Computer security expert please !!!
04 November 2000, 11:21 PM
#1
Scooby Regular
Thread Starter
Join Date: Oct 1999
Posts: 83
Likes: 0
Received 0 Likes
on
0 Posts
Who's a computer security expert here ?
I just got hacked yesterday when online using a free ISP . I use Zonealarm and have it set at high at all times .
So picture this , I'm downloading a file but not watching my computer but watching the news . I turn around and notice the little red lights in Zonealarm are flashing constantly ! Alarm bells ring and I shutdown my connection asap .
Only problem is I've just had 2.4MB of my hard disk uploaded to some punks HD ! I
traced the IP address and it originates from the servers of the free ISP I have just been using !
What I want to know is how the heck somebody can get around Zonealarm and download 2.4 MB of my HD ! Zonealarm even had the dialog box pop up saying someone had tried to access my netbios but that zonelarm had prevented this .
Can somebody explain how the heck I can lose 2.4mb of disk when behind a firewall set to maximum protection ? I even have a port scanner and check regularly for open ports on my computer .
I've already contacted the ISP , I'm awaiting
a responce .
I just got hacked yesterday when online using a free ISP . I use Zonealarm and have it set at high at all times .
So picture this , I'm downloading a file but not watching my computer but watching the news . I turn around and notice the little red lights in Zonealarm are flashing constantly ! Alarm bells ring and I shutdown my connection asap .
Only problem is I've just had 2.4MB of my hard disk uploaded to some punks HD ! I
traced the IP address and it originates from the servers of the free ISP I have just been using !
What I want to know is how the heck somebody can get around Zonealarm and download 2.4 MB of my HD ! Zonealarm even had the dialog box pop up saying someone had tried to access my netbios but that zonelarm had prevented this .
Can somebody explain how the heck I can lose 2.4mb of disk when behind a firewall set to maximum protection ? I even have a port scanner and check regularly for open ports on my computer .
I've already contacted the ISP , I'm awaiting
a responce .
04 November 2000, 11:49 PM
#2
Scooby Regular
Join Date: May 2000
Posts: 2,706
Likes: 0
Received 0 Likes
on
0 Posts
Whizzer,
Just read the post about the games and CD link. Could you have picked up a malicious cookie or something.
Before he arrives, I am not talking about you Mr Cookie.
P.
05 November 2000, 09:36 AM
#4
Scooby Regular
Join Date: May 2000
Location: MY00,MY01,RX-8, Alfa 147 & Focus ST :-)
Posts: 10,371
Likes: 0
Received 0 Likes
on
0 Posts
Whizzer
From what Sith has said, the most likely cause is an attack that has effectively been launched from inside your PC (i.e. the protected and hence trusted side of your firewall). Some trojan apps hide themselves very well and can be nearly impossible to detect.
If you take the recent Microsoft break in, they reckon the most likely way that the hackers got in was via a Microsoft empolyees home PC using an email based trojan virus (they used the QAZ Trojan virus). Now bearing in mind that Microsoft has spent countless millions on security and someone still managed to negate all of this and remain undetected for anything upto 6 weeks (depending on which report you read), you have to assume that there are ways around most forms of security.
If you look at the marketing stuff put out for firewalls and security products, none of them will say anything like 'guaranteed 100% secure' or 'product x will stop all hacking attempts' - simply because it is untrue, there is no such thing as 100% secure.
It will be interesting to see what your ISP says. From what you have described, you have more security programs running on your PC than the vast majority of people, so you have been aware of an attack on your machine (whereas most people exist in blissful ignorance!). It is very difficult to suggest ways to stop this in the future.
I wish I could offer some positive comments. I would be interested in your cookie blocking program though - mail me offline with the details.
Cheers
Chris
From what Sith has said, the most likely cause is an attack that has effectively been launched from inside your PC (i.e. the protected and hence trusted side of your firewall). Some trojan apps hide themselves very well and can be nearly impossible to detect.
If you take the recent Microsoft break in, they reckon the most likely way that the hackers got in was via a Microsoft empolyees home PC using an email based trojan virus (they used the QAZ Trojan virus). Now bearing in mind that Microsoft has spent countless millions on security and someone still managed to negate all of this and remain undetected for anything upto 6 weeks (depending on which report you read), you have to assume that there are ways around most forms of security.
If you look at the marketing stuff put out for firewalls and security products, none of them will say anything like 'guaranteed 100% secure' or 'product x will stop all hacking attempts' - simply because it is untrue, there is no such thing as 100% secure.
It will be interesting to see what your ISP says. From what you have described, you have more security programs running on your PC than the vast majority of people, so you have been aware of an attack on your machine (whereas most people exist in blissful ignorance!). It is very difficult to suggest ways to stop this in the future.
I wish I could offer some positive comments. I would be interested in your cookie blocking program though - mail me offline with the details.
Cheers
Chris
05 November 2000, 11:20 AM
#5
Scooby Regular
Join Date: Apr 2000
Location: www.mrcookie.co.uk
Posts: 5,757
Likes: 0
Received 0 Likes
on
0 Posts
Eh im famous
I used to use blackice as a fire wall but like you got attacked <B>lots</B> of time although none where succesful to my knowledge, and like you several of mine originated from my own isp (ntl) in the end and being a mere chef i decided ignorance is bliss, although if i do go cable modem things will have to change.
Simon
Ps are you not fairly safe if you have a non static ip
I used to use blackice as a fire wall but like you got attacked <B>lots</B> of time although none where succesful to my knowledge, and like you several of mine originated from my own isp (ntl) in the end and being a mere chef i decided ignorance is bliss, although if i do go cable modem things will have to change.
Simon
Ps are you not fairly safe if you have a non static ip
06 November 2000, 09:45 PM
#7
Scooby Regular
Join Date: May 2000
Location: MY00,MY01,RX-8, Alfa 147 & Focus ST :-)
Posts: 10,371
Likes: 0
Received 0 Likes
on
0 Posts
Here's another worrying statistic for you:
On average, each new xDSL subscriber will experience, on average, 3 hacking attempts within the first 48 hours of connecting.
Just in case you didn't think it was worth investing in some additional security...
Chris
On average, each new xDSL subscriber will experience, on average, 3 hacking attempts within the first 48 hours of connecting.
Just in case you didn't think it was worth investing in some additional security...
Chris
Trending Topics
06 November 2000, 10:28 PM
#8
Scooby Regular
Join Date: Oct 2000
Posts: 1,092
Likes: 0
Received 0 Likes
on
0 Posts
the people to worry about are 'script kiddies' who nick scripts and generally try to do damage.
I know some pretty heavy unix peeps (one who wrote the software that can crack/copy DVDs) and they are responsible people. They do what they do for a challenge, not damage.
The fact that people use windows doesn't help matters, it's awful and people trust it with all sorts of stuff!
[This message has been edited by mattski (edited 06 November 2000).]
I know some pretty heavy unix peeps (one who wrote the software that can crack/copy DVDs) and they are responsible people. They do what they do for a challenge, not damage.
The fact that people use windows doesn't help matters, it's awful and people trust it with all sorts of stuff!
[This message has been edited by mattski (edited 06 November 2000).]
07 November 2000, 07:28 AM
#9
Scooby Regular
Thread Starter
Join Date: Oct 1999
Posts: 83
Likes: 0
Received 0 Likes
on
0 Posts
strangely enough I'm I'm buying a 2nd had reconditioned compaq pent pro for 150 quid for pure internet access .
Then I'm keeping my regular PC unconnected to the net . I've learnt my lesson even with all the security I used , I just feel sorry for all new net users who hav'nt got a clue for what they could be in for !
(still no word from my free isp , wont be using them in a hurry)
Then I'm keeping my regular PC unconnected to the net . I've learnt my lesson even with all the security I used , I just feel sorry for all new net users who hav'nt got a clue for what they could be in for !
(still no word from my free isp , wont be using them in a hurry)
08 November 2000, 05:25 AM
#12
Scooby Newbie
Join Date: May 2000
Posts: 10
Likes: 0
Received 0 Likes
on
0 Posts
if you have DSL/Cable make sure you don't have File and Print Sharing enabled in Win98 (or if you have NT/2000 unbind it from your NIC/modem)
Also don't run IIS/FTP/Web or that kind of thing if you don't need to, if you do make sure you keep Service Packs up to date and run hotfixes.
Check out
Also don't run IIS/FTP/Web or that kind of thing if you don't need to, if you do make sure you keep Service Packs up to date and run hotfixes.
Check out
Thread
Thread Starter
Forum
Replies
Last Post
The Joshua Tree
Computer & Technology Related
30
28 September 2015 02:43 PM