-
May 20th, 2004, 06:12 PM
#11
Originally posted here by Cybr1d
It just sounds like a very weak social engineering attempt....and i'm not even that paranoid. OR am !?
calm down
we will put this straitjacket gently on you...
yes... easy easy
now you must enter at ambulance... easy
[sound of an ambulance going away]
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
May 20th, 2004, 06:21 PM
#12
Member
Reply to Above
FYI
These attacks are against my home computer. I have broadband. Insamuch as I am running an online business, they represent an infrigement against my right to run a business. It takes nearly three days for the shop tech to debug my 23,000 files. This represents down time plus expense of debugging my system.
The attacks themselves start with hijacking my browser, then my Stop Sign AV programs are crippled so that I cannot delete the infected files. Then comes the knockout blow. This happens over a period of 5 - 10 days. The last time I couldn't turn my monitor on, or turn off the machine with the front panel button - I had to pull the power cord.
Which raises another issue: are these attacks deliberate and aimed at me to destroy my quality of life and online business, or are they random attacks, meaning the attacker doesn't know me personally, is not a known enemy? Either way, it's criminal behavior and I'd love to be able to stop it.
Thanks for all your replies.
-
May 20th, 2004, 06:25 PM
#13
The attacks themselves start with hijacking my browser, then my Stop Sign AV programs are crippled so that I cannot delete the infected files. Then comes the knockout blow. This happens over a period of 5 - 10 days. The last time I couldn't turn my monitor on, or turn off the machine with the front panel button - I had to pull the power cord.
Sounds more like you got coolsearch, sasser, soBig, myDoom and netsky all bundled up together. Do you have a firewall? You might want to invest on a good one if you are running a business. A physical firewall, a software one of the pC and an updated AV seems to do the trick for me...you should try it.
to the previous question:
127.0.0.1 is not the hacker...its your own computer trying to do something funky...see if everything is set-up properly.
-
May 20th, 2004, 06:35 PM
#14
Is it just me or is 127.0.0.1 NOT usable by someone trying to spoof his ip?sounds like you've got something on your system too
-
May 20th, 2004, 06:54 PM
#15
although you can send ip packets if source address 127.0.0.1 from outside the box, you CANNOT redirect them back to attacker machine (by icmp redirects or something like).
So you cant get access to a computer with loopback address.
However you can deploy a DoS attack with that
Usually firewalls (like Netfilter) have a permit for 127.0.0.1 for anything, but limited to loopback (lo) interface
Just for be sure (dont come with straitjacket pls), some proxies can act at your computer (installed and running into it). Some ssl-vpn clientless software use java clients to redirect all outbound traffic to 127.0.0.1 to be cautgh by vpn client (its clientless but has a client - figures)
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
May 20th, 2004, 06:56 PM
#16
Member
I could be mistaken, but I don't believe it's beyond the pale to recontruct a network packet so that the sender address is 127.0.0.1 or the sender network is 127.0.0.0 so that a firewall or IDS would ignore it, thinking it came from itself. This is one way of doing a TCP reset attack, isn't it? Or what about Blaster?
As I write this, I googled it and came up with the following article from our friends at insecure.org:
http://seclists.org/lists/incidents/2003/Oct/0131.html
-
May 20th, 2004, 07:03 PM
#17
I maybe wrong (as usual) but your link brichards99 shows to how to circunvent blaster attack do windowsupdate. Or can be used for DoS. But not for a two way conversation (from outside the box)
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
May 20th, 2004, 07:06 PM
#18
Member
Reply to Above 2
Cybr1d:
Yes, I have Zone Alarm Pro. That too was disabled. This is obviously a hacker with high level skills...which is very frightening to me.
-
May 20th, 2004, 07:12 PM
#19
Member
cacosapo,
Yep -- that's my bad for skimming through the posts and missing yours. I was only thinking of one-way communication in the form of DoS. Two-way's out of the question, as you say.
-
May 20th, 2004, 07:14 PM
#20
That too was disabled. This is obviously a hacker with high level skills...which is very frightening to me.
....I think you need to relax for a second there...high level skills?barely...a simple virus will do that.
Restart your computer in safe mode, Run your Antivirus Program and see what it finds. Then run Housecall AV (Free from teh net) and see what that finds. As for browser hijacking...run spybot and adaware. Also run theCleaner to see if there is any trojans. Make sure you back up all the important files in case you need to take drastic measures.
Do the steps above calmly ....and dont panic. Make sure you have your windows patched up....it seriously sounds like one of the worms that have come about lately.
Perhaps you shouldn't be running an online business without taking the necessary security steps first. What type of business are you running?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|