Firewall parameters and PC security

In summary: If you're not familiar with them, they are like phone lines that are connected to your computer. For example, if you and another person were talking on the phone, your phone might be connected to line 1 and their phone might be connected to line 2. The port numbers are similar in that they allow different types of network traffic (internet data) to flow through them. Port 80 is used for unencrypted web browsing while port 443 is used for encrypted web browsing. Other common port numbers include 21 for FTP (file transfer), 22 for SSH (secure login), and 443 for SMTP (email). These numbers are important because they are used by different protocols to transmit information
  • #1
mech-eng
828
13
I have installed an antivirus. But one day I realized that somebody was controlling my PC. Then I installed a firewall. There are lots of attempts to my PC which are recoreded in the firewall. I am very confused why these are happening and who they are, how they can do this. Now some important performance issues has started. I do not know if I am secure. How can I completely be sure that my PC is secure? Can firewall stop all attempts. I did a full system scan. There is no virus or other malevolent programs. I use a wlan and how can I be sure if somebody is in my wlan? How can I close dangerous ports through which they can access to my PC?
firewall.png
 
Computer science news on Phys.org
  • #3
What are those "route", "incoming", "outgoing" in the firewall?

Thank you.
 
  • #4
Addresses that start with 192.168.1 are addresses within your own LAN and usually are nothing more than internal software communication. From the limited image, it looks like there are two main computers on your network - one at 192.168.1.1 and one at 192.168.1.44. I suspect that 1.1 is your computer but that's just a guess. Incoming and outgoing traffic within the network is generally harmless. The 30,000 and 60,000 range port numbers are a little odd but it's hard to know without more info.
 
  • Like
Likes jedishrfu, fluidistic and mech-eng
  • #5
http://whatismyipaddress.com/ip/8.8.4.4 is a Google address so that looks harmless. The http://whatismyipaddress.com/ip/212.4.153.164 address is a server in the Czech Republic and port 80 means that you're connected through a web browser so it looks like you were viewing a page at a site hosted in that country when you took the screenshot.
 
  • Like
Likes WWGD, jedishrfu and fluidistic
  • #6
If you want a good scare, open up a dos window and type netstat -ano. This will show a (long) list of all of the current network connections on your computer. Any entries that have 0.0.0.0, 127.0.0.1, [::], or a variation of 192.198.1.x for the local and foreign address (both sides) are typically harmless. If you get something outside of that, you might have something to worry about.

Here are a few examples from running it on my computer.
Code: 
Proto   Local Address         Foreign Address   State         PID
TCP      192.168.1.151:61057  192.168.1.155:22  ESTABLISHED   1475
TCP      127.0.0.1:27017      0.0.0.0:0         LISTENING     1475
TCP      [::1]:27017          [::]:0            LISTENING     1475

192.168.1.151 is my computer's LAN address and 192.168.1.155 is the LAN address of my Raspberry Pi. I have a Putty session connected to the Pi which allows me to run commands on the Pi in a DOS-like window. My Putty session is connected through port 22. The second and third lines reference a tunnel that I've established through the Putty session that allows me to talk to a Mongo database on the Pi as if it was located on my computer. Mongo listens to requests on port 27017. The PID (Process ID) is the same PID that you would see if you open your computer's Task Manager and select the Processes tab.
 
Last edited:
  • Like
Likes WWGD, jedishrfu and mech-eng
  • #7
It seems we will be able to solve these issues.
Borg said:
Any entries that have 0.0.0.0, 127.0.0.1, [::], or a variation of 192.198.1.x for the local and foreign address (both sides) are typically harmless. If you get something outside of that, you might have something to worry about..

How can we know that those addresses are harmless?
Borg said:
Here are a few examples from running it on my computer.

Proto Local Address Foreign Address State PID
TCP 192.168.1.151:61057 192.168.1.155:22 ESTABLISHED 1475
TCP 127.0.0.1:27017 0.0.0.0:0 LISTENING 1475
TCP [::1]:27017 [::]:0 LISTENING 1475

What are other numbers after coming 151, i.e 61057 and after 155, i.e 22?

Borg said:
192.168.1.151 is my computer's address and 192.168.1.155 is the address of my Raspberry Pi.
. How can you understand this?

Thank you.
 
  • #8
mech-eng said:
How can we know that those addresses are harmless?
It is software that is running on your computer (0.0.0.0, 127.0.0.1, [::], or a variation of 192.198.1.x as described above). As long as they aren't trying to connect to the internet through ports other than 80 (unencrypted) or 443 (encrypted), they're most likely harmless.
mech-eng said:
What are other numbers after coming 151, i.e 61057 and after 155, i.e 22?
Those are port numbers. If you're not familiar with them, they are like phone lines that are connected to your computer. For example, if you and another person in your house wanted to talk on the phone to different people at the same time, you would need two phone lines (or ports) to the outside world. Your computer is continually establishing and destroying these ports based on the needs of the software running on it. Yes, even for internal communication.
mech-eng said:
How can you understand this?
Lots of experience. :oldwink: I'm not a sysadmin but I do end up dealing with it a lot.
 
Last edited:
  • Like
Likes jedishrfu
  • #9
Here are a few more details that I've run across over the years.

ADDRESSES:
0.0.0.0 A non-existent or dummy address that does not refer to anything on the network

127.0.0.1 "Self." That is the current computer (some programs are structured to talk with other parts of themselves using this conceptual net address)

192.168.x.x Defines a private network that does not connect to the Internet; it is usually the default for your home (private) network for instance

192.168.1.1 The default address for the router on your home network

192.168.1.x The individual devices on your home network. Usually these default address assignments are done by your router

There is another private address range that may be used instead of 192.168.x.x. I don't remember for sure, but I think it starts with 24.?.x.x
mech-eng said:
I use a wlan and how can I be sure if somebody is in my wlan?
First read the manual/documentation for your router. Somewhere the will be a reference about "Connected Devices" or similiar.

Open your browser and in the URL field (address field) enter 192.168.1.1 This is the default address to talk to your router. (If that doesn't work, find the dafault address in the documentation.)

DO NOT CHANGE ANY ROUTER SETTINGS WITHOUT BEING SURE YOU KNOW WHAT YOU ARE DOING AND WHY. It is possible to disable connectivity between the router and all of your devices. If this happens you will have to find in the documentation how to reset the router to "Factory Defaults" and then start over and reconfigure your network. This may require a wired (Ethernet) connection to the router.

Once the router screen shows up in the browser, follow the documentation instructions to display the Connected Devices. This will display a list of all the devices that are currently connected to your network. If something is shut off or out of range it will not be listed.

Well that's about all I know about it, and... Welcome to the maddening inner workings of networks. You can spend years looking into all the non-obvious details, most of us don't bother.
 
  • #10
Tom.G said:
Once the router screen shows up in the browser...
It might look something like this... my old one.

Basic Setup.JPG

As Tom.G said...
It is possible to disable connectivity between the router and all of your devices. If this happens you will have to find in the documentation how to reset the router to "Factory Defaults" and then start over and reconfigure your network.
I did... just once, though. [COLOR=#black]..[/COLOR] lol
 
  • #11
Tom.G said:
0.0.0.0 A non-existent or dummy address that does not refer to anything on the network
0.0.0.0 can indicate a local listener.

When you say firewall, do you mean the "Windows Firewall" or a physical device (The firewall is not the same object as the switch/router.) My firewall looks like this
https://4.imimg.com/data4/BP/AB/MY-638336/cyberoam-firewall-box-500x500.jpg
 
  • #12
newjerseyrunner said:
0.0.0.0 can indicate a local listener.

When you say firewall, do you mean the "Windows Firewall" or a physical device (The firewall is not the same object as the switch/router.) My firewall looks like this
https://4.imimg.com/data4/BP/AB/MY-638336/cyberoam-firewall-box-500x500.jpg
I presumed the firewall would be software, rather than a physical device.
 
  • #13
mech-eng said:
I have installed an antivirus. But one day I realized that somebody was controlling my PC. Then I installed a firewall. There are lots of attempts to my PC which are recoreded in the firewall. I am very confused why these are happening and who they are, how they can do this. Now some important performance issues has started.

Unfortunately I can only guess what's happening in your logs without the "Destination IP" column being in view, it's like trying to understand a phone conversation by hearing one side of the conversation. I'll try to address the different questions you posed separately.

I do not know if I am secure. How can I completely be sure that my PC is secure?
You can never really be sure a networked computer is secure, the best you can do is take precautions, the most important being to backup you data to an external disk and store it somewhere else safe. See these recommendations from US-CERT for more internet security best practices.

Can firewall stop all attempts.
A firewall will stop all attempts that are not configured to be allowed. I suggest NOT changing the default rules if you don't have a solid grasp on network routing and packet filtering.

I use a wlan and how can I be sure if somebody is in my wlan?
You should be able to see all connected Wi-Fi devices when you log into your access point or router.

How can I close dangerous ports through which they can access to my PC?
You have done this by installing a software firewall.

What are those "route", "incoming", "outgoing" in the firewall?

ZoneAlarm doesn't define what the connection type "Route" means in their documentation, but I can infer it to mean connections your computer recently initiated, but are no longer valid for various reasons.

"Incoming" means connections initiated by another system to your computer.

"Outgoing" means connections initiated by your computer to another system.
 
  • Like
Likes mech-eng

1. What is a firewall and why is it important for PC security?

A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between your computer and the internet, protecting it from unauthorized access and potential threats. Without a firewall, your PC is vulnerable to attacks and data breaches.

2. What are the different types of firewall parameters and how do they work?

The three main types of firewall parameters are network, transport, and application. Network parameters filter traffic based on the source and destination IP addresses, transport parameters use port numbers to control access to specific applications, and application parameters analyze the content of data packets to determine if they should be allowed or blocked. These parameters work together to provide comprehensive protection for your PC.

3. How can I ensure that my firewall is properly configured?

To ensure that your firewall is properly configured, you should regularly review and update the security rules and settings. This includes allowing only necessary network traffic, blocking suspicious IP addresses, and monitoring for any unauthorized access attempts. It is also important to keep your firewall software up to date to protect against new threats.

4. Can a firewall protect my PC from all types of cyber attacks?

While a firewall is an essential part of PC security, it cannot protect against all types of cyber attacks. It is important to have other security measures in place, such as antivirus software and regular software updates, to fully protect your PC. Additionally, staying vigilant and practicing safe internet habits can also help prevent cyber attacks.

5. Are there any potential risks or drawbacks of using a firewall?

There are some potential risks and drawbacks of using a firewall, such as false positives and false negatives. False positives occur when the firewall blocks legitimate traffic, while false negatives occur when the firewall allows malicious traffic. This can be mitigated by regularly reviewing and adjusting the firewall settings. Additionally, a firewall can also slow down network traffic, but the benefits of increased security outweigh this potential drawback.

Similar threads

Transferring data wirelessly between phone and PC
    • Computing and Technology
Replies
3
Views
1K
Security problems with my home PC
    • Computing and Technology
Replies
12
Views
2K
Bluetooth malfunctioning in Ubuntu 20.04 laptop
    • Computing and Technology
Replies
15
Views
4K
Using Word for Equation Editing
    • Computing and Technology
Replies
15
Views
1K
My Avast Premium Security Gives Me This Scary Message
    • Computing and Technology
Replies
7
Views
1K
How Do I Remove Spyware and Prevent Future Infections?
    • Computing and Technology
Replies
24
Views
4K
How can I set up remote assistance software without configuring firewall rules?
    • Computing and Technology
Replies
2
Views
1K
What do you do with obsolete technology?
    • Computing and Technology
2
Replies
45
Views
6K
Trouble installing MySQL on Ubuntu 20.04 — asks for root password
    • Computing and Technology
Replies
6
Views
6K
MS Tech Support phone scam victim
    • Computing and Technology
Replies
24
Views
3K

Hot Threads

Recent Insights

Back
Top