A couple of days ago my computer's were hacked. I hosted a game server from home and i noticed that someone tried to add a global start entry to my server box (win 2k3), S&D TeaTimer stopped it and displayed a box with the info, which is how i knew something was wrong (i shut it down when i saw this). This tipped me off and put me into damage control overdrive, as i was patching and updating all my antivirus, trojan, adware tools and doing scans my other computer suddenly rebooted and when it restarted i got an error message about "hal.dll" missing. I booted up with my BartPE and i found out the problem; the hacker had deleted half my windows files. I did a system restore, rebooted, copied over the files i did not want to lose to an extra HD i had lying around and did a low level format, repartitioned the drive and reinstalled windows and all applications.

Ok enough for the background, now i need help securing against this ever happening again.

I've since stopped hosting a server and i changed my IP so the attackers can't get me again. I'm using 2 firewalls and 1 IP blocker as well as a NAT router on my computer and i still feel this is not enough. I'm going to turn my old server computer into a linux router with apf firewall and a honeypot for good measure. I'm using Windows Firewall, Look 'n' stop firewall, Peer Guardian 2, NOD32 (and S&D, spywareblaster, ad-aware, file checker, modified hosts file) and my router is an old LinkSys BEFSX41.

I also downloaded a log parser named Link Logger (is this ok to use? do they have good reviews? i didnt find any info online about it). I've been monitoring my incoming and outgoing connections like a hawk and a lot of stuff scares me, i see a lot of worms, exploits and port scans; is this normal?

I was thinking about possibly buying a newer router (my budget is around $400, but i'd like to pay around $250 max).

Is my current router and setup sufficiant? or can anything be stronger and should i change the router.

P.S. I dont want a wireless router because that introduces a whole host of problems i do not want to deal with, plus my computers are within 4 feet of the router.

P.S.S Which method should i connect everything? Cable Modem => Linux Router => LinkSys Router => PC or Cable Modem => LinkSys Router => Linux Router => PC

Any help would be greatly appreciated as this experience has left me brused and neurotic. Opening ports is hell, but i want to be protected, now i know nothing is 100% when your dealing with hackers.

That seems secure setup. Keep your OS and security software up to date as well.

LinkLogger is a good app that will give you a good overview, you can also try PortPeeker from same author to sniff the traffic content.

Don't worry to much, just keep an eye, about the blocked traffic logged on your router (especially in Nat mode) as it is usual on the net

What are you trying to achieve with the honeypot?

Cudni

Brute force break ins so i can ban the IP with APF.

*I mean i have the honeypot so i can monitor brute force break ins and than ban the ip with apf.

Gamer, You should be using only 1 software firewall - disable the Windows firewall. Running more than 1 has a high probability of conflict.

I'd rather have high conflict than lose everything again.

Hi,

Sooner or later GOD always punishes those who thumb their nose to reason.

What he means is by runnign more than one firewall at once you risk making your system unstable and potentialy crashing it. Trust me windows firewall offers no extra security from a good firewall and will jsut cause you problems.

Tib

[quote="Gamer"]

How much more effective at blocking attacks is the SonicWALL TZ-150 ?

My current hardware is an LinkSys BEFSX41.

P.S. Thanks for the great advice!

Sorry, you have an old Linksys, I missed that in your original post. IIRC, the original versions of that model did not have either port stealthing (it did have port blocking but it was not completely effective) or SPI, so the TZ-150 will be more effective just in its' base configuration even without the additional subscription add ons. With the add ons (they cost about $150/year for the package - called "Gateway Protection") it will be much more protective than the old Linksys.