July 31st, 2004, 07:35 PM
Am i beingh Hacked ?
I use Norton Internet Security suit professional version 2004. today is the first time my IDS is showing me that a computer with ip 18.104.22.168 (detail's in the attached file). Although I have blocked the computer's IP still the number of times it has attacked me has gone up to 1726 times. In the attached file I have included DNS and other important information. I am new to Security please help me in what should be my next step. I feel its a scan mostly a Nmap because the connection on certain service ports were scanned with a SYN stealth scan signature but i am not sure at all like i said i am new to this field and my knowledge is near to nil.
August 1st, 2004, 12:35 AM
Contact the hosting ISP and complain. If that doesn't work and the "attacks" are truly affecting your internet connection then contact your ISP to get your IP changed. As far as the question, am I being hacked? Probably not, it's probably some lil' kid in Japan trying out a scanner. In all honesty if they were a real threat, they'd already have the script to crash Norton and they'd have already done it.
There is allot of noise on the internet and sometimes even good IDS's give false positives. (And I'm not saying Norton is a good IDS by any means.) So just be prepared for a whole lot of false positives.
If you are truly from India then you'll see quite allot of scans and such, people just feeling around and trying new toys. This is coming from someone who had to support a satellite office in India for 4 years, not fun.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
August 1st, 2004, 01:06 AM
As Korp stated, you probably aren't being hacked per se. Chance's are you're being probed by someone to see if you have a particular service running or particular port open (port probing). Or it could be some stupid kid who downloaded a proggie, ran it, and came up with your IP. You shouldn't have much to worry about as long as everything's secured, no services not needed are running, port's left open, and it seem's like you're paying attention to the logfile's and whatnot. So you should be fine.
August 1st, 2004, 08:35 AM
Hey thanks to both of you. I agree that its not a big threat i checked my windows firewall log and found no entry for the IP. but norton log shows that it was a XMAS_null scan.
and KorpDeath please tell me which is a good firewall is BlackIce better then Norton. i also agree that no firewall is going to keep my system completly protected. but i would love to learn more. I am new to the field and i would love to have more information.
August 1st, 2004, 08:38 AM
IMO neither. Kerio and Sygate (as well as Outpost) are more popular, better features, and tend to work better than both of those that you mentioned. But hey, you asked for Korp's opinion not mine .
August 1st, 2004, 08:45 AM
Spyder32 sorry if you felt that way. please you should know that i am new to this field and very curious. would you mind tell me what KorpDeath ment by "In all honesty if they were a real threat, they'd already have the script to crash Norton and they'd have already done it." is if its not aginst the policy of the site please give me details. do all attacks have to be Zero day attack to work or even older ones work because of not updated servers. dont mind my curiosity.
August 1st, 2004, 08:52 AM
I don't mind curiosity, and I was kidding my friend . I think what he meant was that if it was something serious or something to really be alarmed about, the person aleady would have used whatever program/script to crash your Norton and that they would have already done it. And to answer your second question, no. Doesn't alway's have to be in order to work. Some actually take time to execute (DoS attacks, etc).
August 1st, 2004, 08:53 AM
parth_scores, If I was a cracker and wanted your system, I would scan your IP just once or twice, determine what security you had including firewall. Then I would research the known exploits against your firewall and then try them. After I was through your firewall, I would use an exploit aimed at a service you are using.
Then you would be owned.
As in this picture some one else posted already (sorry, don't remember who)
Note following photo while not x-rated might not be for open office viewing
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
August 1st, 2004, 08:57 AM
Okay my last question to all of you please suggest me a good site for information on exploits like www.k-otik,com but this one is in french laguage and i am not good in that. any good suggestions welcomed.
August 1st, 2004, 09:01 AM
If you ever wanna research or lookup exploit's, then google. Sometime's I refer to Zone-H.org or Blackcode.com for some exploit information as well but like I said mostly google.