
> concern.
You are now a more delicious target for the scum that proliferate viruses,
trojans, zombies, and want to use your computer to partake in their nasty
tactics. You need to at least be using a firewall, even if it is something
crippled like ICS in Windows XP that only monitors inbound connections. You
don't have to do everything at once to get protected from your now always-on
connection. In fact, you might just start by disabling the LAN connectoid
when you aren't using the Internet. Then install anti-virus software and
keep it updated. Then try using Windows XP's ICS firewall or pickup a
freebie firewall (ZoneAlarm, Kerio, Sysgate Personal) and not bother
disabling the LAN connectoid when you won't be using the Internet yourself.
Get Ad-Aware and Spybot to periodically hunt for spyware (if you bother to
download "freebies" that could be possibly polluted with spyware). Get
SpywareBlaster to safeguard against alternate avenues of infection by
spyware to cripple them if they manage to get in. Use SpywareGuard to
afford some protection from IE getting hijacked. Use a popup blocker to
eliminate the nuisance of popups, but some afford more features, like PopUp
Cop which also has ActiveX guard (to prevent accidental download and
installs of ActiveX controls) and a cookie manager (to purge any
non-whitelisted domains). Start out attacking one source of intrusion and
abuse and gradually improve your protection.
>
> TIA
--
____________________________________________________________
*** Post replies to newsgroup. E-mail is not accepted. ***
____________________________________________________________
joe
Security's firewall but I'm not convinced that's enough - under Win98 I had
many cases of attacks which were only picked up by Atguard or BlackIce and
not by NIS2003. I have been using computers for 25 years too but would never
have the audacity to say I know 1% of what Steve Gibson knows but I have a
fair idea of what it takes to surf safe, hence I obviously never open an
.exe file which has been spam emailed, etc. I notice you mention ZoneAlarm
as a useful firewall, yet I've heard many people rubbish this. What do
others think, and are there any firewalls I should be using in addirtion to
NIS?
"*Vanguard*" <no-e...@no-spam.invalid> wrote in message
news:4pmdnTzZ9pl...@comcast.com...
Gladys Pump
alt.computer.security newsfroup, articulated the following sentiments :
>Thanks for the tips Vanguard. As I said, I'm running Norton Internet
>Security's firewall but I'm not convinced that's enough - under Win98 I had
>many cases of attacks which were only picked up by Atguard or BlackIce and
>not by NIS2003. I have been using computers for 25 years too but would never
>have the audacity to say I know 1% of what Steve Gibson knows but I have a
>fair idea of what it takes to surf safe, hence I obviously never open an
>.exe file which has been spam emailed, etc. I notice you mention ZoneAlarm
>as a useful firewall, yet I've heard many people rubbish this. What do
>others think, and are there any firewalls I should be using in addirtion to
>NIS?
Zonealarm is just hyped/spammed around more than other firewalls. IMO, it's
ok, but there are many quality alternatives. Personally, I'm a big fan of
Kerio software. Their free Personal Firewall (2.1.5) rules as far as I'm
concerned (no pun intended).
http://download.kerio.com/dwn/kpf/kerio-pf-2.1.5-en-win.exe
I don't think it's wise to have more than one personal firewall running on
the same PC. Maybe one of the other regs here can explain why in detail, but
I'm guessing at conflicts between the two applications. This goes for AV
products as well. Although in the latter case, you could have one as an
'on-demand' scanner, and another vendor's product running in the background
as an 'active' scanner. Remember though that no matter if you have several
AV products installed, they're only as good as their last update.
I think Steve Gibson is a very clever guy. I also recognise the fact that
he's very good at marketing ideas, particularly his own, and is extremely
persuasive in his approach. You asked whether or not people thought he knew
what he was talking about ? What was your initial reaction ? Personally, I
think he does, but like I said, he's a good 'salesman' too...
Getting back to Internet security, you can help yourself out a lot by not
running unnecessary services on your machine in the first place. If you're
just an individual (not in charge of a company's network), and you've got a
properly configured firewall, good updated AV, and have your brain engaged
when using your email client, I would say you're as safe as you'll ever be.
Might help to change your default browser too if you haven't already. I like
IE personally, but I'm bowing to the present wind of change in here and
using Mozilla FireFox for grins.
http://www.mozilla.org/products/firefox/
A lot of people I think overestimate their importance (not directed at you
personally I hasten to add) when it comes to their security. Unless you're
in charge of thousands of pounds-worth of computers, and you've taken the
necessary steps to protect yourself, then you're probably not that much of a
'catch'. At least, not for people who write the cracking tools and really
know what they're doing.
Paranoia is not necessarily a bad thing, but do a 'reality update' every now
and again. :)
HTH.
Regs, Pete.
joe
"Gladys Pump" <noway...@jose.noway.zap> wrote in message
news:t68e30lvcchebdb1h...@4ax.com...
I'm not sure of this either but all I know is that Atguard would block
things that NIS let through so I'm wondering if I should run more than one
firewall?
>
> I think Steve Gibson is a very clever guy. I also recognise the fact that
> he's very good at marketing ideas, particularly his own, and is extremely
> persuasive in his approach. You asked whether or not people thought he
knew
> what he was talking about ? What was your initial reaction ? Personally, I
> think he does, but like I said, he's a good 'salesman' too...
Initially (7 years ago) I thought he was the man and BlackIce was my main
defence, along with Atguard - but, once I upgraded BlackIce, I noticed way
too many false positives - which his critics say he's doing deliberately.
So, at the moment, I'm undecided but I have not reinstalled BlackIce.
>
> Getting back to Internet security, you can help yourself out a lot by not
> running unnecessary services on your machine in the first place. If you're
> just an individual (not in charge of a company's network), and you've got
a
> properly configured firewall, good updated AV, and have your brain engaged
> when using your email client, I would say you're as safe as you'll ever
be.
>
> Might help to change your default browser too if you haven't already. I
like
> IE personally, but I'm bowing to the present wind of change in here and
> using Mozilla FireFox for grins.
I guess that comes back to how many hours we each have in the day - I have
heard there are better browsers than IE, better OS's than WinXP, and better
newreaders than OE but I don't have the time to learn them all unless the
choice was clear.
>
> http://www.mozilla.org/products/firefox/
>
> A lot of people I think overestimate their importance (not directed at you
> personally I hasten to add) when it comes to their security. Unless you're
> in charge of thousands of pounds-worth of computers, and you've taken the
> necessary steps to protect yourself, then you're probably not that much of
a
> 'catch'. At least, not for people who write the cracking tools and really
> know what they're doing.
I basically want to be confident in the knowledge that I can visit any site
I want on the net and not inadvertently attract spam email, as well as being
able to repel the regular trolls who randomly ping us all.
joe
"Leythos" <vo...@nowhere.com> wrote in message
news:MPG.1aa118813...@news-server.columbus.rr.com...
> In article <c16lh4$s05$0...@pita.alt.net>, j...@hotmail.com says...
> > OK - please don't flame me for a newbie dumbass question but I have been
> > searching the net for a while now without finding a clear answer to the
> > following, and I am hoping you can help.
>
>
> > I have recently changed from Win98SE to WinXP corp pro,
>
> version are only available within a company, and since home users can't
> install a copy of their companies open license are we to assume that
> this is a bootleg copy?
>
> > running Norton
> > Internet Security 2003. Under Win98 I had Atguard and BlackIce running
in
> > addition to NIS and I came up undetected at every security test site I
could
> > find. I understand that WinXP has some (many?) holes and was wondering:
>
> version of Windows - meaning that Windows NT, 2000, XP are in the same
> family, Windows 95, 98, ME are in another family.
>
> > 1. How important is it to install the SP's from MS, and what "surprises"
> > should I expect from them?
>
> a lot of trouble. There are more than security updates that you need.
>
> I have installed hundreds of copies (licensed) of XP on systems, fully
> patched, and never but hurt by any service pack or critical update.
>
> > 2. What additional software should I have and/or what settings should I
> > change in WinXP to be invisible on the net?
>
> Only run as administrator when installing software or running something
> that absolutely requires administrator level access.
>
> Set your IE settings on Security for the "Internet Zone" to it's highest
> setting, then put sites you trust in the trusted zone - change the
> trusted zones settings to Medium-Low or Medium.
>
> > 3. Does Steve Gibson know what he's talking about or not?
>
> since Spin-Rite came out. I've found his scanner to work well for
> testing my routers and some firewalls for simple holes. In general, he's
> reliable.
>
> > I have also recently changed from dial-up to DSL, hence my increased
> > concern.
>
> on dial-up.
>
> Get a DSL router with NAT and then use ONE firewall application. The
> router will block all unsolicited inbound attempts, so that's your first
> layer (border). The personal firewall will block outbound.
>
> I'd be more concerned about your "Corp" version of Windows XP than
> anything else right now.
Thanks for your comments but - are you taking on the role of the net police?
For your information, I run my own company from home so I have installed the
valid corp edition on all my networked computers. Nice of you to jump to
conclusions - and why the hell are you so personally "concerned"?
>
> --
> --
> spamf...@rrohio.com
> (Remove 999 to reply to me)
*Vanguard*
Mentioned only because it is better than nothing, just like using ICS is
better than nothing (if you are using Windows XP). I couldn't tell from
your post of your level of computer expertise. I also currently use NIS2003
but have finally gotten to the point where I need to investigate more robust
and stable firewalls. NIS all too often goes brain dead. Their ccApp.exe
will refuse to permit a connection (but no errors are reported), or their
ccPxySvc.exe goes brain dead. Sometimes all connectivity is lost.
Sometimes just connectivity is lost for a particular application (and
deleting and recreating the app rule doesn't help). Many times I have to
disable NIS to get a connection to work but then reenabling it means the
connection goes dead again. Sometimes disabling NIS doesn't help, so I use
the following commands in a .bat file to unload/stop NIS and restart it:
To stop NIS:
pskill.exe ccApp.exe
net stop "Symantec Proxy Service"
net stop "Symantec Event Manager"
To restart NIS:
start "Symantec Common Client" /b "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
net start "Symantec Event Manager"
net start "Symantec Proxy Service"
pskill.exe is a utility from SysInternals that lets me kill a process by its
[partial] name rather than require a PID (process identifier found in Task
Manager). Sometimes this help to kick NIS in the butt to get it working
again (because it forces a reload of a new instances of ccApp.exe and
ccPxySvc.exe). Sometimes neither disabling NIS nor restarting it using the
batch file will help and I have to reboot. If it weren't for NIS going
brain dead every day or two (I leave my computers always up although it
might go in Standby mode), I'd stick with it. Also, Symantec assumes every
user is an idiot and cannot figure out to configure and use a proxy so it
made NIS a transparent proxy. I'd like the option to use it as a
non-transparent proxy.
*Vanguard*
> Leythos, I have a Linksys BEFSR41 router which is great IMO. I noticed
> earlier on that a poster was concerned about making sure no one could
> log into a router remotely.
Disable (don't delete) your custom firewall rules in your router and then
visit grc.com to run its Shields Up to check which ports are stealthed by
your router.
My D-Link 604 at home showed one port that wasn't stealthed which was port
113 used for the obsolete IDENT/AUTH protocol used only by some really old
mail servers (but routers don't want to get a reputation of not being
compatible with e-mail, even for old servers). So I did the trick you
mentioned of defining a route for that port to a static IP address on my
intranet that the DHCP server in the router could never possibly assign.
I have a buddy that has the Linksys BEF<something>. Might be the same as
you. His didn't fare so well on the Shields Up test. On successive tests,
different ports shows as unstealthed (and even replying "Closed" means it
isn't stealthed). However, each repeated test showed more and more ports
got stealthed, until many days later when he ran the tests and it seemed
like he was starting from scratch again. Apparently Linksys uses some
"adaptive" detection of port polling to determine which ones it will stealth
(i.e., the first attack isn't detected but subsequent ones are but
apparently this record gets expired). He downloaded and installed the
latest firmware update (which also gave him more options in controlling his
router) and the results were much better but still not solid on the first
few tests. I didn't have time at the moment to check all his settings and I
wasn't familiar with the web pages shown for configuring the Linksys.
*Vanguard*
> police? For your information, I run my own company from home so I
> have installed the valid corp edition on all my networked computers.
> Nice of you to jump to conclusions - and why the hell are you so
> personally "concerned"?
Note that I also questioned your use of the "Corporate Edition" of Windows.
In your original post, the implication was that you were asking about a
single computer. Now you are claiming to have several (which would have to
be a minimum of 5 hosts since the 5-license contract is the smallest you can
get in a volume license). Also, the only folks that I've seen refer to a
"Corporate Edition" are those that purchased just 1 copy of Windows. I
can't find any mention of "Corporate Edition" (other than for non-Microsoft
products) in a search at Microsoft. Once someone mentions "Corporate
Edition", the rest of us nod our heads knowing it is an illegally slice of
instance from a volume license (much like we nod our heads knowing the real
reason why users ask why Outlook doesn't have the slide show option that OE
used to have for picture attachments).
If you were indeed running a network of 5 or more hosts for which you
purchased a volume license then we wouldn't be talking about installing a
"personal" firewall on each of them but instead talking about a gateway or
firewall host running the firewall software through which all your intranet
hosts would make their Internet connections. Or we would be talking about a
NAT router which has a firewall in it (but, as with Windows XP ICS, only
protects against inbound initiated connections) which may prove sufficient
for you.
Trying to keep 5, or more, intranet hosts sync'ed together can result in
errors and inconsistencies. While they may perform their auto update okay
while independently protecting just the one host, you'll have to manually
define the firewall and application rules on each host for each independent
firewall program. Perhaps one of the other firewall products lets you
export their rules so you can migrate them easily to another host, but NIS
really sucks for rules as you cannot export and then import them. In
versions prior to NIS2003, you could export the portion of the registry
where the rules were stored provided you knew where they were. However,
Symantec has now encrypted them so you cannot simply export the registry
keys and import them in another instance. Getting application and web
content rules from one instance of NIS to another instance of it has always
been a sore point with that product. When I asked them about it when I was
using NIS2002, they said the export feature would appear in NIS2003. They
lied so I haven't bothered to upgrade to NIS2004. They don't consider
migration of app and web rules to be a necessary function of a "personal"
version of their firewall. Besides the instability of NIS (i.e., going
brain dead eventually), this is another reason why I'll be looking at a
different firewall. I'd like to export my settings and rules for both
applications and web content so I can restore them if (and when) I have to
uninstall NIS and reinstall it (reinstalling is often Symantec's response to
problems with their NIS product).
*Vanguard*
> I'm not sure of this either but all I know is that Atguard would block
> things that NIS let through so I'm wondering if I should run more
> than one firewall?
I'm wondering what are those additional attacks you are seeing with AtGuard.
When I see a statement like, "... please note that atguard is obsolete since
novembre 1998 ..." (http://www.firewall-net.com/en/atguard/faq.php) and
"URL: Not existant anymore, the software is still wide spread" which also
reports a
bug(http://www.blacksheepnetworks.com/security/security/bugtraq/0422.html)
then I have to wonder if the unsupported and nonupdated program isn't giving
false reports. Also, according to the 2nd link, AtGuard doesn't record a
hash code or checksum for the file of the program so you have no clue if
some malware replaced the file. Until you mentioned it, I hadn't heard of
AtGuard (aka @Guard) or maybe I've forgotten about it.
Of the firewalls that I have heard about recently, I'll be checking into:
Sygate Personal Firewall (free for Personal, $48 Pro)
Tiny Firewall ($49)
Kerio Firewall ($45)
I have to wonder if the Sygate Personal version isn't like ZoneAlarm's
freebie version, just sufficient to be usable but really a teaser version to
get you to pay for their full version.
Frank le Spikkin
> I have a Linksys BEFSR41 router which is great IMO. I noticed
> earlier on that a poster was concerned about making sure no one
> could log into a router remotely.
>
> To (hopefully) remedy this on my router, I've port-forwarded
> port 80 to a non-existant internal address. AFAIK, this is
> effectively 'stealthing' the port. Did I need to do this ?
>
No, it is configurable for a BEFSR41 router:
Logon to your router
Click Advanced - Filters
Scroll down and click:
Block Inbound Requests - Enable
Remote Management - Disable
Remote Upgrade - Disable
Click Apply
Mimic
> OK - please don't flame me for a newbie dumbass question but I have been
> searching the net for a while now without finding a clear answer to the
> following, and I am hoping you can help.
> I have recently changed from Win98SE to WinXP corp pro, running Norton
> Internet Security 2003. Under Win98 I had Atguard and BlackIce running in
> addition to NIS and I came up undetected at every security test site I
could
> find. I understand that WinXP has some (many?) holes and was wondering:
> 1. How important is it to install the SP's from MS, and what "surprises"
> should I expect from them?
# Not very as you cant use them on your pirii version of XP
> 2. What additional software should I have and/or what settings should I
> change in WinXP to be invisible on the net?
# Decent firewall, AV software, patches, common sense
> 3. Does Steve Gibson know what he's talking about or not?
# no
--
Mimic
ZGF0YWZsZXhAY2FubmFiaXNtYWlsLmNvbQ== ( www.hidemyemail.net )
"Without knowledge you have fear. With fear you create your own nightmares."
"Alzheimer's, cheaper than rohypnol"
"There are 10 types of people in the world. Those that understand Binary,
and those that dont."
"He who controls Google, controls the world".
Chuck
>On 21 Feb 2004, Leythos wrote:
>
>> Get a DSL router with NAT and then use ONE firewall application. The
>> router will block all unsolicited inbound attempts, so that's your first
>> layer (border). The personal firewall will block outbound.
>
>I'm a bit confused by this router stuff. I have a cable connection to
>a single home computer running Win98SE. Gibson's site says I'm
>stealthed using free ZoneAlarm. Should I have a router? Is it
>straightforward to configure with a cable modem for someone who
>knows little about these things?
The whole issue about "stealth" simply says that your router or
computer doesn't reply to say "no connection available here", which
would verify to a potential hacker that there is a computer at your ip
address.
Hackers or otherwise hostile agents, that don't care whether there is
anything at your ip address, will attempt to hit you anyway. The
whole issue of "stealth" became less important on January 25, 2003.
http://www.wired.com/wired/archive/11.07/slammer_pr.html
Slammer didn't check for anything at a given ip address. It just sent
itself to that address. It infected 90% of its potential targets in
10 minutes, by simply not caring what it was invading.
Blaster continues to infect hosts constantly. Look at any of the
Microsoft.public.*.* discussion groups, every day somebody asks about
their computer shutting down with "NT Authority..." or "RPC Call...".
http://www.microsoft.com/security/incident/blast.asp
If your computer is vulnerable to an attack, and a Blaster or Slammer
type worm is sent in your direction, you WILL be infected. Stealth or
not.
Stealthing yourself is a good idea. But it does not replace a good
layered defense. Each layer is necessary because no layer produces
complete protection.
The first layer is a NAT router (hardware firewall).
The second layer is a software firewall.
The third layer is good software. This layer contains many parts.
AntiVirus protection.
Adware / spyware protection.
Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/
Harden your operating system. Check at least monthly.
http://windowsupdate.microsoft.com/
The fourth layer is common sense. Yours. Don't install software
based upon advice from unknown sources. Don't install free software,
without researching it carefully. Don't open email unless you know
who it's from, and how and why it was sent.
The fifth layer is education. Know what the risks are. Stay
informed. Read Usenet, and various web pages that discuss security
problems. Check the logs from the other layers regularly, look for
things that don't belong, and take action when necessary.
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
Gladys Pump
alt.computer.security newsfroup, articulated the following sentiments :
>On Sat, 21 Feb 2004 23:05:56 +0000, S.B. <s...@acs.inv> wrote:
>
>>On 21 Feb 2004, Leythos wrote:
>>
>>> Get a DSL router with NAT and then use ONE firewall application. The
>>> router will block all unsolicited inbound attempts, so that's your first
>>> layer (border). The personal firewall will block outbound.
>>
>>I'm a bit confused by this router stuff. I have a cable connection to
>>a single home computer running Win98SE. Gibson's site says I'm
>>stealthed using free ZoneAlarm. Should I have a router? Is it
>>straightforward to configure with a cable modem for someone who
>>knows little about these things?
>
>The whole issue about "stealth" simply says that your router or
>computer doesn't reply to say "no connection available here", which
>would verify to a potential hacker that there is a computer at your ip
>address.
<snip good post>
Thanks for that Chuck. Made very interesting reading.
Regs, Pete.