Is or are there any known conflicts or problems with the Windows XP SP2
Firewall disabled with a LinkSys WRT54G/GS wireless router firewall enabled?

I have had some remote attacks against my Windows XP systems and one
successful remote login. The local ISP's support group speculated that
there may be a conflict or problem with the above set up because this is
a pattern they noticed when this type of problem has been reported to
them. The ISP's support group is not implying this a known problem, but
a pattern they noticed.

Mark wrote:

> Is or are there any known conflicts or problems with the Windows XP
> SP2 Firewall disabled with a LinkSys WRT54G/GS wireless router
> firewall enabled?
>
> I have had some remote attacks against my Windows XP systems and one
> successful remote login. The local ISP's support group speculated
> that there may be a conflict or problem with the above set up because
> this is a pattern they noticed when this type of problem has been
> reported to
> them. The ISP's support group is not implying this a known problem,
> but a pattern they noticed.

Not that I know of, but you should not rely on the wireless router as a
firewall. You still need a software firewall or a far more heavy-duty
hardware firewall than what is provided by a simple router.

Malke
--
MS-MVP Windows User/Shell
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic"

Mark wrote:

> Is or are there any known conflicts or problems with the Windows XP SP2
> Firewall disabled with a LinkSys WRT54G/GS wireless router firewall
> enabled?
>
> I have had some remote attacks against my Windows XP systems and one
> successful remote login. The local ISP's support group speculated that
> there may be a conflict or problem with the above set up because this is
> a pattern they noticed when this type of problem has been reported to
> them. The ISP's support group is not implying this a known problem, but
> a pattern they noticed.
>

This is likely a weak configuration issue. On the XP PCs I would use a
3rd party firewall (XP firewall is one-way only), disable Remote
Assistance and any unused network protocols. Since your security has
already been comprimised I highly reccomend you change all account
passwords including the Administrator password on all your machines and
check for trojans, viruses, etc. with up to date a/v tools.

From LinkSys about that model:

"To protect your data and privacy, the Wireless-G Broadband Router can
encode all wireless transmissions using 128-bit WEP encryption, and also
supports industrial-strength Wi-Fi Protected Access™ (WPA) wireless
security. The Router protects your PC from most known Internet attacks
with a powerful Stateful Packet Inspection firewall. It can also serve
as a DHCP Server, supports VPN pass-through, and can be configured to
filter internal users' access to the Internet. And even with all this
power, set up is a snap with the web browser-based configuration utility."

Make note of the words "CAN encode" and "CAN be configured". It doesn't
mean it IS. Consult the documentation.

Steve

On 11/21/2004 12:38 PM, Steve N.:
> Mark wrote:
>
>>Is or are there any known conflicts or problems with the Windows XP SP2
>>Firewall disabled with a LinkSys WRT54G/GS wireless router firewall
>>enabled?
>>
>>I have had some remote attacks against my Windows XP systems and one
>>successful remote login. The local ISP's support group speculated that
>>there may be a conflict or problem with the above set up because this is
>>a pattern they noticed when this type of problem has been reported to
>>them. The ISP's support group is not implying this a known problem, but
>>a pattern they noticed.
>
> This is likely a weak configuration issue. On the XP PCs I would use a
> 3rd party firewall (XP firewall is one-way only), disable Remote
> Assistance and any unused network protocols. Since your security has
> already been comprimised I highly reccomend you change all account
> passwords including the Administrator password on all your machines and
> check for trojans, viruses, etc. with up to date a/v tools.

I have two Windows XP computers; the first computer with Windows XP Home
Edition SP2 and second computer with Windows XP Professional SP2. Both
computers have no viruses, spyware, etc. found. Strangely when the
first computer gets turned on, it causes lots of traffic on the LinkSys
WRT54GS router and the traffic does not go out on the DSL connection.
Seems like the first computer attacks the LAN connection and not the
Internet connection. When the first computer gets turned off from a
proper shut down of Windows XP, the traffic goes away. When Internet
Explorer 6 SP2 runs on the system, the Internet connection is very slow
including the overall system performance.

On the first computer, the problematic computer, where Norton AntiVirus
2004 exists and always fully updated, Norton AntiVirus 2004 does not
find any virus, trojan, worm, etc. infections. The first computer is
free of viruses based on Norton AntiVirus 2004 full system scans.
Spybot Search and Destroy also runs on the first computer with all
updates installed and Spybot does not find any spyware.

Whatever is occurring on the first computer has not affected (and
infected) the second computer. When the first computer runs Mozilla
Firefox 1.0, there is no additional traffic than there is when the first
is on. There is something in Windows XP Home Edition SP2 causing an
increased traffic when Internet Explorer 6 SP2 runs on the system.

The first system is not always in use and I leave it turned off. The
second system is my primary system and its always in use.

All software has been scrupulously installed on these systems to avoid
spyware, viruses, tracking, etc.

Mark wrote:

> On 11/21/2004 12:38 PM, Steve N.:
>
>> Mark wrote:
>>
>>> Is or are there any known conflicts or problems with the Windows XP
>>> SP2 Firewall disabled with a LinkSys WRT54G/GS wireless router
>>> firewall enabled?
>>>
>>> I have had some remote attacks against my Windows XP systems and one
>>> successful remote login. The local ISP's support group speculated
>>> that there may be a conflict or problem with the above set up because
>>> this is a pattern they noticed when this type of problem has been
>>> reported to them. The ISP's support group is not implying this a
>>> known problem, but a pattern they noticed.
>>
>>
>> This is likely a weak configuration issue. On the XP PCs I would use a
>> 3rd party firewall (XP firewall is one-way only), disable Remote
>> Assistance and any unused network protocols. Since your security has
>> already been comprimised I highly reccomend you change all account
>> passwords including the Administrator password on all your machines
>> and check for trojans, viruses, etc. with up to date a/v tools.
>
>
> I have two Windows XP computers; the first computer with Windows XP Home
> Edition SP2 and second computer with Windows XP Professional SP2. Both
> computers have no viruses, spyware, etc. found. Strangely when the
> first computer gets turned on, it causes lots of traffic on the LinkSys
> WRT54GS router and the traffic does not go out on the DSL connection.

Might be trying to get out on the I-net but the firewall on the LinkSys
may be blocking it (which is a good thing but the attempts would still
show on the LAN).

> Seems like the first computer attacks the LAN connection and not the
> Internet connection. When the first computer gets turned off from a
> proper shut down of Windows XP, the traffic goes away. When Internet
> Explorer 6 SP2 runs on the system, the Internet connection is very slow
> including the overall system performance.

Another indication of possible crapware infections.

>
> On the first computer, the problematic computer, where Norton AntiVirus
> 2004 exists and always fully updated, Norton AntiVirus 2004 does not
> find any virus, trojan, worm, etc. infections. The first computer is
> free of viruses based on Norton AntiVirus 2004 full system scans.

Most standard a/v products do not generally detect adware/spyware, even
though many are classified as "trojans".

> Spybot
> Search and Destroy also runs on the first computer with all updates
> installed and Spybot does not find any spyware.
>
> Whatever is occurring on the first computer has not affected (and
> infected) the second computer. When the first computer runs Mozilla
> Firefox 1.0, there is no additional traffic than there is when the first
> is on. There is something in Windows XP Home Edition SP2 causing an
> increased traffic when Internet Explorer 6 SP2 runs on the system.
>
> The first system is not always in use and I leave it turned off. The
> second system is my primary system and its always in use.
>
> All software has been scrupulously installed on these systems to avoid
> spyware, viruses, tracking, etc.

Download Ad-aware from Lavasoft, install it, update it and scan on the
problem PC (in Safe Mode if necessary). Ad-aware seems to find a lot
more problems than Spybot S&D does lately and these problems can and do
create an awful lot of network traffic. Other adware/spyware tools are
StartupList, Hijackthis and CWShreader. Worth looking into, read the
docs before using.

Install one of the many freeware software firewalls available (Zone
Alarm and Kerio for example) which will help monitor/block traffic
originating at the PC in question in addition to incomming traffic. The
WinXP SP2 firewall, although not a bad thing, can only deal with
incoming traffic at the PC where it is employed, it does not monitor
outgoing traffic from the machine on which it is running at all.

Good luck and keep us posted.

Steve