Home
Gear


 

Field Guide
Outpost and EZ Firewalls

Necessity is the mother of invention, or in this case need. I fought a war at the Russian front and won. Took three days and countless brain blasts and lack of sleep to counter the attacks. Why the "Russian front" analogy you ask? Well the site I stumbled was from Russia and loaded an automatic dialer with a virus attached. The virus in this case is win32.myss or variant. I have to get my cable box within finger shot so I can close a connection at the first sight of a volley. Up until a few days ago I didn't believe much in the virus threats. Well that has changed. So what does win32.myss do? It in itself is the Trojan horse. With it comes an execute, in this case syshosts.exe and as I had them on the run, their computer then loaded surte.exe/cute. With all that said we'll suit up the gear.

eTrust EZ Antivirus scan

This is the scan utility. This you will want to do first to scan for viruses you may have. Seen here I have highlighted "System Volume Information". That is where the registry edited items were and where the Russians placed their Trojan.

EZ Firewall log viewer

This is the Log Viewer which will show IP's and Pings. If you receive more than a share of pings from an IP, you can highlight it and press "ad to zone" in the right lower corner.

EZ Firewall configuration utility

Before I knew what I was doing on the curve I had these blocked, yet unsuccessfully with Outpost. But why Outpost then?

Outpost DNS Cache window

For compatibility reasons you can run outpost in disable mode and let EZ Firewall do the rest. But as you can see here, the DNS Cache lists URL's as well as the IP. With this combination of tools you will not need to use
samspade.org as much. If you see an IP and URL that pings your PC frequently, write down the IP and URL and use the add>> button in EZ Firewall. If done succesfully it should not show up in Outpost any longer, which was the case with the sites in EZ Firewall window above. They were registering every 20 seconds in the DNS Cache of Outpost no matter what I did within that tool. However I am happy to say that EZ Firewall all but closed the door on them. With that said they should not be able to access my static IP again. I mentioned Sam Spade. Where does this tool fit in?

Well let us take for instance one of the attacking IP/Urls above, in this case man.cykahax.com here