| Author | Message | ||
     Mikej |
 Why not start a new thread on the virus assaults, seems to be one of the current hot topics. How can you backtrack a spammer? How can you counter-attack a spammer? How can you trace a virus source? How can you best protect yourself from attacks or email floods? What software do you like? Note: I did not ask which package is best, I know better than that.  How formidable are various firewall systems? Has anyone ever caught a spammer or hacker*** or virus author in the act? *** By "Hacker" I mean the bad types, not the good types. Just some questions to get things started, not necessarily asking for myself. The 6th of the month virus sounds nasty. Had a worm-virus on a friend's computer, installed a firewall system with virus protection and found several programs trying to access the web. Currently going thru a clean&check to see what is proper and what is rogue on that computer. I agree with many that virus authors are the current scourge of the earth. But I somehow wouldn't mind a counter-attack virus to go after the primary hosting sites of viruii and spammers. A couple of years ago I tripped over a middle-eastern web site, and after running the text from the page thru an online translater I found it to be a training site for spam writers educating them on how to avoid detection and tracking. Wish I still had that address (all numerical address found indirectly somehow) as I would pass it on to some shall we say less than pleasant individuals. That's probably about enough of that for now. Good day. | ||
| Blacksix |
Check this site out for GREAT info on hackers and what not. This guy is on the ball. Gibson Research For a look at how he operates..check out the article he wrote about Denial of Service attacks. Wicked | ||
| Raymaines |
This only show my ignorance I suppose but....... "By "Hacker" I mean the bad types, not the good types" I'm not so sure there is a "good" Hacker. What useful and legal purpose could a "good" hacker serve? A virus writer is a terrorist, plain and simple, and deserves the worst sort of mistreatment. People that work hard to do specific harm to innocent people for no other reason than to revel in the resulting suffering are the lowest form of deviants and should be forced to ride Honda motor scooters for the rest of their natural lives. I suppose, though, if there were hackers that could somehow do damage to virus writers I’d be all for them. | ||
| Blacksix |
Denial of Service is when a hacker(bad) sends out script bots across the internet with the sole intention of nuking a web server (Yahoo, last year, for example)and closing it down. Guys like Gibson(good hacker)track these guys down and spy on their "secure" hacker communications. They can either turn them over to the FBI...which Gibson doesn't for the most part...or grab the "scripts" as they leave the hackers computers, break them down and figure out how to stop future attacks, which Gibson does. In some of his articles, he discusses how he intercepts scripts and neuters them before sending them back out. That way the hackers never really know why the script took so long to depart and have no idea as to why it doesn't work. He's good at it. Read his stuff. He recommends some good software as well. | ||
| Mikej |
Ray, If you've ever tried to get into a web site like, oh, let's say http://www.careerjournal.com/columnists/balancedlife/20020409-balancedlife.html , and then got curious and clicked on the address window of your browser and backspaced to http://www.careerjournal.com/columnists/ , then you are functionally a "hacker" because you got there unofficially. This is the method I used to get into that spam-central site I mentioned above, just followed the email address site until I found the source (junior league amateur stuff compared to the real pros). If I can't get there fairly clean I don't go there. Other's, like the guy mentioned in the link, know all sorts of other ways to track (they're the Bloodhounds of the internet). Information is just information, how you use it determines what side of the fence you play on. Just my myopic opinion on things. ===== Oh, one more thing, With the expansion of hard-wired internet connections and people leaving their PC's on 24/7 and linked in, expect to see many new ways that the "bad" hackers and viruii attackers use to appear. As Blake and other have mentioned, use a firewall and updated virus detection software as a bare minimum. | ||
| Blake |
Good advice Mike! A good firewall is just as important these days as a current anti virus program. Leaving a PC on and web connected 24/7 is like pleading for a hacker to infiltrate your computer. Install a coax (cable) switch so you can physically disconnect from the internet and/or put your computer in a secure standby mode, don't leave it just sitting there connected! I like my laptop with dial up conection. I just unplug the wire from the modem. I'd like to see a hacker try to beat that security measure.  | ||
| Aaron |
You're paranoid. | ||
| Mikej |
Paranoia is using a radar detector.  Using a software firewall is called security.  MikeJ (This reminds me, I should go rent Conspiracy Theory again. Maybe I'll get The Great Escape again too, maybe he'll clear the fence this time....) | ||
| Dust_Storm |
Just as a heads up to those out there, don't let yourself be fooled into thinking you need more protection that you actually do... 1.) If you are on a dialup account of any kind (this also includesthe PPoE DSL circuts) A firewall for you is a waste of time and money. Everytime you log in, you assigned a new IP, thus making ip related virusesnearly useless on you.. also, people can't "hack" an assigned number 2.) Don't think that the "free" firewall services will protect you. The only thing worse than no firewall is the over whelming confidence you have from an improperly setup firewall. I've seen more people set themselves up for failure becuase they thought they were protecting themselve, when in all actuallity they have started more services, opened more ports, and generally got everything bass ackwards... 3.) Email and it's wonderful services... The best rule for this one is common sense. If you use Outlook (and just about everyone in corp America does..) TURN OFF VB SCRIPTING. It's not a necessary feature, and most casual users will not use it, or macros for that matter. Microsoft and it's infinate wisdom enables both VB scripting and the OCX controls for ActiveX components. Almost 85% of all worm viruses out there are written in VB code. The days of malicious Pascal and Asemmbly have past. just use yourhead, if you open your email and see "I love you" from a guy, wouldn't you question it? Or how about the inevitable "You gotta Check this OUT!", could they make the big red button anymore tempting? I think not.. Moral of the story, do not open attachments that you have not specificly requested, question everything, and enable the full extension path settings for Outlook or you email program of choice.. without the last, the file AnnaK.JPG would look like AnnaK.JPG.SHS, which would be something a cautious user would question. The age old addage applies: If it sounds too good to be true, it is... 4.) The Good Hacker - Anyone with a fair knowledge of computer systems can be considered a hacker, unfortunately, most of these people have been replaced by people that download ready made scripts and unleash them without full understanding how the programs/scripts actually work. A good example of a "good" hacker would be anyone in the Linux community that posts warnings about possible security holes with software releases. These people are responsible for maintaining what little handle we actually have on security for *nix systems. Cheers to them and they're hard work! How safe is your computer? Follow simple steps to maintain it, and you'll be fine: -Maintain a current definition for you virus software.. downloaded freely from your provider -Do not run more services than are necessary, eg, Win98 users, don't install web hosting clients unless you want to run a website from that computer, WinNT.X Users, Win2K users and WinXP users, disable the ports you don't need (FTP, Telnet, Email Server, etc) and make sure to disable any "Guest" accounts, they are not needed, and most hacking software is designed to use these defaults, without them, they're useless... -Install the security updates from the Microsoft download site, freely avaible -Resist the urge to load "knick-knacks" on your system (Eg, Comet Curser, Download accelerators, etc) While some do function at a higher speed and offer some resumability, these programs also open more ports on your machine, and may install call back protocols on it (hence the damn pop flurry, and other nasty problems...) The ends don't always justify the means.. -Don't submit your email address to everyone, be selective. if you have to have a public account for "crap" email, set one up on a free interent provider such as Hotmail, that way the spam will go there, not to you... -Don't install software that "cracks" or "patches" demo software to full versions, many contain viruses, and you run the risk getting caught with pirated software (Yo HO!) -If you use IRC, filetransfer programs (MIM, YIM, AIM, ICQ) etc, place all downloaded files in a separate directory that can be scanned for scripts/virii before they are run/extracted/whatever.. (beware of programs that will "speed up your cable/DSL/ISDN connection, all of them are bunk..) *****And most importantly***** -Use common sense.. if the nagging voice in your head is warning you that this might not be a good idea, listen to it. Chances are it's right... Don't believe all the hype you hear... Chris [Ds] Senior Network Systems Engineer | ||
| Blacksix |
That advice rocks. Good stuff. | ||
| Blake |
DustStorm: Thanks for taking the time to explain the reality of the internet threat environment. One thing that perturbs me about my firewall is that it fails to describe to me, to my satisfaction, what exactly has transpired when it blocks a known malevolent attack. For instance, what exactly has transpired when I get the following notice:
Is this one of the "useless" features of my firewall?  I find it very surprising that you would call a firewall a "waste of time and money", even for a home dial up connection. Besides the security of a trojan blocking function, a good firewall also protects privacy. Mine is set to ask me if I want to block cookies from the sites I visit, the same goes for Java and ActiveX controls. Is that really all a bunch of extraneous silly paranoia? | ||
| S2no1 |
Blake, The option to block cookies and Java is now in most of the browsers options. The real problem is we want to have our cake and eat it to. We love all of the graphics, animation etc. But we don't realize that this does three things. Eats bandwidth. Opens us to infections Distracts from the information. Arvel  | ||
| Blake |
The browsers don't provide cookie memory wrt to specific sites. They either allow all cookies, block all cookies, or ask you if you want to block every cookie. That's a huge pain in the arse. My firewall remembers the site to which I want to block cookies as well as those I wish to allow transmission of cookies. Same goes for ActiveX and Java... I'm still curious how protection against a trojan attack is a "worthless" bit of security. | ||
| S2no1 |
Blake, IE 6 does allow you to list sites and how you want to manage their cookies. I suppose a IT could make a list and then install that on all of the machines, it is however labor intensive. At my last employer we had a T1 with a full server, really state of the art system and full (not sure what kind) firewall at both the corporate and the satelite office. Guess what? Someone hacked our IP behind the firewall to send SPAM. One of our clients firewalls automatically shut off e-mail from our corporate IP because of the SPAM. We spent a full day days trying to get them a set of drawings by e-mail. Ended up using FED-X or some such. Eventually I want something similar here to let my clients access construction material test results in almost real time. It will save me thousands in publising the test results snail mail, provided I can get those dumb contractors to use the internet for more than surfing. Arvel | ||
| Blake |
Cool. Since IE 6 hasn't been out long enough to pass my "let the public debug it first" philosophy, I haven't upgraded yet. | ||
| Dust_Storm |
Blake, to understand what your firewall is telling you, you have to know how Trojans work. For a trojan to work successfully, it must be installed on the host computer, and configured (which they do themselves most of the time, remember my comment on Windows defaults?) at which point a remote computer can access the program (trojan) through the port that it is assigned on. If it's not installed ( or installed correctly, but a firewall is in place to prevent inbound/outbound traffic) it is useless. The best example on the market of a Trojan, is Symantic's PC Anywhere. Believe it or not, that couple hundred dollar program is nothing more than a trojan that allows an operator to control a system from another computer. Soooo, what does that mean to you in firewall speak? Here's a breakdown.. Date: 4/9/2002 Time: 14:40:43 -This is the date and time a "finger" has touched your system, something is saying "HI!" Rule "Default Block DeepThroat Trojan" blocked (67.203.90.89,60000). Details: -This is your firewall saying, "What are you doing, and what do you want?" The intruder (in this case, the IP of the machine is 67.203.90.89) responds "Ummm, I'm justing looking to see if XXXX port is open so I can go in now". The Firewall, being setup to understand that port XXXX is also the port used for [DeepThroat Trojan] says "Whoooooooooaaaa, there partner, that port (in this case 60000) ain't avalible to you, and you ain't gettin in here.." Inbound TCP connection Local address,service is (xx.xx.xx.xx,60000) -Your firewall saying your IP on port 60000 is unavailible to anyone Remote address,service is (147.208.171.140,4651) -intruder says, "darnit, run alternate path and port... (147.208.171.140 on port 4651) and let's see if the trojan is even there" Process name is "N/A" -Firewall says "hmmm.. something happened, looking for some process I don't have, and I don't know what it was called, we'll just say it's NOT AVAILIBLE" Did that make sense? I hope so... It's not that I think firewalls are useless. I think they can be very effective when setup properly and used for the right reasons.. For the casual home users, though, I question the full level of intregity needed on the system. If you have a dialup connection, a firewall is useless (now go ahead and toss that trojan monkey at me..), the thing with trojans are that it only works if it's installed. Any level 1 anitvirus software that is properly updated will catch it, so now you are running 2 applications, wasting system ram, slowing your machine down(performance hit), etc just so you can "feel" protected. What a buncha horse pucky! A lot of software firewalls also include various other goodies ( Cookie managers, ad blockers, popup killers etc..), these still have to be taught, and the effectiveness is less than adequate in my opinion. YMMV. Do I use a firewall? On my home system(s), the roadrunner connection is fed into a standard Cisco 2524 router, and then off to my fileserver which is running a proxie. I could hide my neighborhood behind the setup, but it doesn't do me a bit of good if I don't follow my own advice posted above. Keep in mind my setup at home is a bit extreme (some small businesses don't have hardware anywhere near like that) but it's what's availible to me, my "spares" if you will. Don't do me a bit of good when it comes to wrenchin' though... Anyone here who wants a decent firewall(hardware, not that junk software crap) can pickup a simple Linksys Router for around 50$. Properly setup, (which ain't hard) nothing is getting or out of it unless you tell it too.. Of course though, I won't be the first to admit that these are only MY OPINIONS on the subject, and I don't do things the way that other netadmins do. We're all just like mechanics, we do things differently and have our own special tricks up our sleeves, but the end result is always the same. I works, or I don't.... [Ds] | ||
| Blake |
Not quite. I'm still trying to relate the above explanation to your original opening comment. So then a firewall is not worthless? If I had not had the firewall running would I not have been vulnerable to trojan attack? | ||
| Dust_Storm |
Ack! Read the edit! Darn this beer!... [Ds] | ||
| Dust_Storm |
How trojans can get on your system (or better known as, Blake plays this game (*.exe file) he got in his email..) Blake is running his system in blissful peace, happily surfing the various AMA sites and auction sites in hopes of finding cheap racing gear (ain't we all!). Oh no, whats this! We have a cute little letter showup on his browser window, and that can only mean one thing - Email! In reckless abandoment, Blake minimizes his browser and pops open Outlook 2000 (he passed up on the Office XP upgrade to buy his rearsets..) and low and behold, there it is, a heap of 1's and 0's that form a cryptic message: Hey dude, you gota check this game out, had me laffing for houres! -Court And on it ( oh joy of joys) is the very file on an attachment called "I_go_Boom.exe" Now, Blake says to himself, "Self, this message is from Court, a dear and trusted friend that will do absolutely no damamge to any of my equipment, and besides, I'm trying to nudge off a few goodies from him, so lets fire it up!" Blakes grabs the mouse and positions it over the file to open it... and stops! He remembers reading a post from Ds about home security and internet settings, but says to himself, "Self, I read all those things, and frankley I didn't understand a word of it! But, I remember that I have a firewall (insert healthy grin) and I'm on a dialup account (them pearly whites are blinding us now..) so I'm safe!" And clicks it! The game sucks, and with it, Blake tosses it into the mass electron recycler, the Recycle Bin and continues on his merry way... Blake now has a trojan installed on his system... Things that should have clued Blake in: 1.) Court is a great guy, with a fabulous vocabulary and outstanding spell checker. Why is his message so goofy? 2.) Court likes to talk, but his message was really short, it just basically said, run this file, and nothing more... 3.) Blake didn't setup his Outlook to automatically scan attachements for virus, if he had and it was updated, the file would have not be downloaded or been quarentined on filetransfer 4.) Blake was living under the false pretense that his firewall could stop the trojan from getting there, but it got through anyway... Things that could happen now.... -If blakes Firewall is setup properly, he will still have the trojan on his system, it just can't get out.. -If Blakes Firewall is setup improperly, he might as well not have in on, becuase the next time he logs into the internet, a server that is designed to look for computers with port 123456789 open will promptly launch the trojan remotely on his system, run his email, and send itself to everyone on his contact list... thus propegating itself further... And poor Blake has to take a ribbing from everyone as their systems get chewed up from him... (On the lighter side, though, as soon as Blake figures out what happened [and he's a smart cookie that Blake..] he promptly gets on the phone and harrasses poor Court until the goodies are his - and thensome!) But that's another story.....   [Ds] | ||
| Blake |
I think I understand. You are saying that my anti-virus app should protect me from ever having a trojan installed on my PC? But if it didn't, I would be vulnerable? I appreciate and agree with your expert analysis of online risks wrt user responsibility and firewall apps. However, you seem to suggest that a cheap firewall app is silliness while running your own home system behind a full blown proxie. Rather than a cheap software app, you would rather lug around a completely separate router? When I finally upgrade to cable, will my firewall app then be important to my system security and privacy? I'll tell you the instigating reason behind my decision to install a firewall app... My uncle, a longtime EE/DSP spookster (could NEVER tell me what he was working on) has two computers at home. One for his home office computing needs and one for email and internet access. He was adamant about running a firewall app and seemed to know what he was talking about. He gave me the strong feeling that there are SIGNIFICANT levels of malevolent internet goings on and that a person would be utterly foolish to leave their computer unprotected. I'm certain that this man knows stuff that you and I could never even guess is a reality. I appreciate your comments, but I want to play it safe. For the cost of an extra bit or RAM the firewall app runs totally transparently in the background of most any new computer. Mine only uses 6MB or so I think. One more question... What about all the open ports and vulnerabilities wrt privacy? What kind of beer? I'm all out. Doing the wine thing this evening. Cheers! <ting> | ||
| Jocklandjohn |
Sandstorm - What about us poor Mac using Buellers with our very prettily coloured boxes - have we got similar levels of problem re Microsoft browsers and email? Haven't heard anyone mention any antivirus or firewall apps for Macs - whats the current recommendations from the pros out there........and I still dont understand fully if email virii are cross-platform - ie can a mail virus from Blakes poorly protected setup  (joke!) infect my Mac and then have me propagate it when I mail folks in my address book?? | ||
| Court |
Hey......I (and my Linksys Wireless Router) Resemble that remark!
Yeah?....well, let's see him let me near that M-2  | ||
| Dust_Storm |
Man you guys are a riot... The beer of the evening was: Guiness! And my heads thanking me for it today.. Macs are a whollllllllllllle 'nother story. Bcause of the way a macintosh is designed, it is significatnly less susseptible to being hacked. There are virii out there for mac's but they are few and far between. If you want to protect yourself on a mac, pickup one of those linksys routers, they're cheap and easy, and can be used cross platform (eg, Win, Mac, *nix) because of the hardware. There are software firewalls out there for Macs, but they are horrendously expensive, and unless you are using your Mac as a full blown server (Mac servers exsist on this plane?), I couldn't really recommend one. Blake, I warned ya, my system ain't small, and it sure ain't portable. With a total head count in the house, I have: 4 terminal computers, 1 fileserver/printserver, one dedicated machine for Audio applications, and one computer dedicated for Gaming. There's a laptop or two, but they aren't always connected. And I'm only paying for 1 roadrunner connection.. do you see why now? Software firewalls (IMHO) are good quickfixes for people that are really moving around alot, but I've never seen someone use a laptop as they're main system, that's just silly, so I question the usefulness and money spent. That's why I can't justify them, especially since the hardware options are getting smaller and cheaper. I'll be back to cover this later, got to go to work now... (oi...) [Ds] | ||
| Mikej |
"but I've never seen someone use a laptop as they're main system, that's just silly," Hmmm, I see this all the time, and have been seeing it for about 6 years now where certain people/groups only have a laptop. They have company business, personal business, tax files, and even their home recipies for home brew beer (since someone mentioned beer above) and their golf score logs kept on it. Not smart by any means, definitely silly as Ds mentioned, but still I see it on a daily basis as I have been seeing it done for many/several years. Anyway, if I were thinking of a cable or Roadrunner line into the house, and planning on running two or more occaisionally computers (one always on, password protected, remote access to files), would the linksys router be the way to go? Or is that not something you could leave running unattended while away for 2-3 weeks at a time? Just looking ahead a few years and getting my ducks lined up now. MikeJ (Glad this thread got going.) | ||
| Bluzm2 |
Mike, We use HUNDREDS of the LinkSys's here at work. Every VPN connection for work has one. DSL or cable. Every install (friends,family, co-workers, etc.)I have helped on has a router of some sort. LinkSys, D-Link, Net Gear, what ever. Most of them run in "stealth" mode meaning they are there but do not answer pings, fingers, etc. Depending on the type of install, they go in out of the box or with minor tweeking. If you have any question about script kiddies trying to get you, just remove the router and fire up Zone Alarm. It's amazing how many times per day you get hammered. Everything from ftp attempts, telnet, port scans, http (port 80) you name it. The problem is much worse with DSL or cable but I have seen it on dial as well. Dust is correct regarding the trojan problem. But... a simple "fire wall" program like Zone Alarm can sometimes help. Depending what type of trojan has been activated. They won't do much for email types like he mentioned as the email program already has "permission" from the FW software to access the internet. But other types can trip the FW when they attempt to go back to the net. Zone Alarm uses a popup when a new ap trys to access the internet. Each FW software works a bit differently. A very interesting description of a trojan attack method is outlined on the www.grc.com page. Here's a link to a .pdf with the whole store. A long read but very interesting.. http://grc.com/files/grcdos.pdf I know I have opened a can of worms here but I've done a ton of these type things, I wouldn't even think of installing a broadband connection with out a hardware router and some sort of "firewall". YMMV Brad | ||
| Blake |
 So I should spend $5K on a killer laptop and software, but not use it as my primary computer? Uh, why is it silly to do so? I do keep an external HD for backups. Having experienced the desktop scene I will NEVER own another. With a 15" screen capable of 1400x1050 pixels, a 20GB hard drive, and all the ports and peripherals I could ever want, plus the ability to take the office wherever I wish, a loptop is the ONLY way to go. Plus it comes with it's own UPS. Sounds to me DS, like your harsh statements are strongly biased towards the subjective, and are a bit off the cuff. That kind of advice doesn't serve me too well, cause it's just too "silly." | ||
| Davegess |
Tonight while i have been online my firewall has reprot that this IP address (64.154.145.86)has attempted somthing like 10 different ports on my machin over 10 minutes. I tried a whois search but it comes up blank. (Don't be curious and try to visit this site, bad things could happen.) I have an SBS DSL line. What seems to happenis whn I first log on I get very few pings but the longer I am on the more I get. I suspect that the early ones are my ISP checking on activity on the line but the longer the ip address is active the more people seaching the net for open ports come across it. I have been leaving the connection up since I installed Zone Alarm but perhaps that is a bad idea. DAve | ||
| Bluzm2 |
Dave, That's what Zone Alarm is for! Works pretty good and the price is right. Free is good! Do you have a router? What type of DSL are you running? Is it PPPOE? If so is it modem based or PC based? Sorry for all the questions, but I try to keep up on what ISP's around the country are doing. We have sales folks all over the place with DSL/Cable VPN connections. I usually have to deal with most of the major ISP's at one time or another. Brad | ||
| Davegess |
Bluz, I must say I have no idea! There is a box on the floor mext to the computer and it says Westell Wirespeed. Don't know if it is a router or a modem type device. Phone company installed it and set it up. Don't even know what the different things you asked mean!!! Dave | ||
| Dust_Storm |
Blake, that's why I said it was my opinion. I have a laptop(now bordering on dinosaur), and I use it mostly for router programming, but I really don't like the things. It's a personal thing. I realise that a lot of people are using laptops as home systems, most of these are company provided (not really intended to be used as a personal home machine) as Mike pointed out. There are people that spend lots of money on them, in excess of $5,000 as you said. I can't justify spending that much money on a machine, as I can easily spend $5,000 dollars on a desktop that will blow the doors off anything a laptop can do, at half the cost. You'll have to forgive me, I've always sided with robust desktop systems, thinking laptops to be more of a burden than a blessing.. To give you another perspective on this, a fellow coworker is completely enamored with software firewalls. He swears by them, and has 3 running at any given time. His favorites are BlackIce Defender (wonderful when setup properly), AtGuard v3.24 ( nolonger in production, was purchased by Symantec..) and the AntiTrojan Suite (outstanding piece of software, and very inexpensive). With the combination of all 3, his system is a literal brick wall, nothing goes in or out without triggering something. He spent a great deal of time teaching the programs what to do, and I was very impressed by it. I had to use an old standby program he never knew about that bypasses firewalls to get even a glance at his hardware (which sent him off into the corner to reconfigure everything...). When setup properly they work great, I just like hardware solutions, they are easier (for me anyway) to maintain and support. And in my business, if it's easier for me to fix, that means I get home before 2100 (that's a GOOD thing...). Dave: A PPoE connection means you will have to provide a login and password to join the network, and your IP will be assigned to you when you join. Down here, the major carrier is SWBell, so if you were on "residential" DSL, you would have software that would make you type JoeUser@sbcglobal.net as your login, and insert your password behind it. Once you get out of residentail services, you can have things like ADSL, SDSL, in germany TDSL, etc, they are all different kinds, some are faster, and cost more. Brad, if you deal with the major ISP's, I probably run over your tracks once or twice. Where are you located at? Man this world is small... [Ds] |
