virus using IIS on a local broad band cnx

sfullman

Hi There,

I just installed PHP and mySQL on my Windows 2000 Workstation. I'm running IIS and not Apasche (like I am on my managed server with my ISP).

The problem is, last time I did this 2 years ago, I got a virus because apparently I'm open to the world through my broadband connection. It was a virus or worm that put tons of junk files all through my system.

Is there any quick way to secure the system?

Thanks

drag0n

may closing all un necessary ports? get a firewall? lolz
I suggest you pick up a book about Network security or just switch to *nix?

weekender

i'm on ntl broadband, and have used both IIS and apache. Right now, i use apache for http and IIS for ftp access to my comp while i'm away.

I use a four port Netgear RP612 v2 switch, which has a built-in firewall and is controllable over the web. This was £48 (about $70, i think). Then I use McAfee antivirus v7, which comes with a software firewall (although I didn't install that, for some reason 😕 )

apart from that it's common sense. Don't open attachments in emails unless you can verify the source blah blah don't look at porn on the web, don't click yes when install boxes appear while browsing porn and all the rest.

sfullman

I'm VERY careful when browsing and NEVER open attachments from an unknown source. When I got that virus two years ago it was my first and only experience with this.

Obviously, running a web server on my computer makes people able to ping me through my broadband ISP. I would have thought you couldn't access through a dynamic IP but I guess that's the nature of network connectivity.

Would a simple safe solution be just to find out who IIS thinks I am when I'm browsing (i.e. my local IP port), and limit traffic to only this IP? Would this effectivley shut the door on my ISP's IP address it assigns?

Meanwhile I'll check out the firewall stuff when I get off of "vacation" (which is blurred when I have my laptop anyway :-)

Thanks!
Sam

weekender

well when you are browsing, the IP you present is your ISP assigned IP. So if you are browsing a site which collects 'anonymous' stats such as IP, someone who gains this can then send you NET SEND messages (those annoying windows pop-ups, which you can turn off), run a denial of service attack on you, do anything really.

When you're behind a hardware firewall, each computer behind it has an address which is only valid in your network. All pings to your ISP ip will go to your firewall. You can set up port forwarding, so if someone wants to get to port 80 (http), you can forward them on to a computer behind the firewall (only for that service). You can set this up for any port, and it's useful for all sorts of things from Quake to FTP.

You can also set up a DMZ (de-militarised zone) - which is a computer behind your firewall which has all ports open to the internet. This isn't really recommended, as it leaves you very vulnerable.

have a nice holiday!