Join 3,440 readers in helping fund MetaFilter (Hide)


Computer exposed to internet without a firewall, now what do I do?
May 6, 2008 7:28 PM   Subscribe

My computer has recently been exposed to the wild internet without being behind a firewall. I'm running Windows 2000 without a software firewall. What should I do now to clean my machine and make sure it hasn't been subject to an exploit?

I made the mistake of putting a gaming device in the DMZ of my router for a short while. When I came back today, the dynamically assigned IP had switched, and it was my computer that was in the DMZ. As a result, my computer has been exposed to the wild internet without a firewall. I have all the latest service packs and hotfixes installed. What else should I do to make sure that my machine hasn't been exploited?

I have Spybot S&D for spyware and AVG for virus checking.
posted by miasma to Computers & Internet (10 answers total) 8 users marked this as a favorite
 
Check the startup entries for anything strange (Spybot S&D will help you with that). Get one of the free rootkit detectors (Rootkit Revealer (MS), IceSword (recommended!)) and make sure it doesn't flag anything. If there's nothing in the startup entries and rootkit detectors, you're pretty safe.

Good luck!
posted by cyanide at 7:43 PM on May 6, 2008


The safe thing to do is backup your data and nuke the entire site from orbit*. If you won't wipe & reinstall, make sure to run rootkit detectors on all the other computers in your network if you've connect the exposed PC back into the protected zone. Remember that no badthings detector is 100%. Recent scariness (the storm worm and its ilk) change their behavior faster than your scariness sensor can follow.

*it's the only way to be sure
posted by tylermoody at 8:48 PM on May 6, 2008


"I ended up with a ton of junk including a few trojan viruses in a matter of hours."

This sounds highly unlikely. If your OS and any server software you were running was fully patched and hotfixed, the odds that something would worm its way into your machine in a short period of time is very, very small. You're basically saying that every zero-day virus on the internet found you during the brief period you were exposed.

More likely is that those things had been on your computer for some time and you only thought to look for them after noticing you had a hole.

Run a Spybot scan (windows defender, too, if it works on win 2k) and a full system AVG scan. If they find nothing, rest easy -- you're more likely to pick up nasties browsing the internet in IE for a few hours than for them to just arbitrarily find your computer during a brief firewall slip-up.
posted by toomuchpete at 8:52 PM on May 6, 2008 [2 favorites]


Honestly, be it Windows or MacOS or Linux, I'd personally reinstall just to be safe.

(FreeBSD I'd give a pass to.)
posted by davejay at 9:38 PM on May 6, 2008


I have had a similar problem lately and spent a couple evenings cleaning the mess. I then spent another night summarizing what i learned in a blog post. Hope it helps someone!
posted by bargainhunter at 9:59 PM on May 6, 2008


> As a result, my computer has been exposed to the wild internet without a firewall.

I don't think it would be that much of a problem, especially since you said you have all latest hotfixes installed. The odds are already very unlikely that a computer connected to the Internet alone could be infected with worms without any user interaction, even when it's assigned a public IP.
posted by semi at 1:56 AM on May 7, 2008


According to the internet storm centre, the survival time between malware probes for a non-firewalled machine is typically <1> This is not necessarily a disaster if your machine is fully patched up, but it is food for thought.
posted by Jakey at 4:07 AM on May 7, 2008


Oops. Borked link. Should read typically <10mins
posted by Jakey at 4:09 AM on May 7, 2008


The internet storm centre link is really too vague to be useful for anything but FUD. There's a huge number of worms that exploit already-patched vulnerabilities. Add to that worms that attack certain hardware/software setups (Slammer, for example). If you had some hard numbers you could run some statistics and realize that it would typically take a long, long time to get infected. Once every 10 minutes is slooooow, all things considered.
posted by toomuchpete at 5:38 AM on May 7, 2008


Also check out some of these freeware security apps. You may find them helpful in diagnosing any potential issues and preventing them in the future:

Techsupportalert.com's best 46 free utilities
posted by lyam at 7:53 AM on May 9, 2008


« Older I will be doing a very anticip...   |  Mold and bleach? How much to k... Newer »
This thread is closed to new comments.