Router/Internet Question


  #1  
Old 01-11-06, 02:53 PM
E
Member
Thread Starter
Join Date: Mar 2002
Location: Ontario, Canada
Posts: 587
Received 0 Votes on 0 Posts
Router/Internet Question

After an invasion of Trojans last week (cleaned out now), it has been suggested that I make sure I have a 'dynamic IP' as opposed to a 'static IP' set up. I know roughly what this means but don't know how to check it. WANs & LANs confuse me. I was under the impression that the dynamic/static selection was determined/dictated by my ISP (Shaw Cable, in my case).

How do look at the settings on my router? Do I have to use the setup CD that came with it? (I can't find it in Control Panel).
 
  #2  
Old 01-11-06, 03:00 PM
gorth97's Avatar
Member
Join Date: Oct 2005
Location: San Diego
Posts: 149
Received 0 Votes on 0 Posts
Originally Posted by Editor
After an invasion of Trojans last week (cleaned out now), it has been suggested that I make sure I have a 'dynamic IP' as opposed to a 'static IP' set up. I know roughly what this means but don't know how to check it. WANs & LANs confuse me. I was under the impression that the dynamic/static selection was determined/dictated by my ISP (Shaw Cable, in my case).

How do look at the settings on my router? Do I have to use the setup CD that came with it? (I can't find it in Control Panel).
If you're using a switch/router of some type then check if you're setup for "DHCP". If you are, you're on dynamic IPs.

If you're connected directly to the modem, then check your network properties for the same thing.

Even if you're using DHCP sometimes your IP addresses rarely changes.
 
  #3  
Old 01-11-06, 03:32 PM
R
Member
Join Date: Jan 2006
Location: Alberta.
Posts: 74
Received 0 Votes on 0 Posts
I live in edmonton and use shaw's extreme service and I love it

If you're a home user or else you've specifically requested a static IP address, then you are definitely running on a dynamic IP. Shaw does not give them out automatically.

What make/model of router/firewall do you have?

The typical "off the shelf" firewalls, have a given address of 192.168.0.1, 192.168.1.1 or 192.168.2.1. These are the different subnets. To find out what internal IP address you have, you can click on the start button, click on run... type in cmd (or command in the case of windows 98) then press enter.

Type ipconfig /all in the black box that appears. The first set of numbers should be your internal IP. Take the number listed under the "default gateway" and put that into internet explorer's address bar and you'll get access. You'll need the username and password to enter the router settings. You can find the default username/password in the user manual.
 
  #4  
Old 01-11-06, 04:10 PM
R
Member
Join Date: Sep 2003
Location: Central New York State
Posts: 13,970
Received 0 Votes on 0 Posts
Whether or nbot your PC has a static or dynamic IP address is irrelevant. It's the static or synamic IP address assigned to your router by your ISP that would be important. However, that is not important either.

You need a decent firewall, both hardware and software. Forget the discussion of IP addresses.
 
  #5  
Old 01-11-06, 04:15 PM
tae's Avatar
tae
tae is offline
Member
Join Date: Nov 2002
Posts: 2,467
Received 0 Votes on 0 Posts
After an invasion of Trojans last week (cleaned out now), it has been suggested that I make sure I have a 'dynamic IP' as opposed to a 'static IP' set up.
Won't make a bit of difference.
check out the list of programs in my signature, and use a few of them.
 
  #6  
Old 01-12-06, 05:21 PM
E
Member
Thread Starter
Join Date: Mar 2002
Location: Ontario, Canada
Posts: 587
Received 0 Votes on 0 Posts
Originally Posted by rhynes
I live in edmonton and use shaw's extreme service and I love it
Yup, can't beat the speed :-)

Originally Posted by rhynes
If you're a home user or...
Yes, just a home user with very little understanding of networking As I said, I had cleaned the viruses/spyware out of my machine & switched from IE to Firefox. Things ran good but when occasionally I would run IE to look up an old web page, my AVG (tae: I also run Zone Alarm, Spybot S & D & AdAware) would immediately catch a new Trojan trying to get in! When I told my friend about the situation, he suggested that I might have a Static IP and that this address was now known by some hacker. I listen to ALL advice (that's why I hang around here so much but I don't pretend to understand it all.

What make/model of router/firewall do you have?
Its an SMC Barricade. Thanks for the reminder ... typing in the address to get access. It has been a while since I installed it & I forgot that part. It took me a day of looking for the manual before I remembered that it was on a CD! Some time in the past, I reset the router. It has been running all this time with NO PASSWORD. Would that be part of my recent predeliction to infestation?

When I got access (and set a password), I noted that the firewall section of the router is set to 'disable'. I can't remember if there was a reason for that; I used the Dummies Setup Wizard that was supplied and just answered questions. It seems to me that Shaw Cable had something to do with that but I'm not sure. Should I enable the router firewall?
 
  #7  
Old 01-15-06, 08:08 PM
L
Join Date: Jan 2006
Posts: 4
Received 0 Votes on 0 Posts
I believe the SMC URL is http://192.168.2.1 for the admin console.

I would enable that firewall. That will help keep out some of the trojans. If anything needs to be done for your high speed access, the most may be making some ports open. There is probably a routing tab some where where u can open up ports in your firewall to allow communication through. I know my high speed access doesnt require any special ports to be opened.

Also I am not sure if your router is wifi router to, but either way I would limit the number of DHCP address you give out. I usually give as many addresses as PC's on my network. Specially if you are running wifi this keep any nosey neighbors from being able to obtain and IP address unless they are war driving and scanning mac addresses etc.

Also definitely set up a password on that router. I cant tell you have many people leave their routers with no password or the default. Most hackers / etc can usually just rattle off all the router URLs' and default passwords. So change it to something.
 
  #8  
Old 01-15-06, 10:32 PM
tae's Avatar
tae
tae is offline
Member
Join Date: Nov 2002
Posts: 2,467
Received 0 Votes on 0 Posts
it sounds more like you have a rogue program on your computer linked to internet explorer. if it was something coming in that you did not ask for, your zone alarm should catch it, not avg. if it was "some hacker" it wouldn't make any difference whether you were using ie or firefox. you could try to use zone alarm to disable the internet (lock out) and then try to use ie. if something pops up, you know it's on your computer. This would not be a difinitive test, by the way. what does avg tell you exactly?
 
  #9  
Old 01-16-06, 10:39 AM
E
Member
Thread Starter
Join Date: Mar 2002
Location: Ontario, Canada
Posts: 587
Received 0 Votes on 0 Posts
Originally Posted by lostinthewoods
I believe the SMC URL is http://192.168.2.1 for the admin console.
Yes, once I found the manual everything became clear.

Also definitely set up a password on that router.
Done.

Thanks Lost
 
  #10  
Old 01-16-06, 10:52 AM
E
Member
Thread Starter
Join Date: Mar 2002
Location: Ontario, Canada
Posts: 587
Received 0 Votes on 0 Posts
Originally Posted by tae
it sounds more like you have a rogue program on your computer linked to internet explorer.
Yes, I think so too. No problems, alerts or warnings for the past few days so I think I'm in the clear.

... by the way. what does avg tell you exactly?
The alert would show 'Trojan Uploader found'. A scan would find & delete it with no trouble.

Note: (regarding some past advice you have given me) I have since found how to boot in SAFE MODE using msconfig/BOOT.INI/SAFE BOOT (I was using the F8 key on startup without success)

A scan in SAFE MODE a couple of days ago did find another Trojan virus so I am thinking my machine is now clean.
 
  #11  
Old 01-17-06, 11:13 AM
R
Member
Join Date: Jan 2006
Location: Alberta.
Posts: 74
Received 0 Votes on 0 Posts
Cheap firewalls won't prevent or cut down on trojans or viruses...

It will however block the numerous worms that are out there as long as it's set up right. Worms do not need a carrier, they can scan the internet for open systems from any infected machine.

Trojans and viruses need a carrier, like internet websites and email. As long as you initiate the connection, you're vulnerable. If you get a virus or trojan, you're definitely going to be vulnerable. If you're infected with a virus and that virus can access the internet, then it's generally an automatic hack as the virus will go looking for the hacker. Viruses will typically download and install some form of remote access software to give the hacker direct access to your system. This can be a straight up remote desktop software, ftp, vnc etc. The virus will attempt to disable any antivirus and firewall software you have. In this way it does not matter if you have a dynamic or a static IP as there's always constant communication between the two.

The main advantage with the higher end firewalls is the outbound blocking. It doesn't protect you from getting the viruses/trojans, but it will block their access to the internet as long as the firewall is configured for outbound restrictions. If the virus can't access the internet, you cannot get hacked. A good firewall provides network quarantine. Properly secured companies will have a good firewall with an inline proxy, but this is not cheap for the average user.

The main downfall of the software firewall is that if the user allows the virus access to the internet, then you've just granted a hack. How many times to you get notification from softwares like zonealarm asking if you want to allow a program to have internet access? How does the general user know what's a virus and what's not?

I've taken on a few clients over the years that had static IP addresses and no knowledge of security or antivirus software. One client in particular was running out of room on his 100 gig server and couldn't figure out why. When I checked the server, he had been infected for over a year and the warez community was using his server and extreme high speed connection as an ftp server. When the smoke cleared I had over 70 gigs of games and movies His IP didn't change, and therefore was left wide open for ftp access. His business account had unlimited bandwidth so the ISP wasn't keeping an eye on his usage.

There are a couple of router/firewalls that allow outbound blocking. I use the
D-link DI-604, very basic, about $40 and it works well, lots of bang for the buck so to speak. I'd prefer to have a cisco pix but the $700 and up price tag is a deterrent.
 
  #12  
Old 01-17-06, 02:39 PM
E
Member
Thread Starter
Join Date: Mar 2002
Location: Ontario, Canada
Posts: 587
Received 0 Votes on 0 Posts
Thanks for the info rhynes. From the sound of what you say, there is not much more the average user (me) can do, other than running Zone Alarm, AVG, etc. (the affordable stuff).

What I notice is that these days I am spending more & more time maintaining my computer & less time actually doing something with it. I wonder if I still have that old Commodore PET 16 lying around somewhere? Never had this kind of trouble with that
 
  #13  
Old 01-17-06, 02:56 PM
R
Member
Join Date: Jan 2006
Location: Alberta.
Posts: 74
Received 0 Votes on 0 Posts
There's always something the end user can do... 3 words

education, education, education. You don't need to be a specialist or a rich man to cover your butt on the internet. General reading (if the interest is there) and asking questions is the way to go. Even us techies had to learn from scratch

I have one friend who's constantly surfing adult sites and consequently always has trojans, viruses and spyware. I refuse to clean his computer anymore. Kids (and some adults) surfing game sites for cracks and cheats are also a prime candidate for infections.

I personally surf alot of hacker sites (on a separate computer of course) to keep up on what's going on. I need to tho, security is a big part of my job. I play with fire by surfing these sites and I get viruses and trojans too. Fortunately, I can just do a quick re-image of my other computer and i'm back online again.

When you have time, grab a coffee and read this:
http://www.grc.com/dos/grcdos.htm
It deals with the zombie, the basis of most of the current viruses on the go today. There hasn't been really any new virus technology, they're mostly variations based on this one trojan. I was infected with the zombie for 3 months and had no idea til steve put this article out.

There's alot of other great reading on steve gibsons site too.
 
  #14  
Old 01-23-06, 07:13 AM
E
Member
Thread Starter
Join Date: Mar 2002
Location: Ontario, Canada
Posts: 587
Received 0 Votes on 0 Posts
Yes, interesting reading, as were a couple of other articles I found on the site. Of course, having said that, I will now only turn on my computer & connect to the net after I have donned my HAZ-MAT suit and tinfoil cone hat!

I don't pretend to understand all of what you or Steve Gibson refer to but it is education & education is good.
 
 

Thread Tools
Search this Thread
 
Ask a Question
Question Title:
Description:
Your question will be posted in: