need to make my n/w secure, please help

[scorpio5780]

Hi

I have a BEFSR41 Linksys router conneted with T1 connection and have a win2K sever on the network. I have only opened one port on the router i.e. FTP-21 and 80. No other ports are open. Buty I always see some activity going on my n/w connection icon. So I stopped all the services FTP, IIS and all. And execcuted NETSTAT command.

I SEE THIS WIERD GUY:--
TCP sphinx:3170 cricri.qeast.net:6667 ESTABLISHED

connected always and sometimes people on port 1867 I guess...

Can anyone tell me how can I make my network more secure?
Have all the latest firmware on the router and all the patches installed on win2K.

 

[Batman5177]

1) download all security updates for win2k

2) try zonealarm software firewall

3) ...

4) profit++

 

[redbeard1]

A google search for port 6667 indicates that is a port for used IRC chat.

The 1867 port is more elusive. A number of links talks about udrive which is somewhat explained at the link. Others talk about using it for uploading files or instant messenging.

Udrive port 1867

 

[scorpio5780]

Thanks for the valuable info.
I was wondering if I can use "Input and Output filters in 'Routing and Remote access' service in WIN2K server.

 

[Fallen Kell]

I would HIGHLY recommend getting a decent software firewall to augment your system. Zonealarm will work if you are low on cash (it works fine actually even if you are not low on cash). It will monitor incomming and outgoing connections as well as allow you to easily block individual programs from using different ports. So you can do more advanced things like blocking some malicious code from opening a connection to IRC but still let you use IRC with your normal chat software (some games use IRC to do chat as well).

 

[Fallen Kell]

Oh, also, if you want to make your network more secure, GET RID OF IIS AND FAST!!! Go download Apache if you need to have a webserver running. MUCH safer (mainly because it doesn't hook itself into the OS and allow you to do system formats, etc).