have you been attacked?
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: have you been attacked?

  1. #1
    Senior Member
    Join Date
    Apr 2002
    Posts
    161

    have you been attacked?

    I would like to know if anyone has been the victim of a serious hacking attack on your home computer. I am refering to an attack that couldn't have been stopped by following some basic security measures like having a firewall and AV. What I am trying to get at is that real attacks performed by real pros rarely or never happen to someone's home computer, or maybe I am wrong and experts do target home PC's. What will be the real gain an expert can have attacking a home user?? Do you think home computers are at a big risk of being victims?

    I'll be happy to here everyones insight and opinions on this matter.

    Thanks

  2. #2
    Purveyor of Lather Syini666's Avatar
    Join Date
    Aug 2001
    Posts
    553
    I don't see dialup users as being at risk, because of their limited abilites due to their connection. However, I can see the uses for compromising a broadband home user, to use their machine as a drone in a DDoS attack. That being said, the only real Pros I can see going after home computers would be people like "el8" as a way to try to humiliate and damage the reputation of a computer security professional by attacking them at home. Just my 2 cents...
    You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

  3. #3
    I was attacked by HVLRat about two years ago and to this day I have no idea what the kiddie got. As for real professionals attacking home computers, I do not see that as a common practice when most professionals have bigger and better things to do.

    However, it is common for professionals to get corrupt and steal information as an "inside job." A lot of people in my experience think of external attacks, but rarely think about that most attacks come from the inside. Take the PWA incident of ysteryear. Folks at Intel were using Intel for sending hardware and configured the network to download warez from Senitel. The whole bunch was arrested after a sting operation by the FBI when the ops of Senitel cooperated with the feds. Robin Rothburg, the founder of Pirates With Attitudes did not have to hack from the outside to get what he wanted. He used corrupt professionals.

    Lastly, greed and acceptance are big motivators for attacks by professionals and everyone else down the line. Just my 2c Honestly, it makes it look bad for the real professionals doing a good job.

    albn

  4. #4
    Junior Member
    Join Date
    Dec 2002
    Posts
    3

    Re: have you been attacked?

    Originally posted here by johnnymier
    I would like to know if anyone has been the victim of a serious hacking attack on your home computer. I am refering to an attack that couldn't have been stopped by following some basic security measures like having a firewall and AV. What I am trying to get at is that real attacks performed by real pros rarely or never happen to someone's home computer, or maybe I am wrong and experts do target home PC's. What will be the real gain an expert can have attacking a home user?? Do you think home computers are at a big risk of being victims?

    I'll be happy to here everyones insight and opinions on this matter.

    Thanks
    I agree with 666 in that any zombie that a hacker can recruit is another drone to use in a DoS attack, but also it provides another layer of obscurity to cover his/her tracks when making mischief.

    Aside from keeping your machine safe as a way to support the on-line community in general, remember that there has been some talk of liability for those whom are deemed negligent by leaving their computers open for unscrupulous manipulations.

  5. #5
    Junior Member
    Join Date
    Oct 2002
    Posts
    20
    I have been under attack from a cracker since Dec. So far I have not been able to stop him/her
    below is a sample of todays attempts to gain access to my computer . If anyone has any idea of how to stop this attack please let me know..........

    Event Date Source IP Target Port Event Note*
    1/22/2003 8:03:14 PM 199.181.135.149 1955 D The ‘D’ at the end indicates a
    1/22/2003 7:34:41 PM 199.181.135.149 1550 D blocked IP address
    1/22/2003 7:34:20 PM 199.181.135.149 1543 D
    1/22/2003 7:24:18 PM 199.181.135.149 1196 D
    1/22/2003 7:14:37 PM 199.181.135.149 1192 D
    1/22/2003 7:14:14 PM 199.181.135.149 1189 D
    1/22/2003 7:04:12 PM 199.181.135.149 1185 D
    1/22/2003 6:54:31 PM 199.181.135.149 1181 D
    1/22/2003 6:54:10 PM 199.181.135.149 1178 D
    1/22/2003 6:44:07 PM 199.181.135.149 1174 D
    1/22/2003 6:34:25 PM 199.181.135.149 1170 D
    1/22/2003 6:34:04 PM 199.181.135.149 1167 D
    1/22/2003 6:24:01 PM 199.181.135.149 1163 D
    1/22/2003 6:14:20 PM 199.181.135.149 1159 D
    1/22/2003 6:13:58 PM 199.181.135.149 1156 D
    1/22/2003 6:03:55 PM 199.181.135.149 1152 D
    1/22/2003 5:54:15 PM 199.181.135.149 1148 D
    1/22/2003 5:53:54 PM 199.181.135.149 1145 D
    1/22/2003 5:43:51 PM 199.181.135.149 1141 D
    1/22/2003 5:34:09 PM 199.181.135.149 1137 D
    1/22/2003 5:33:48 PM 199.181.135.149 1134 D
    1/22/2003 5:23:45 PM 199.181.135.149 1130 D
    1/22/2003 5:14:03 PM 199.181.135.149 1126 D
    1/22/2003 5:13:42 PM 199.181.135.149 1123 D
    1/22/2003 5:03:40 PM 199.181.135.149 1119 D
    1/22/2003 4:53:59 PM 199.181.135.149 1115 D
    1/22/2003 4:53:38 PM 199.181.135.149 1112 D
    1/22/2003 4:43:56 PM 199.181.135.149 1108 D
    1/22/2003 4:43:35 PM 199.181.135.149 1105 D
    1/22/2003 4:33:32 PM 199.181.135.149 1101 D
    1/22/2003 4:23:51 PM 199.181.135.149 1097 D
    1/22/2003 4:23:29 PM 199.181.135.149 1094 D
    1/22/2003 4:13:26 PM 199.181.135.149 1090 D
    1/22/2003 4:03:44 PM 199.181.135.149 1086 D
    1/22/2003 4:03:23 PM 199.181.135.149 1083 D
    1/22/2003 3:53:20 PM 199.181.135.149 1079 D
    1/22/2003 3:43:40 PM 199.181.135.149 1075 D
    1/22/2003 3:43:18 PM 199.181.135.149 1072 D

  6. #6
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    I traced the IP address (199.181.135.149) and it appears to belong to the The Disney Channel. There is a technical contact at "TechEmail: jeff.mansukhani@disney.com". Shoot him an e-mail with a clip of your logs and ask him if he can explain whats going on.


    Cheers:
    DjM

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    OrgName: The Disney Channel
    OrgID: THEDIS-1

    NetRange: 199.181.129.0 - 199.181.135.255
    CIDR: 199.181.129.0/24, 199.181.130.0/23, 199.181.132.0/22
    NetName: DISNEY-CBLK
    NetHandle: NET-199-181-129-0-1
    Parent: NET-199-0-0-0-0
    NetType: Direct Assignment
    NameServer: SENS01.DIG.COM
    NameServer: SENS02.DIG.COM
    NameServer: ORNS01.DIG.COM
    NameServer: ORNS02.DIG.COM
    NameServer: HUEY.DISNEY.COM
    Comment:
    RegDate: 1994-03-28
    Updated: 2002-12-03

    TechHandle: JM3462-ARIN
    TechName: Mansukhani, Jeff
    TechPhone: +1-818-553-7268
    TechEmail: jeff.mansukhani@disney.com

    AbuseHandle: ABUSE133-ARIN
    AbuseName: Abuse Contact
    AbusePhone: +1-509-742-4698
    AbuseEmail: abuse@go.com

    send a letter with a copy of the logs to the abuse and the tech address
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  8. #8
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    Djm has some good info there as does Tedob1. Try what they suggested. Until you get some kind of response or resolution to the issue, I suggest creating a specific ruleset for this IP address and/or range. Set up your protocol and reject/deny (your choice) the range and/or address.
    Maybe like a (199.181.129.* - 199.181.135.*) block (I think asterisks are accepted wildcards)
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    There is quite a noticable pattern in that trace and since it is consistent and long running coming out of the disney network I would suggest you set up a packet capture and lets see what other data we can glean before you contact them. It may be some spyware stuff or similar that you have activated yourself at some time in the past.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    sorry to get off track johnnymier! to try and answer your question private machines are used to aid in the attack of major sites. they mask the real id of the attacker. And hey as long as s/he's in there anyway might as well look and see whats of value for when s/hes done using the machine. if you got a script kiddie into "carding" its allot easier to get them off of @home machines than off of corporate sites you might even find enough info on the computer to steal the whole identity, easier than fishing and not as dangerous if you have a brand new exploit
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •