ScoobyNet.com - Subaru Enthusiast Forum

ScoobyNet.com - Subaru Enthusiast Forum (https://www.scoobynet.com/)
-   Non Scooby Related (https://www.scoobynet.com/non-scooby-related-4/)
-   -   Computer security expert please !!! (https://www.scoobynet.com/non-scooby-related-4/16060-computer-security-expert-please.html)

whizzer 04 November 2000 11:21 PM
Who's a computer security expert here ?

I just got hacked yesterday when online using a free ISP . I use Zonealarm and have it set at high at all times .

So picture this , I'm downloading a file but not watching my computer but watching the news . I turn around and notice the little red lights in Zonealarm are flashing constantly ! Alarm bells ring and I shutdown my connection asap .

Only problem is I've just had 2.4MB of my hard disk uploaded to some punks HD ! I
traced the IP address and it originates from the servers of the free ISP I have just been using !

What I want to know is how the heck somebody can get around Zonealarm and download 2.4 MB of my HD ! Zonealarm even had the dialog box pop up saying someone had tried to access my netbios but that zonelarm had prevented this .

Can somebody explain how the heck I can lose 2.4mb of disk when behind a firewall set to maximum protection ? I even have a port scanner and check regularly for open ports on my computer .

I've already contacted the ISP , I'm awaiting
a responce .

Sith 04 November 2000 11:49 PM

Whizzer,

Just read the post about the games and CD link. Could you have picked up a malicious cookie or something.

Before he arrives, I am not talking about you Mr Cookie. http://bbs.scoobynet.co.uk/biggrin.gif http://bbs.scoobynet.co.uk/biggrin.gif

P.


whizzer 05 November 2000 08:37 AM
I have cookies turned off and block them with a special app . I've even scanned my entire HD for viruses and trojans , no luck .

Chris L 05 November 2000 09:36 AM
Whizzer

From what Sith has said, the most likely cause is an attack that has effectively been launched from inside your PC (i.e. the protected and hence trusted side of your firewall). Some trojan apps hide themselves very well and can be nearly impossible to detect.

If you take the recent Microsoft break in, they reckon the most likely way that the hackers got in was via a Microsoft empolyees home PC using an email based trojan virus (they used the QAZ Trojan virus). Now bearing in mind that Microsoft has spent countless millions on security and someone still managed to negate all of this and remain undetected for anything upto 6 weeks (depending on which report you read), you have to assume that there are ways around most forms of security.

If you look at the marketing stuff put out for firewalls and security products, none of them will say anything like 'guaranteed 100% secure' or 'product x will stop all hacking attempts' - simply because it is untrue, there is no such thing as 100% secure.

It will be interesting to see what your ISP says. From what you have described, you have more security programs running on your PC than the vast majority of people, so you have been aware of an attack on your machine (whereas most people exist in blissful ignorance!). It is very difficult to suggest ways to stop this in the future.

I wish I could offer some positive comments. I would be interested in your cookie blocking program though - mail me offline with the details.

Cheers

Chris

Mr.Cookie 05 November 2000 11:20 AM
Eh im famous

I used to use blackice as a fire wall but like you got attacked <B>lots</B> of time although none where succesful to my knowledge, and like you several of mine originated from my own isp (ntl) in the end and being a mere chef i decided ignorance is bliss, although if i do go cable modem things will have to change.

Simon
Ps are you not fairly safe if you have a non static ip

mattski 06 November 2000 08:12 PM
why not go and buy a cheap 486, stick
linux or free/openBSD on it and IPCHAINS
and hey presto...proper unix firewall.

Chris L 06 November 2000 09:45 PM
Here's another worrying statistic for you:

On average, each new xDSL subscriber will experience, on average, 3 hacking attempts within the first 48 hours of connecting.

Just in case you didn't think it was worth investing in some additional security...

Chris

mattski 06 November 2000 10:28 PM
the people to worry about are 'script kiddies' who nick scripts and generally try to do damage.

I know some pretty heavy unix peeps (one who wrote the software that can crack/copy DVDs) and they are responsible people. They do what they do for a challenge, not damage.

The fact that people use windows doesn't help matters, it's awful and people trust it with all sorts of stuff!



[This message has been edited by mattski (edited 06 November 2000).]

whizzer 07 November 2000 07:28 AM
strangely enough I'm I'm buying a 2nd had reconditioned compaq pent pro for 150 quid for pure internet access .

Then I'm keeping my regular PC unconnected to the net . I've learnt my lesson even with all the security I used , I just feel sorry for all new net users who hav'nt got a clue for what they could be in for !

(still no word from my free isp , wont be using them in a hurry)

Peter Ford 07 November 2000 11:43 AM
You could buy a mac. Not many people have them as home computers, so hackers tend to focus on PCs rather than macs.

DavidRB 07 November 2000 01:23 PM
Sounds like something at your end, but some firewalls are not as secure as they claim.

Some light reading....

Bugsie1 08 November 2000 05:25 AM
if you have DSL/Cable make sure you don't have File and Print Sharing enabled in Win98 (or if you have NT/2000 unbind it from your NIC/modem)
Also don't run IIS/FTP/Web or that kind of thing if you don't need to, if you do make sure you keep Service Packs up to date and run hotfixes.

Check out

Chris L 08 November 2000 08:09 AM
David

Nice websites - like the Robert Graham one a lot.

Cheers

Chris


All times are GMT +1. The time now is 05:02 AM.


© 2024 MH Sub I, LLC dba Internet Brands