CERT HOME COMPUTER SECURITY - Home PC Security made easy!
Free HOUSECALL Virus Scan
|| Greetings and Introduction and
Three Steps to Securing your PC
LINUX User Information
Connect - ROUTERS AND BROADBAND
ONNECT PROBLEMS: DIRECPC WIN XP and OTHERS including DCC
<><>SP2 "Limited Connectivity" problems - Microsoft article
<>Windows XP Configure the XP firewall to allow IRC
<><> General Problems Connecting - AOL, DSL and CABLE Users or anyone who can connect ot OTHER nets but can't get to Starlink-IRC
CABLE and DSL - Timeouts
CERT Home Computer Security - a MUST READ
You have most likely been sent to this page because our check-in service has determined that your network connection may be vulnerable to attack by a malicious user. Don't worry! If you follow the steps outlined below, you'll be back in no time at all.
Security Check Policy
We, the staff of StarLink-IRC, take your privacy and security VERY seriously. The results of our check-in tests are not logged by our servers or the checking software. This entire service is designed for your protection.
What Tristar does -
If your firewall announced that you have received an "attack" from a trojan horse or virus such as back orifice or netbus .. it is incorrect. This isn't unusual, most firewalls and security programs cry 'wolf' before they bother to actually check anything.
Since trojan horse programs are dangerous to our net as well as your pc, we try to prevent them from connecting. We do this by checking to see if your pc appears to accept a connection on ports known to be used by trojans. If a trojan is known to listen on port 12345, we check that port to see if your pc answers. A normal pc will not .. one that is compromised by a trojan or has a firewall that is answering for you will. Some firewalls will 'listen' to try to find out more about what is happening. The bad news is that by doing so they look from our end exactly like the trojan we are trying to detect.
WE DO NOT MAKE INVASIVE SCANS .. so we can't tell if its a firewall or a trojan and we're sure you wouldn't want us to try anyway. There are websites that can help with that problem.
The point here is, Tristar issues a plain warning about what is happening when you connect to our network. The ONLY time we check is when you connect to StarLink-IRC. If the check worries you that much, then simply don't connect and it won't happen. You are NOT being 'attacked' by a trojan no matter what your firewall says. Firewalls announce what they are programmed to announce, there are no little people in there who actually read things like IRC network connect messages or even dig to find out if its a real trojan or not.
In principle, we do not like the idea of checking user connections. While many other chat networks have been doing connection scanning for months, we have tried, without success, to come up with some other method of safeguarding the network and users. However, it has sadly become a necessary evil due to the recent growth in the volume and severity of attacks exploiting these vulnerabilities.
We sincerely apologize for any inconvenience this may cause.
|If you already have
a "firewall" (especially Nukenabber),
this is important.
Nukenabber, Lockdown, and similar products are commonly known as "port listeners" .. they do their job by 'listening' on specific connections (ports) for commands. Unfortunately, that is exactly what malicious code, viruses, and the like also do. The only difference is what happens after: a 'firewall' receives it and just throws it away, a malicious program receives it and hands control of your system to somebody without you even knowing.
|When you use a true
firewall, like Zone Alarm, it builds a
access to or from your computer without your direct permission. When
use software, it makes a 'hole' in the firewall so it can do what it's
supposed to. Being a software program, a port listener obviously
the same way.
By running a firewall and a listener, you plug the holes and then reopen them. Does that make a lot of sense?
To use StarLink-IRC, you will have to either turn off the listener application or disable listening on any ports that you get warned about. See instructions here abut changing NukeNabber
Click here for information about firewalls and ports
|1||[Step 1] Run a
Hopefully you've already purchased anti-virus software, you should never be without it when using the Internet. If you haven't, here are a few links to various popular anti-virus packages - any of which will suffice (and some are free!)
There is a very good virus description database at F-SecureF-Prot (Free) AVG Anti-Virus (Free) InoculateIT Personal Edition Norton AntiVirus 2001McAfee.com VirusScan Online
Once you have an anti-virus package, make absolutely sure that you have the latest virus signatures. Each software package will handle the update a bit differently - see the software's users guide for more information.
If you have SubSeven (a PARTICULARLY nasty trojan), check these links:F-secure site (free) Black Ice site
Another informative site about Trojans:Trojan Port Table and Information
Once you have the latest virus signatures, run a full scan. Scan everything - and we mean EVERYTHING - that your software will scan. Don't leave anything unscanned and left to chance. Allow that to finish before you continue to ...
|2||[Step 2] Download
and install ZoneAlarm
If you're connected to the Internet, you're going to want a firewall. Even if you have a hardware firewall, you'll want to install ZoneAlarm (it is free!)
You can download the free version (or the paid "Pro" package if any of the advanced features interest you). The free version should suffice for most people.
Read the ZoneAlarm documentation thoroughly. While this product is extremely easy to install and use, you'll want to understand the basic concepts before you start the configuration process.
Once you have ZoneAlarm installed, your computer will no longer allow connections to or from it without your express permission. Of course, you will want to allow certain common applications (Internet Explorer, mIRC, etc.) to access the Internet. You may be surprised at what you find coming both into and out of your system without your knowledge!
You WILL see a lot of activity messages like "Zone Alarm has blocked access to your computer from xxxxxxxxx" Don't be concerned right away, all you are seeing is traffic that your system has always been getting .. you just didn't know it. Watch ZA work for a while and you will see what is 'normal' for your situation.
|3||[ Step 3] Reconnect
... with the knowledge that you're not only making your system and the network that it lies on safer, but StarLink-IRC a nicer place to visit.
XP Service Pack 2 -
If you recently
upgraded to XP SP2, you may encounter a "limited
or no connectivity" error message that prevents you from getting
online. Microsoft has a knowledge base article on the issue but we have
not tested it ourselves .
If you use Windows XP, you may have problems connecting to IRC. This is due to the Internet Connection Firewall (ICF) that ships with XP. You may need to turn ICF off in order to chat. You can install Zone Alarm, a very good firewall, as a replacement. To disable the firewall, follow these steps. (Or go see the microsoft XP website for more information.)
To disable Internet Connection Firewall
While we don't recommend it, if you REALLY insist on using the XP ICF anyway, you can probably connect if you add port 113 to the firewall. (Port 113 is for the "IDENT" function).
On the same tab as above, but below where you clear ICF:click on "add" First line put : ircchat Second line put: 127.0.0.1 Third line put : 113Fourth line put: 113
(Note: You still won't be able to DCC send if ICF is enabled but you will be able to connect)
DCC PROBLEMS WITH ROUTERS by birdman (Keith)
If you have a problem connecting to SL-IRC but not to other nets, the problem could be IDENT settings. This happens if the ISP is slow, or for some reason port 113 (IDENT) is slow or being blocked between our servers and your client.
This explains why you might be able to connect to some nets but not Starlink-IRC. Not all nets block certain combinations of upper/lower characters and numbers, although many do.
Some users (particularly AOL) have reported problems connecting to SL-IRC. One cause for this seems to be IDENT services being either badly lagged or blocked somewhere in AOL's routing networks. The cause: When IDENT is running, the information in the IDENT tab is what is returned when you connect to the server. For Example if you have the following settings: IDENT: ircuser EMAIL: [email protected]
If you connect and IDENT works, your 'whois' becomes: [email protected]
If you connect and IDENT does NOT work, your client will pick up your email address and your "whois" becomes: [email protected]
The problem is, certain combinations of upper/lower case and/or numbers are blocked from connecting by the server software - so if your email setting is upper/lower/numeric, when it gets picked up during connection, you can't connect.
Make sure your email setting in your client (e.g. mIRC) is something simple like [email protected] That way if IDENT stops working, your userid (the part to the left of the @ in your whois info) becomes "mynick".
If you have a new (or changed) DSL or cable connection and are getting timeouts. Try setting the retry waiting period to 320 seconds or so. (in mIRC, look in File.connect.options in the "When connecting" box "If not connected in __" option.)
Try powering down
the DSL or CABLE modem and the PC for
minute. Then power back up and that may fix the problem.
FIND YOUR PROXY
SETUP Macintosh OS X-Chat Aqua
Proxy IPs that may
credit for this solution to BobAZ of
While it is doubtful that you will ever actually have a virus issue similar to Windows users, we are providing some information here that might be useful. Since ZoneAlarm is unavailable to you, we suggest you look at ipfwadm/ipchains (depending on the version of your kernel), this can be used with IP masquerading as well.IPFWADM FAQ Linux IPCHAINS HowTo
Netfilter (for 2.4)
F-Prot and AVG make Linux scanners that work much like their Windows versions but are not as complex. See
http://free.grisoft.com for AVG
http://www.f-prot.com/ which has Linux, FreeBSD and Sun versions listed
We hope this helps!
Undernet has an excellent page for properly configuring your PROXY server.