November 3rd, 2001 08:19 PM
Traceroute, NS Lookup, and Pings=mess with headache
Again, I will again start with admitting I am ignorant with many computer things. Okay, we have that past, I have questions.
In an effort to improve my security, I have Trashscan and IPNetMonitor on my computer. I get the basic ideas of it. Trashscan shows what IPs are being used by people who scan me, and ports they are scanning. I know hackers are scanning for open ports, in order to send trojans, etc. However, I know many times remote computers are used to scan, and I don't know how to track that. I also don't know how to prevent the scanning, or programs being sent to my computer.
I know I can use trace route with IPNetMonitor, but I'm not sure if that will get me the original IP, or what exactly it really does, besides show a lot of IP addresses. Frankly, although I have vague ideas and I know definitions, I don't truly know what ping is, or routes are.
Anyway, what are the best ways to learn about those issues. I am not looking to get into hacking, or such stuff. I would like to be able to prevent scanning and intrusions into my computer, and keep track of who is doing it. Are there any good web pages on this? And explaining how programs like IPNetMonitor can actually help me?
November 5th, 2001 10:08 PM
November 5th, 2001 10:45 PM
well..lets see here...
as is the custom, i don't have a specific webpage that you can view..but...
ok.. how about some definitions of these services on the internet.
Ping: This is useful in seeing if a specific ip has a connection. (i'm assuming you know what an IP is) useful in seeing the connection speed to a point and other things. Just a very simple looking "service"
sometimes you'll get "probes" of other comptuers probing your open port. I"m not exactly sure on all the specifics here, but some can be a malicous cracker/attacker (not hacker) but most are just some sort of program or random scan/probe that is useful for some other internet service and there is nothing to be afraid of.
Another question: why are you so afraid of "intruders" most often, your home computer has really nothing at all thats useful to anyone who is professional. Some little skript kiddie may try to "nuke" your system or DOS it. (denial of service) but there's a few precautions..i'll outline them next. (oh btw, anyone who has been monitoring my posts must realize.i have been reading )
1) if you are using a dail up connection, most likely you have a dynamic ip address. so everytime you dial in, you'll have a different IP. It is possible for a attacker to get a specific ID on your comptuer and then scan a section of IP's for your comptuer, but i dont think the average lil' cracker knows how to do that..besides, there are a lot of ip's
2) see the post above...firewalls firewalls are good. If you are super scared, the best idea is to get both physical and softwarial (is that a word?) firewalls.
a) physical coudl be a router (linksys router i think? is a good one..never worked with these)
b) another computer and make a home network. hook the first one up to the internet and make another LAN connection to connect to the internet with the other one.. True the one with the direct hookup oculd get "damaged" but thats not that important, right? (btw, this setup is sometimes refered to as having a proxy server)
c) update all microsoft Hot Fixes on your comptuer... microsoft left holes in whatevah you are using... then they fix them later... these holes are what krackers use. fix em!
d) software firewalls. such ones as deerfield personal fire wall, tiny fire wall and zone alarm are all good ones. each has specific little options that are better than the other... warning tho, on some microsoft products, too many firewalls will slow your connection. this is only apparent on a dial up connection tho.
ok. more to this post i have a horrible organization scheme. Traceroute "traces" all the nodes (individual computer hops) that the connection will travel. notice that most often the trace wil not originate from your computer but froma central processing traceroute computer. Why? security reasons? i do not know.
traceroute will only trace back to the IP that you put in for a paramater. make sure that it is the malicious connectin IP before you start to "care" about what it says.
a tool that some use is neotrace. This traces them, draws a map and labels all the nodes on the world map and provides information about their ISP and such. This is the miracle tool that some people use to "track each other" i've heard it said that no other program can do something this good. Bull. all it is is tracerout, nslookup, whois and some other commands all built in to one... it is useful, but not worth the money charged for the full version.
another thing to note, is if you do have a dynamic IP, the only way a kraker could get ahold of you is to perhaps contact you via instant messangers. AIM will direct connect computer to computer whne sending pictures and sounds (ver 4.7). msn will direct connect (i think) when talking out loud. ICQ always direct connects. t here is an option there that will disable direct connecting i think. not for sure.
next, this program named IP net monitor sounds like a glorified netstat command. Built in to most microsoft products is a dos command called netstat. (look for tutorioals on how to use this) but anyway, it just shows connections between yoru computer and others. You may have a bunch of conections, most not hostile. If you do believe you ahve a hostile connection, limit down the possible list of ip's this way.
1) close IE or Netscape or whatever you are using.
2) close any download accelarators(those usually make 5 to 10 connections [all of the same ip tho])
3) close down any other things or temporarily disable them... examples would be an autoupdating program. some virus programs are like that.
after all this, you should have either no or one connection left. sorry can't remember for sure, i'm sure someone will respond witht he correct answer if there is one connection, should be the connection with your ISP. the other IP's are possible malicous connections.
whew. i dont' knw oaht else you want to know..feel free to post again