Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 37

Thread: Masked Hacker IP

  1. #11
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    Originally posted here by Cybr1d
    It just sounds like a very weak social engineering attempt....and i'm not even that paranoid. OR am !?
    calm down

    we will put this straitjacket gently on you...

    yes... easy easy

    now you must enter at ambulance... easy

    [sound of an ambulance going away]
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  2. #12

    Reply to Above

    FYI

    These attacks are against my home computer. I have broadband. Insamuch as I am running an online business, they represent an infrigement against my right to run a business. It takes nearly three days for the shop tech to debug my 23,000 files. This represents down time plus expense of debugging my system.

    The attacks themselves start with hijacking my browser, then my Stop Sign AV programs are crippled so that I cannot delete the infected files. Then comes the knockout blow. This happens over a period of 5 - 10 days. The last time I couldn't turn my monitor on, or turn off the machine with the front panel button - I had to pull the power cord.

    Which raises another issue: are these attacks deliberate and aimed at me to destroy my quality of life and online business, or are they random attacks, meaning the attacker doesn't know me personally, is not a known enemy? Either way, it's criminal behavior and I'd love to be able to stop it.

    Thanks for all your replies.

  3. #13
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    The attacks themselves start with hijacking my browser, then my Stop Sign AV programs are crippled so that I cannot delete the infected files. Then comes the knockout blow. This happens over a period of 5 - 10 days. The last time I couldn't turn my monitor on, or turn off the machine with the front panel button - I had to pull the power cord.
    Sounds more like you got coolsearch, sasser, soBig, myDoom and netsky all bundled up together. Do you have a firewall? You might want to invest on a good one if you are running a business. A physical firewall, a software one of the pC and an updated AV seems to do the trick for me...you should try it.


    to the previous question:

    127.0.0.1 is not the hacker...its your own computer trying to do something funky...see if everything is set-up properly.

  4. #14
    Senior Member therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400
    Is it just me or is 127.0.0.1 NOT usable by someone trying to spoof his ip?sounds like you've got something on your system too

  5. #15
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    although you can send ip packets if source address 127.0.0.1 from outside the box, you CANNOT redirect them back to attacker machine (by icmp redirects or something like).
    So you cant get access to a computer with loopback address.
    However you can deploy a DoS attack with that
    Usually firewalls (like Netfilter) have a permit for 127.0.0.1 for anything, but limited to loopback (lo) interface
    Just for be sure (dont come with straitjacket pls), some proxies can act at your computer (installed and running into it). Some ssl-vpn clientless software use java clients to redirect all outbound traffic to 127.0.0.1 to be cautgh by vpn client (its clientless but has a client - figures)
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  6. #16
    I could be mistaken, but I don't believe it's beyond the pale to recontruct a network packet so that the sender address is 127.0.0.1 or the sender network is 127.0.0.0 so that a firewall or IDS would ignore it, thinking it came from itself. This is one way of doing a TCP reset attack, isn't it? Or what about Blaster?

    As I write this, I googled it and came up with the following article from our friends at insecure.org:

    http://seclists.org/lists/incidents/2003/Oct/0131.html

  7. #17
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    I maybe wrong (as usual) but your link brichards99 shows to how to circunvent blaster attack do windowsupdate. Or can be used for DoS. But not for a two way conversation (from outside the box)
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  8. #18

    Reply to Above 2

    Cybr1d:

    Yes, I have Zone Alarm Pro. That too was disabled. This is obviously a hacker with high level skills...which is very frightening to me.

  9. #19
    cacosapo,

    Yep -- that's my bad for skimming through the posts and missing yours. I was only thinking of one-way communication in the form of DoS. Two-way's out of the question, as you say.

  10. #20
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    That too was disabled. This is obviously a hacker with high level skills...which is very frightening to me.
    ....I think you need to relax for a second there...high level skills?barely...a simple virus will do that.

    Restart your computer in safe mode, Run your Antivirus Program and see what it finds. Then run Housecall AV (Free from teh net) and see what that finds. As for browser hijacking...run spybot and adaware. Also run theCleaner to see if there is any trojans. Make sure you back up all the important files in case you need to take drastic measures.

    Do the steps above calmly ....and dont panic. Make sure you have your windows patched up....it seriously sounds like one of the worms that have come about lately.

    Perhaps you shouldn't be running an online business without taking the necessary security steps first. What type of business are you running?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •