Beware of Hacker and Cracker Attacks!

Vanity ^ | 8/23/2002 | Myself

[ex-Texan]

Beware of Hacker and Cracker Attacks!

I just logged onto Free Republic and my firewall program has been going crazy. Some nut job hacker is trying to break into my computer. Ten times in the last five minutes:

Someone from 195.134.39.66, port 4622 wants to connect to port 135 owned by 'SYSTEM' on your computer.

Be careful my FR friends. People are lurking and hacking.

[LasVegasMac]

But go ahead and start up telnetd so "we can get root".>/i>

ALL YOUR ROOT ARE BELONG TO US!

LVM

[Joe Bonforte]

Meaya Popup Ad Filter. I've used it for about six months with zero problems and zero unwanted pop-up ads.

But... It's not free. (There's a trial version.) If you want something free, you might want to try Google's new toolbar which includes a pop-up stopper. Go to the Google main page (www.google.com) for the link.

Be careful when you check the installation options that you don't give them permission to monitor the sites you vist.

[ex-Texan]

Yeah. During the last presidential election FR people were lurking and hacking. I had over 300 hack attacks in one day. Most recent attack two minutes ago:

Someone from 207-172-67-240.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com [207.172.67.240], port 3236 wants to connect to port 135 owned by 'SYSTEM' on your computer.

It is not a worm. Very Persistent @$$hole.

[shadowman99]

Try the Mozilla or Mozilla Firebird browsers. They have tabbed browsing, popup blockers, cookie controls, java controls, themes... soooo much going for it that MS Internet Explorer doesn't.

[Dog Gone]

You got any good popup stoppers?

The new Google toolbar works wonders.

[Servant of the Nine]

This is the info on your badboy hacker.

So9

McAfee Visual Trace  Version 3.25 Results
Target: 195.134.39.66
Date: 8/23/2003 (Saturday), 03:35:52 PM
Nodes: 17


Node Data
Node Net Reg IP Address      Location            Node Name
  17   1   1 195.134.39.66   OSLO                kunde1589.alfanett.no


Packet Data
Node High Low  Avg  Tot  Lost
  17  180  154  163    3    0


Network Data
Network id#: 1
  This is the RIPE Whois server.
  The objects are in RPSL format.
 
  Rights restricted by copyright.
  See http://www.ripe.net/ripencc/pub-services/db/copyright.html

inetnum:      195.134.32.0 - 195.134.39.255
netname:      NO-EAB-CABLE-TV-1
descr:        EAB Tele AS
descr:        Borum, Norway
country:      NO
admin-c:      LAN2-RIPE
tech-c:       LAN2-RIPE
status:       ASSIGNED PA
mnt-by:       RIPE-NCC-NONE-MNT
changed:      leifa@sn.no 19970709
changed:      ripe-dbm@ripe.net 19990706
source:       RIPE

route:        195.134.32.0/19
descr:        ALFANETT NORWAY
origin:       AS8394
mnt-by:       AS8394-MNT
changed:      leifa@e.alfanett.no 20001222
source:       RIPE

person:       Leif Arne Neset
address:      ALFANETT AS
address:      Postboks 8
address:      N-1306 Barum postterminal
address:      Norway
phone:        +47 67 80 62 38
fax-no:       +47 67 80 62 10
e-mail:       leifa@e.alfanett.no
nic-hdl:      LAN2-RIPE
changed:      leifa@sn.no 19971010
changed:      Bjorn.Myrstad@runit.sintef.no 19980407
changed:      Bjorn.Myrstad@runit.sintef.no 19980720
changed:      leifa@e.alfanett.no 19990422
changed:      leifa@e.alfanett.no 19990428
changed:      hostmaster@uninett.no 20000629
changed:      leifa@e.alfanett.no 20001220


Registrant Data
Registrant id#: 1
  Kopibeskyttet, se http://www.norid.no/whois/kopirett.html
  Rights restricted by copyright. See http://www.norid.no/whois/kopirett_eng.html

Domain Information

Domain Name................: alfanett.no
Organization Handle........: ETA9O-NORID
Registrar Handle...........: REG1-NORID
Legal-c Handle.............: LAN2P-NORID
Tech-c Handle..............: LAN2P-NORID
Zone-c Handle..............: LAN2P-NORID
Bill-c Handle..............:
Nameserver Handle..........: DHCP1H-NORID
Nameserver Handle..........: NS512H-NORID

Additional information:
Created:         1999-11-15
Last updated:    1999-12-09

NORID Handle...............: ETA9O-NORID
Organization Name..........: EAB Tele AS (alfanett)
Organization Number........: 0
Post Address...............: Postboks 13
Postal Code................: N-1306
Postal Area................: Barum
Country....................: Norway
Phone Number...............: +47 67 80 62 38
Fax Number.................: +47 67 80 62 10
_____
Visual Trace Copyright ©1997-2001 NeoWorx Inc

[TomServo]

No problems on my LINUX machines ...

And none on my 3 Windows boxes...

[Reeses]

If a hacker posts a tiny image on an FR thread that points to a web server they control they can get a list of active FR users IP addresses as users load the thread. If they had a good virus they could then send it out to wipe out many of our disk drives or other mischief.

[rwfromkansas]

that's it. I am going to probably get that installed today.

I am not a big fan of firewalls, as I can't find near as many files in a Kazaa search quite frankly. But, it is time to get more than just a virus scanner and spyware searcher.

[js1138]

You got any good popup stoppers?

I'm using the google toolbar. It has a built in google search and it blocks popups. It's isn't exactly spyware, but google does keep a record of all the sites visited. Up to you whether that matters. They are very upfront about whjat they are doing.

I'm listening to internet radio right now with no popup adds. usually there's one per song.

[hair22knees]

I find myself using Mozilla Firebird more often than IE. I am probably going to make it my default browser soon.

[JesseHousman]

Thanks for your advice on Zome Alarm. I've just downloaded it.

[Momaw Nadon]

[Liz]

techno-ping

[Publius6961]

My understanding is that if we run a wireless router for Net cable access, and configure the firewall properly, our two computers are "invible" to the net.<p
What I haven't been able to do, though, is test its effectiveness, or track attempts. Any ideas?

[js1138]

The hardware firewall at work died last week and I installed the free version of ZoneAlarm on the server. It takes a while to get it to stop interfering with all the services, but now that the main firewall is back up, I'm leaving it running.

We use a lot of stuff that isn't found on a home computer -- mail server, SQL server, tape backup, remote login -- and all of it works with the free version of ZoneAlarm. All this software is able to access the internet to install automatic updates.

[thoughtomator]

First - if you have Outlook, trash it. Never use it again. Otherwise anything anyone might tell you with regards to machine security will be moot.

May I suggest (assuming you've got a Windows box) using Tiny Personal Firewall? It's free, go to http://www.download.com and search for it. It does wonders for me.

Let it inform you if a program/port combo that you haven't previously approved is being attempted. This way you can approve anything you're working on that requires a resource. Everything else, deny as a rule.

I've got a Win98 box still as my home machine, I rarely if ever update the security, but a simple firewall is all I need to protect myself. Zero problems here. I use the log as an Internet 'weather report' to see what kind of spam traffic is being received by my machine. These days it has been ICMP all the way, thousands and thousands of requests in the past few days. Occasionally there'll be an attempt to see if I'm running a Kazaa server (port 1214) or if I'm dumb enough to be infected with SubSeven (port 27234). Port 135 RPCs do come by occasionally as well as attempts on common named ports and random high-numbered ports.