I do not know which forum is appropriate to post my message.
I have some new issues caused by the hacker/s attack since I start posting to Comodo Forums.
The source hosts (e.g. akamaiedge.net) frequently sends a SYN packet to TCP 80 to synchronize with my PC, then ignore the SYN/ACK (the second segment of the three-way handshake) from my PC. Lately, Akamai servers sequentially send this uncommon packets to my PC. I know this technique can glean some information from inside my PC. The number of retransmission sessions are just too many.
My problem is that I do not know how to configure my system in order to stop bad Akamai’s activity. I added ‘Tcpip’ registry entry to tighten a bit like this but it did not help me out.
TcpMaxConnectRetransmissions DWORD 1 (this is not a builtin entry)
TcpMaxDataRetransmissions DWORD 4 (default value is 5 although not a builtin entry)
TCPAllowedPorts REG_MULTI_SZ 80 443 995
UDPAllowedPorts REG_MULTI_SZ 53 68
… I set a prerequisite configuration ‘EnableSecurityFilters’ for those xxxAllowedPorts.
In CIS Pro Firewall advanced settings, I set to deny the following ICMP packets to prevent a sophisticated host discovery scans. Tyep 3 code 0,1,2,3,9,10 and 13 for ougoing, and type 13 code 0, type 15 code 0 and type 17 code 0 other than Echo Request for incoming ICMP packets those positioned upper row rather than ‘ICMP incoming deny all’.
Akamai hosting server for Microsoft URLs provides a strange information (maybe misedited) whenever I visit the URL site that describes REG_DWORDs for UDPAllowedPorts and TCPAllowedPorts-- REG_MULTI_SZ is correct.
In CIS Pro 2013, I disable UDP 67 for DHCP to deny malformed DHCP packets (truncated or corrupted messages from 0.0.0.0 to 255.255.255.255) that svchost.exe (a generic host process for local services) generates and keep sending this sequence packets in a local Denial Of Service-fashion. I verify those uncommon issues with two different major network packet analyzers. ‘service.exe’ quite frequently stealthily modifies some number of Local Service settings I preconfigured–It is a pain to fix them all the time in the Registry or on Control Panel.
Furthermore, my Windows 7 Professional 64 bit system sends many duplicate ACK packets to URL sites I visit in a Denial Of Service-fashion. Akamai hosting servers send maliciously malformed TCP/SSL packets to HTTPs (443) port repeatedly to my PC and in most cases my PC turns out to cause numerous problems in a Users layer when/after restarting my PCs, occasionally results in Black Screen Of Death with the typical message-- theoretically BootMgr and/or Master Boot Record files is missing. No logs exsist for this. I solve this this kind of issue without reinstalling the OS.
Microsoft and/or Akamai Technologies redirects the TCP connection from Windows Update server (e.g. 65.52/55.xxxx.xxxx or 64.4.xxx.xxx) to other Akamai hosting servers, then reject my PCs to download and auto-install security updates in the last months. The resources for Windows Update used to attempt to connect an Akamai server to download update files forcibly despite I configured all to disable on Control Panel and ‘wuauserv’ in local services repertoire. To prevent this, I set CIS pro 2013 Firewall to block those resources attempts.
NtfsDisableLastAccessUpdate key ‘REG_DWORD’ in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem is frequently tampered ‘0’ to ‘1’, so it makes me spend a lot of time to identify which holders or files are modified because they remain the same row in the Explorer windows. Also, from time to time, the default access-rights for holders and files placed in the internal hard drives are modified as well as ‘Everyone’ and ‘interactive’ users added. Therefore Admin user cannot even open them unless manually fix them to the default set. Does anyone know a good known application to fix this kind of issue quick and easily?
For many years, Akamai CDN servers hosted for Microsoft Windows Update and Apple Software Update implant ill-programs blending in rather different sizes under the same file name of security updates. Akamai server hosted for other third-party software executes the denial of services or implants bad updates, blocks software online activation for the valid licences. Those licences include Origin platform gaming applications and the extension pack for online-play (I have never played with the extension pack despite I payed for them), Eset NOD32 Japanese version. I am now unable to reinstall DVD version games “Medal of Honor Warfighter” and Battlefield 3" that need the online activation. The servers sends a disconnect form of flagged packets to my PC when the DVDs attempt to communicate with Origin’s Akamai hosting server.