A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

Do I block access from svchost to DHCP?



 
 
Thread Tools Display Modes
  #1  
Old June 14th 05, 08:47 PM posted to ntl.discussion.broadband.cm,uk.telecom.broadband,comp.security.misc,alt.computer.security
Bit Twister
external usenet poster
 
Posts: 5
Default Do I block access from svchost to DHCP?

On Tue, 14 Jun 2005 18:32:46 GMT, Mister C wrote:
From time to time I get this message from my Sygate firewall.
Should I let this program through?

"Generic Host Process for Win32 Services (svchost.exe)
is trying to connect to [62.255.64.20] using remote
port 67 (BOOTPS - Dynamic Host Configuration Protocol
[DHCP] Server). Do you want to allow this program to
access the network?"

This is my setup:

1. I use WinXP + SP1 at home.


Hmmm, missing lots of updates there. Poor security practice.

2. My broadband ISP is NTL Cable


Well that explains it.
nslookup 62.255.64.20
shows name = dhcp1-popl.server.ntli.net.

3. I connect direct to my ISP am am not part of a network.


You are part of NTL cable network and your node gets it's ip address
from NTLI's DHCP server. Your DHCP client and their DHCP server chat with each
other through ports 67,68 to get/renew your DHCP assigned ip address.

  #2  
Old June 14th 05, 10:03 PM posted to ntl.discussion.broadband.cm,uk.telecom.broadband,comp.security.misc,alt.computer.security
Walter Roberson
external usenet poster
 
Posts: 15
Default Do I block access from svchost to DHCP?

In article ,
Bit Twister wrote:
:On Tue, 14 Jun 2005 18:32:46 GMT, Mister C wrote:
: This is my setup:

: 1. I use WinXP + SP1 at home.

:Hmmm, missing lots of updates there. Poor security practice.

As best I (not a Windows expert!) can tell, Microsoft is making
security patches available for both SP1 and SP2 at present.
Is there a significant security difference between fully-patched SP1
and fully-patched SP2?

I was running SP2 but there was something that wasn't working that
did work under SP1 that I installed on a different partition. If
one cannot effectively run one's system with SP2 but can with SP1,
then is it truly "good security practice" to upgrade to the version
that is functionally unusable under the local circumstances?

If so, then would it not be even better security practice to upgrade
to Windows HP -- a version of Windows that consists of nothing other
than repeated processor HALT instructions, to keep the system from
running anything at all ?
--
Oh, to be a Blobel!
  #3  
Old June 14th 05, 10:30 PM posted to ntl.discussion.broadband.cm,uk.telecom.broadband,comp.security.misc,alt.computer.security
David H. Lipman
external usenet poster
 
Posts: 7
Default Do I block access from svchost to DHCP?

From: "Walter Roberson"

| In article ,
| Bit Twister wrote:
| :On Tue, 14 Jun 2005 18:32:46 GMT, Mister C wrote:
| : This is my setup:
|
| : 1. I use WinXP + SP1 at home.
|
| :Hmmm, missing lots of updates there. Poor security practice.
|
| As best I (not a Windows expert!) can tell, Microsoft is making
| security patches available for both SP1 and SP2 at present.
| Is there a significant security difference between fully-patched SP1
| and fully-patched SP2?
|
| I was running SP2 but there was something that wasn't working that
| did work under SP1 that I installed on a different partition. If
| one cannot effectively run one's system with SP2 but can with SP1,
| then is it truly "good security practice" to upgrade to the version
| that is functionally unusable under the local circumstances?
|
| If so, then would it not be even better security practice to upgrade
| to Windows HP -- a version of Windows that consists of nothing other
| than repeated processor HALT instructions, to keep the system from
| running anything at all ?
| --
| Oh, to be a Blobel!

There is a big difference in WinXP SP2 and SP1 which includes IE6/OE6 SP2 which is not
available for Win9x/ME and Win2K.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


  #4  
Old June 14th 05, 10:32 PM posted to ntl.discussion.broadband.cm,uk.telecom.broadband,comp.security.misc,alt.computer.security
Bit Twister
external usenet poster
 
Posts: 5
Default Do I block access from svchost to DHCP?

On 14 Jun 2005 20:03:56 GMT, Walter Roberson wrote:
In article ,
Bit Twister wrote:
:On Tue, 14 Jun 2005 18:32:46 GMT, Mister C wrote:
: This is my setup:

: 1. I use WinXP + SP1 at home.

:Hmmm, missing lots of updates there. Poor security practice.

As best I (not a Windows expert!) can tell, Microsoft is making
security patches available for both SP1 and SP2 at present.


(not a Windows expert either) but I would bet they are not.

Is there a significant security difference between fully-patched SP1
and fully-patched SP2?


Then why make a SP2.

I was running SP2 but there was something that wasn't working that
did work under SP1 that I installed on a different partition.


See there is a difference between SP1 and SP2. I would guess sp2 closed
a security flaw on a system call used by the defunct application.
Could have been an update to make a system call argument mandatory
which is not provided in the failing application causing it to fail.

If one cannot effectively run one's system with SP2 but can with
SP1, then is it truly "good security practice" to upgrade to the
version that is functionally unusable under the local circumstances?


You might want to read the above sentence out loud.

Having an unpatched system is negligent.

Let's say someone uses your unpatched system to steal credit cards and
sells them using your system. Do you think, "but, but, judge, I
installed a patch and I could not run one of my applications so I
backed out the patch." is going to keep you out of jail.

If so, then would it not be even better security practice to upgrade
to Windows HP -- a version of Windows that consists of nothing other
than repeated processor HALT instructions, to keep the system from
running anything at all ?


Now you are just being stupid.
http://www.eeye.com/html/research/upcoming/

My solution was to install Mandrive/Mandrake linux.
  #5  
Old June 14th 05, 11:02 PM posted to ntl.discussion.broadband.cm,uk.telecom.broadband,comp.security.misc,alt.computer.security
Walter Roberson
external usenet poster
 
Posts: 15
Default Do I block access from svchost to DHCP?

In article ,
Bit Twister wrote:
:Having an unpatched system is negligent.

:Let's say someone uses your unpatched system to steal credit cards and
:sells them using your system. Do you think, "but, but, judge, I
:installed a patch and I could not run one of my applications so I
:backed out the patch." is going to keep you out of jail.

In your strawman argument, are you speaking in terms of being
convicted of "negligence" or of being convicted as if you were yourself
the perpetrator of the credit card trafficing?

My Windows XP SP1 system is behind a firewall that is configured to
disallow incoming connections, and is patched with the latest SP1
patches (well, before the ones released earlier today.) A finding
of "negligence" is unlikely in such a matter.


Microsoft has a list of "Top 10 Reasons to Install Windows XP
Service Pack 2",
http://www.microsoft.com/windowsxp/sp2/topten.mspx

Reasons #1 thru 4, and 8 thru 10 have to do with products such
as Internet Explorer and Outlook that I do not run.

Reason 5 has to do with the Windows Firewall -- unnecessary for
someone who has a real firewall.

Reason 6 is the convenience of the Windows Security Centre. Being
able to "manage key security settings in one convenient place" is
not exactly at the top of my list of must-have security features.

Reason 7 is enhancements to Windows Automatic Updates. I have my
system set to notify me of updates, which I then examine first
-before- blindly installing.


If you examine the list of "Key Security Technologies" for SP2,
http://www.microsoft.com/windowsxp/s...soverview.mspx
you will not find much of interest to someone who runs their own
firewall and doesn't use IE or OE.
--
"Never install telephone wiring during a lightning storm." -- Linksys
  #6  
Old June 14th 05, 11:09 PM posted to ntl.discussion.broadband.cm,uk.telecom.broadband,comp.security.misc,alt.computer.security
Walter Roberson
external usenet poster
 
Posts: 15
Default Do I block access from svchost to DHCP?

In article [email protected],
David H. Lipman wrote:
:From: "Walter Roberson"

:| Is there a significant security difference between fully-patched SP1
:| and fully-patched SP2?

:There is a big difference in WinXP SP2 and SP1 which includes IE6/OE6 SP2 which is not
:available for Win9x/ME and Win2K.

David, I've re-read your sentance several times, but I am having
difficulty in parsing it. Are you saying that IE6/OE6 SP2 is available
for XP SP2 but not for XP SP1? I am thrown a bit by the
9x/ME and 2K reference ?

If one does not use IE6 nor OE, are the differences relevant?

--
Feep if you love VT-52's.
  #7  
Old June 14th 05, 11:31 PM posted to ntl.discussion.broadband.cm,uk.telecom.broadband,comp.security.misc,alt.computer.security
Bit Twister
external usenet poster
 
Posts: 5
Default Do I block access from svchost to DHCP?

On 14 Jun 2005 21:02:37 GMT, Walter Roberson wrote:

In your strawman argument, are you speaking in terms of being
convicted of "negligence"


The site cracked could go the negligence route asking for damages.

or of being convicted as if you were yourself
the perpetrator of the credit card trafficing?


That is what is going to cost you the big lawyer bucks to get out of
going to prison.

My Windows XP SP1 system is behind a firewall that is configured to
disallow incoming connections,


Depending on what kind of firewall, that is a good first step.
SP1 patched systems were getting cracked in about 4 minutes after
connected to the net.

and is patched with the latest SP1
patches (well, before the ones released earlier today.) A finding
of "negligence" is unlikely in such a matter.


Would guess the cracked site's lawyer would be pushing the fact that
you do not have all updates (SP2) installed so it is negligence.

Microsoft has a list of "Top 10 Reasons to Install Windows XP
Service Pack 2",


I seriously doubt MS would publish that SP2 fixes unpatched problems in SP1.
I wonder why MS thought about forcing SP2 or disallow any updates at
one point in time.

If you examine the list of "Key Security Technologies" for SP2,
http://www.microsoft.com/windowsxp/s...soverview.mspx
you will not find much of interest to someone who runs their own
firewall and doesn't use IE or OE.


Well there is my point. Based on that, there should be no reason for
your application to not run on SP2.
After all, sp2 just fixed a few applications.

  #9  
Old June 14th 05, 11:39 PM posted to ntl.discussion.broadband.cm,uk.telecom.broadband,comp.security.misc,alt.computer.security
David H. Lipman
external usenet poster
 
Posts: 7
Default Do I block access from svchost to DHCP?

From: "Walter Roberson"

| In article [email protected],
| David H. Lipman wrote:
| :From: "Walter Roberson"
|
| :| Is there a significant security difference between fully-patched SP1
| :| and fully-patched SP2?
|
| :There is a big difference in WinXP SP2 and SP1 which includes IE6/OE6 SP2 which is not
| :available for Win9x/ME and Win2K.
|
| David, I've re-read your sentance several times, but I am having
| difficulty in parsing it. Are you saying that IE6/OE6 SP2 is available
| for XP SP2 but not for XP SP1? I am thrown a bit by the
| 9x/ME and 2K reference ?
|
| If one does not use IE6 nor OE, are the differences relevant?
|
| --
| Feep if you love VT-52's.

WinXP SP2 containe IE/OE SP2. There is no IE/OE SP2 for earlier MS Operting Systems.

Since the HTML capabilities of the OS are tied to IE then the fact that you do not directly
use IE or OE still means that that the HTML vulnerabilities remain.

There are other pertinent changes in SP2 as well. This includes the XP FireWall and
recoding of some WinXP components.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


  #10  
Old June 14th 05, 11:39 PM posted to ntl.discussion.broadband.cm,uk.telecom.broadband,comp.security.misc,alt.computer.security
Mark McIntyre
external usenet poster
 
Posts: 1,835
Default Do I block access from svchost to DHCP?

On 14 Jun 2005 21:02:37 GMT, (Walter
Roberson) wrote:

Microsoft has a list of "Top 10 Reasons to Install Windows XP
Service Pack 2",
http://www.microsoft.com/windowsxp/sp2/topten.mspx

Reasons #1 thru 4, and 8 thru 10 have to do with products such
as Internet Explorer and Outlook that I do not run.


You may not run them, but they're installed and the IE rendering
engine is used by a swathe of apps. If you leave this inadequately
patched, you're asking for trouble.

I agree the other three reasons are irrelevant for anyone who has
their own f/w and performs updates religiously.

If you examine the list of "Key Security Technologies" for SP2,
http://www.microsoft.com/windowsxp/s...soverview.mspx
you will not find much of interest to someone who runs their own
firewall and doesn't use IE or OE.


There's no such thing as "not running" IE or OE....


 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Do I block access from svchost to DHCP? Michael J. Pelletier uk.telecom.broadband (UK broadband) 0 June 14th 05 08:46 PM
Static IP Block - Plus Net barney uk.telecom.broadband (UK broadband) 5 November 2nd 04 10:26 AM
help with static ip block teeno uk.telecom.broadband (UK broadband) 7 August 26th 04 02:50 PM
svchost.exe keeps trying to get out... Jann uk.telecom.broadband (UK broadband) 4 July 28th 03 01:20 PM


All times are GMT +1. The time now is 02:41 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.