Security Help please
Results 1 to 9 of 9

Thread: Security Help please

  1. #1
    Junior Member
    Join Date
    Dec 2001
    Posts
    4

    Security Help please

    Ok this may be in the wron area, but I need some help. I have been a long time internet user and have never ever had any problems till bout a week ago. I have an up to date virus software(nortons) and a action tec wireless/fixed hub with a static ip address. I checked the logs for hack attempts about once a week with nothing and I scan every week and all incomming files usually get hit right away with nortons if they are virused. Anyways few days ago my computers were attacked, one rebooted itself, no biggie i know but when it came back on it connected itself to a web site that said you have been hacked, it was nothing malicias just someone screwing with me, i had remote desktop software setup and i turned it off and also changed the ip address of the computer that was hacked, but I fear i was to late, the next day same thing happend to my wifes puter, so I changed my whole configureration turned off anything that allowed control of any of my comptures and have not had any problems since, but this makes me wonder what I need to do. I have no firewall, don't really see the need, or actually don't see where I would put it unless it's on all computers, right? cause I use xp or 98SE so its a peer network. I downloaded a port scanner and scanned all computer ports, only ones appeared to be open were mail protocol and my ftp server. What do i need to do to find the leaks and close them and what kinda firewall and where would i set it up? Any info, web links or just personal experience in fixing this kinda problem would be appreciated. Thank you.

  2. #2
    Senior Member
    Join Date
    Aug 2003
    Posts
    205
    " I have no firewall, don't really see the need, or actually don't see where I would put it unless it's on all computers, right"

    Wrong!!! (would you live in a house that does not have locks on the doors)

    1) Get yourself a firewall for starters...(and yes installed on your PCs)www.zonealarm.com (one recommendation)
    2) If you dont need ftp/mail or any other servers running on your PC, shut them off
    or control access and permission to them..
    3) Might want to scan your entire system for vulnerabilities by a trusted 3rd party ..Try these guys: http://grc.com/default.htm (choose "shileds UP" for starters)
    4) Might want to also scan your PC for viruses by another trusted 3rd party vendor
    www.commandondemand.com

    and last , read all the threads/tutorials on security/

    Give those a try..

    Im sure you will get more feedback from others as well...

    Cheers

  3. #3
    Junior Member
    Join Date
    Aug 2003
    Posts
    15

    Re: Security Help please

    Originally posted here by wolfspring
    I have no firewall, don't really see the need, or actually don't see where I would put it unless it's on all computers, right?
    Bad idea to connect to the internet without protection.

    I would download these programs and use them.

    Trojan scanner-trial
    http://www.agnitum.com/

    Spyware scanner-free
    adaware- http://www.lavasoftusa.com/

    -firewall-free
    Zone alarm- http://www.zonelabs.com

    You really should do a search here and on google. Your answers will all be there.

    /edit>>Harware firewall[NAT]-get a router and network all your computers together,Then put a software firewall on all of them. learn how to configure all,and check the logs religiously.

  4. #4
    Senior Member
    Join Date
    May 2003
    Posts
    472
    seems to be RPC/DCOM attack............block the ports 135-139, 445 and 593 by using a gud personal firewall...also block any other unwanted port
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

  5. #5
    Junior Member
    Join Date
    Dec 2001
    Posts
    4
    wow guys, that was fast thanks for the info. The reason i stated that was I didn't see a reason untill i started running a game server, an ftp server and remote desktop before all I did was game and had no need, well thought no one would want to attack me or notice me. I use firewalls at work but we use WIN2k, so I need to put a fire wall on every computer on the network right? I always here of building a firewall box, like a computer designated to a firewall, hardware what have you. I have an extra pos computer i could do this with but what kinda os would I need? Thanks again for the info I've been comming to this site forever but never used the forums, i just casually surf about learning about stuff, mostly antivirus junk. thanks

  6. #6
    Junior Member
    Join Date
    Aug 2003
    Posts
    15
    Someone may not want to "attack"you ,but instead,use your computer as a zomie.

    !attack

  7. #7
    Junior Member
    Join Date
    Dec 2001
    Posts
    4
    Hey guys thanks alot. I did a scan and the only ports open were on my FTP, mail and a couple of other legit programs, then i logged in from my phone line and hit my static ip, damn thing came up with my router setup screen, sob, so i just gotta figure that out now and then get a better router. Thank you so much.

  8. #8
    Junior Member
    Join Date
    Dec 2001
    Posts
    4
    Damn all that work paid off. I set up zone alarm did some port stuff online and found that several IP addresses were trying to get into one of my computers, one that I don't use much it is for surfing for stuff while i play games and wait for maps to load.

    200.56.199.178:3684 this guy's port 80 appears to be stealthed according to a program called id serve

    129.59.23.126:2378 incoming
    62.101.126.224:33584 incoming UDP
    82.36.33.154:2152 TCP incoming(spyware?) also used ports 2151 5143 2144 2135 2134 WTF?
    also with this 2127 2126 2117 2116 2109 2108


    68.11.72.50:2447 2443 2407 2404 2369 2368
    66.163.172.83:23 multiple occourances.


    there are about 5 more but these two came up about 20 times each in about 30 mins blocked incoming, a few were outgoing then i ran adaware and found some spy ware tracker progs, assume thats what they were, can anyone tell me what these are and why they come up in the zone alarm help as "internet background noise"?

    a few of these are probably legit but I don't know this, are these attacks or mere internet noise? thanks again

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Wolfspring,

    sorry I don't have the addy at present, but try SpyBot Search & Destroy.................you will have to run a search for it...free to private users...........will find some things that Ad Aware will not..............I use both, and recommend that to all my mates

    Good Luck


    After you have gotten it, run the update, then run it

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •