August 31st, 2003, 09:09 PM
Security Help please
Ok this may be in the wron area, but I need some help. I have been a long time internet user and have never ever had any problems till bout a week ago. I have an up to date virus software(nortons) and a action tec wireless/fixed hub with a static ip address. I checked the logs for hack attempts about once a week with nothing and I scan every week and all incomming files usually get hit right away with nortons if they are virused. Anyways few days ago my computers were attacked, one rebooted itself, no biggie i know but when it came back on it connected itself to a web site that said you have been hacked, it was nothing malicias just someone screwing with me, i had remote desktop software setup and i turned it off and also changed the ip address of the computer that was hacked, but I fear i was to late, the next day same thing happend to my wifes puter, so I changed my whole configureration turned off anything that allowed control of any of my comptures and have not had any problems since, but this makes me wonder what I need to do. I have no firewall, don't really see the need, or actually don't see where I would put it unless it's on all computers, right? cause I use xp or 98SE so its a peer network. I downloaded a port scanner and scanned all computer ports, only ones appeared to be open were mail protocol and my ftp server. What do i need to do to find the leaks and close them and what kinda firewall and where would i set it up? Any info, web links or just personal experience in fixing this kinda problem would be appreciated. Thank you.
August 31st, 2003, 09:28 PM
" I have no firewall, don't really see the need, or actually don't see where I would put it unless it's on all computers, right"
Wrong!!! (would you live in a house that does not have locks on the doors)
1) Get yourself a firewall for starters...(and yes installed on your PCs)www.zonealarm.com (one recommendation)
2) If you dont need ftp/mail or any other servers running on your PC, shut them off
or control access and permission to them..
3) Might want to scan your entire system for vulnerabilities by a trusted 3rd party ..Try these guys: http://grc.com/default.htm (choose "shileds UP" for starters)
4) Might want to also scan your PC for viruses by another trusted 3rd party vendor
and last , read all the threads/tutorials on security/
Give those a try..
Im sure you will get more feedback from others as well...
August 31st, 2003, 09:33 PM
Re: Security Help please
Bad idea to connect to the internet without protection.
Originally posted here by wolfspring
I have no firewall, don't really see the need, or actually don't see where I would put it unless it's on all computers, right?
I would download these programs and use them.
Zone alarm- http://www.zonelabs.com
You really should do a search here and on google. Your answers will all be there.
/edit>>Harware firewall[NAT]-get a router and network all your computers together,Then put a software firewall on all of them. learn how to configure all,and check the logs religiously.
August 31st, 2003, 09:36 PM
seems to be RPC/DCOM attack............block the ports 135-139, 445 and 593 by using a gud personal firewall...also block any other unwanted port
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
August 31st, 2003, 09:43 PM
wow guys, that was fast thanks for the info. The reason i stated that was I didn't see a reason untill i started running a game server, an ftp server and remote desktop before all I did was game and had no need, well thought no one would want to attack me or notice me. I use firewalls at work but we use WIN2k, so I need to put a fire wall on every computer on the network right? I always here of building a firewall box, like a computer designated to a firewall, hardware what have you. I have an extra pos computer i could do this with but what kinda os would I need? Thanks again for the info I've been comming to this site forever but never used the forums, i just casually surf about learning about stuff, mostly antivirus junk. thanks
August 31st, 2003, 09:50 PM
Someone may not want to "attack"you ,but instead,use your computer as a zomie.
August 31st, 2003, 10:49 PM
Hey guys thanks alot. I did a scan and the only ports open were on my FTP, mail and a couple of other legit programs, then i logged in from my phone line and hit my static ip, damn thing came up with my router setup screen, sob, so i just gotta figure that out now and then get a better router. Thank you so much.
September 1st, 2003, 03:25 AM
Damn all that work paid off. I set up zone alarm did some port stuff online and found that several IP addresses were trying to get into one of my computers, one that I don't use much it is for surfing for stuff while i play games and wait for maps to load.
126.96.36.199:3684 this guy's port 80 appears to be stealthed according to a program called id serve
188.8.131.52:33584 incoming UDP
184.108.40.206:2152 TCP incoming(spyware?) also used ports 2151 5143 2144 2135 2134 WTF?
also with this 2127 2126 2117 2116 2109 2108
220.127.116.11:2447 2443 2407 2404 2369 2368
18.104.22.168:23 multiple occourances.
there are about 5 more but these two came up about 20 times each in about 30 mins blocked incoming, a few were outgoing then i ran adaware and found some spy ware tracker progs, assume thats what they were, can anyone tell me what these are and why they come up in the zone alarm help as "internet background noise"?
a few of these are probably legit but I don't know this, are these attacks or mere internet noise? thanks again
September 1st, 2003, 03:38 AM
sorry I don't have the addy at present, but try SpyBot Search & Destroy.................you will have to run a search for it...free to private users...........will find some things that Ad Aware will not..............I use both, and recommend that to all my mates
After you have gotten it, run the update, then run it