Hello,

I know we have had some trouble recently. I was on Scoobynet at 8.43pm Sunday. Some clever git was trying to get into my PC via FTP from the following IP 211.23.186.125.

A TRACERT showed that they use HINET in Tiwan as there ISP.

Are people sitting on Scoobynet ports, picking us up and having a go?

My Deep IP knowledge is fairly limited (as a Project Manager I normally have a propper techy to hold my hand)

Anyone else had bother from round that way?

 

Two attempts into my PC tonight:

From 213.123.48.112 and 210.97.117.1

Brian

 

I've had quite a few incoming connection attempts, via TCP, Portmap etc. Loads last Thursday, normally in "threes" from a given source IP address.

Lots of different addresses though - so there must be a plenty of "trojaned" PCs out there!!!

mb

 

To be honest, I've given up being bothered by the Zone Alarm logs on my home PC. Aren't enough hours in the day as it is!

Firewall alerts at work are a different matter though...

ChrisB.

 

During the attacks I had plenty from 1 IPA but then realised that it was actually the tests I was running from GRC.com

Make sure it is not this first all

DW

 

Just had 217.59.186.97 trying to access mine.

Tim

 

Also you have to realise just because you are looking at Scoobynet does not mean the attempted attacks are because of that ! i have had attempts when i am not connected to any BBS !

 

I'm running Zonealarm too, and it's always coming with attempted Telnet sessions to my machine

 

I don't bother looking at the logs at all now. IMHO Just spend some time really tweaking your firewalls and relax a little folks. Apart from one lapse on my part(running game servers and dropping security partially down for 2 days while sorting port passthroughs, some bugger took out my IP stack in the registry with great efficiency and also left a calling card), I have had a bombproof firewall on my home LAN/Web link. Still test her every now and then, pass with flying colours. I have had my link on permanently and firewalled since oct last year and nothing has got through that I did not want, apart from the admission above .

Cheers,


Nick

 

As has been mentioned already, the fact that you are on Scoobynet when this happens is not that significant. The attacks you see on your PC mainly come from script kiddies running automated programs that scan huge address ranges. Once they have a response in a particular range, they will keep probing until they find someone / thing that will accept a login request etc. This is normally when you'll see port scans - II have many examples of this on my logs for Zone Alarm.

Nick you're a brave man Whilst your firewall is obviously doing a good job, isn't better to also know when someone has been attempting to hack you? If you don't check your logs how do you know? The attack techniques are changing all the time. Granted it is probably not so important for small home based firewalls, but it is still worth checking these logs every now and again. I could tell you one of two horror stories about some very clever hackers on some extremly sensitive servers, traced by a security analyst mate of mine - not funny.

Chris

 

Firewalls are only as good as their set-up. Refining the set-up normally means looking at logs (not just alerts) and seeing what's happening...

 

I found out something recently that ISDN users might find useful. If you buy yourself a cheap ISDN router, aside from the functionality benefits, it appears to make your machine nearly impregnable.

I have one (supplied by work) and as a result, without any firewall software or security updates, GRC.com reported that I was 100% stealthed from the internet. It seems to be down the the NAT, which combined with that fact that there is nothing TO hack on a router from the normal point of view (most of the attacks are aimed at Windows machines) it seems to be a fairly effective solution.

 

It is indeed due to the NAT. Connections can normally be initiated only from the inside out so a lot of the script kiddy hacks fail. However there are lots of hacks for the routers themselves if people choose to do so. They have to be managed/accessed by your service provider so there will some ways in for them. If its your router then its easier to protect it entirely from incoming connections on the Internet side but it is still not "impregnable". Its just hard enough not to be so vulnerable to the idiots downloading the latest scripts to hack windows boxes for a laff.

Deano

 

Can someone tell me how you know when someone is trying to get in your computer?

Also, why do they do it and how? Is it to give you a virus, etc?

How do you stop them? Seems as if it is quite common.

Thanks in advance.

Cheers,
Tom

 

and can someone explain how to "tweak" using the Zonealarm logs? How do you improve Zonealarm.Please speak in english and assume i am stupid.

 

Chris,

the guide is excellent,thanks.

 

<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:<HR>Originally posted by Tom Evans:
<B>Can someone tell me how you know when someone is trying to get in your computer?

Also, why do they do it and how? Is it to give you a virus, etc?

How do you stop them? Seems as if it is quite common.

Thanks in advance.

Cheers,
Tom[/quote]

Tom it varies really - a lot of the time, people trying to access your PC will just be random attacks - dumd kids using scanning programs to scan huge ranges of IP addresses. If your ISP's address range happens to fall into their sweep then the chances are your PC will be 'scanned' without you knowing. Why do people do this? Who knows, this is not serious hacking merely low skilled script kiddies using programs handed down to them by more experienced hackers. It is a fact of life. In some cases they will deposit a nice virus e or trojan horse program to transmit details of your harddrive back to their PC. They could be looking for credit card numbers etc - anything useful or it could just be a totally random attack for the hell of it.

Your best form of defence is to get a basic firewall - Zonealarm mentioned here, will do the job (zonealarm.com) and it's free. Simply install it and it will configure itself (you are working on the same principle as a car or house alarm - if it means that someone elses car or house gets broken into, you're upset, but you're also glad it wasn't yours!!) It makes your PC a more difficult target, so they will normally move onto one that isn't protected (ie an easier target).

ZA will tell you when someone tries to access your PC or when a program from within your PC tries to access the Internet - at least you know what is going on!!

Chris

 

Tom,

It's not finished yet but we are working on a ScoobyNet guide to all this security stuff:

 

Cheers for the replies.

Is it quite easy to get credit card details from the computer then, as I use the internet a lot for buying CDS?

Think I better get that firewall. Any disadvantages of using a firewall?

Cheers,
Tom

 

My company does Managed Firewalls for Banks, big corporates, etc. The amount of hacking is on the up across the board. One reason for the multiple hacks happening at the moment is largely due to a recent trend in distributed denial of service trojans being placed.

DoS attacks are the attacks that most companies fear as it can cripple their internet connectivity and the defenses to it are expensive and normally result in at least some interuption of service however good your team is. One easy defense in the past was to trace the offending IPA and get the ISP to shut it down. With distributed attacks using loads and loads of PC's world wide this is not a defense. The increase in port canning that everyone is picking up is probably a pre programmed bot doing some trawling for hosts.

I am not saying it isn't script kiddies having a play and learn session, I even wouldn't rule out the more sinister fraud hacks but the actual evidence shows this to be rare. Most internet fraud is aimed at banks and the ilk not us little people. I can't really add any more than the excellent guide by ChrisB. First class, if you need anything else to complete this give me a shout and I will get a techie to call you, FoC of course. I also recommend Zone Labs. Easy and free to home users.

I had a chat with our "hard core" techie in our NOC(we only let him see daylight once a month, he is the first nocturnal human I swear!!!) He reckons that the basic port scan is normally aimed via a sweep of a set ISP i.e. BT. I would be interested in any further attempts are linked to a particular ISP. Some are excellent, others well...... Let me know via this thread or e-mail if you get scanned and let know your ISP.

On a final point about checking the logs, yes you should do this but often shutting down the PC when you log off will purge them. Check before you do, given the obvious quality of the members of this board, if you have any strange results just post em here and I'm sure we can work em out.

PS We are always looking for top end people on this subject, too mouths talking and not enough of em have brains to go with em at the moment. We are based in the M4/M3 area near Bracknell. If are interested drop me a line!!!! If you are a scooby owner it's as good as a personal reference in my book.

G

 

<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:<HR>Originally posted by Tom Evans:
<B>Cheers for the replies.

Is it quite easy to get credit card details from the computer then, as I use the internet a lot for buying CDS?

Think I better get that firewall. Any disadvantages of using a firewall?

Cheers,
Tom[/quote]

Tom

Whether someone could get your credit card number (which was just an example BTW - not trying to scare you) really depends on whether you store that kind of info on your PC.

You may have seen the recent attack on the Which? Magazine's group website. Which? commited the mortal security sin of keeping their customer's credit card details on the same server as their website. Therefore, once the hackers got through the website security (or lack of it), they were able to access the database behind the website and download the credit card details. Bad idea that. Hackers will always go for easy targets - it's less effort!!

As regards downsides to running a firewall. I doubt you would see any reduction in performance. The only thing you will see with programs like ZoneAlarm is that it will ask you each time a program wishes to access the Internet from your PC. If you're happy that this is legitimate (i.e. your anti-virus software downloading an update), then just click on the 'always allow' option and this will be added to the rules base and won't ask you each time. You'll soon figure it out. Any problems - just post them up or ask ZoneAlarm themeselves.

Chris