Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: KFSensor and Chinese Hackers

  1. #1
    Junior Member
    Join Date
    Nov 2008
    Posts
    22

    KFSensor and Chinese Hackers

    Hi, I have Zone Alarm 8 (free) installed on Win XP. I also have just installed
    KFSensor (a honeypot). This KFSensor is telling me I have five visitors on my PC. One is 125.89.77.122 which traceroutes/whois to CHINA. Is China hacking me? Is Zone Alarm useless? Do they still make that other firewall (though the name eludes me)? What is going on here and what can I do? Thankyou for all advice.

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    You probably have some piece of scumware on your machine calling home....

    scan your machine with malwarebytes....

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    Banned
    Join Date
    Jan 2008
    Posts
    605
    "China" is a country. This would be like me refeshing this page and saying that my browser is connected to the entire state of Connecticut.

  4. #4
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Quote Originally Posted by The-Spec View Post
    "China" is a country. This would be like me refeshing this page and saying that my browser is connected to the entire state of Connecticut.
    Maybe China has those Carrier pidgins that can carry packets like in that old ass video.

  5. #5
    Banned
    Join Date
    Jan 2008
    Posts
    605
    Actually you could base64 encode files to have them printable to paper...

    then just tie it to all of these lil' four foot tall asians.

  6. #6
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,253
    LOL DUDE straight from the horses mouth...

    KFSensor is a Windows based honeypot Intrusion Detection System (IDS).
    It acts as a honeypot to attract and detect hackers and worms by simulating vulnerable system services and trojans.
    By acting as a decoy server it can divert attacks from critical systems and provide a higher level of information than can be achieved by using firewalls and NIDS alone.


    No firewall is going to prevent conversations YOU INITIATE. You are broadcasting to the INTERNET "HEY EVERYONE LOOK AT ME". Your firewall knows this and will let anyone look.



    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  7. #7
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Quote Originally Posted by dinowuff View Post
    LOL DUDE straight from the horses mouth...





    No firewall is going to prevent conversations YOU INITIATE. You are broadcasting to the INTERNET "HEY EVERYONE LOOK AT ME". Your firewall knows this and will let anyone look.



    Ah give him a break. Just because the thread has probably ruined a few keyboards today doesn't mean I can't leave it open for us to teach others from

    Remember everyone - NOT all keyboards can be put in a Dishwasher after you shoot Coffee out of your nose laughing!

    *Sorry I couldn't stop laughing when I read that someone finally pointed out the obvious to them that saying hi to every miscreant on the net is going to have a response*.

    Thanks Dinowuff !

  8. #8
    Banned
    Join Date
    Jan 2008
    Posts
    605
    Maybe people post things they already know so they'll have a reason to respond with, "I like and identify with you."

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    What is going on here and what can I do? Thankyou for all advice.
    Perhaps you should join the *******............I am sure that you would feel at home there

    EDIT:

    1. Is this the one you were thinking about?

    http://free.agnitum.com/

    Here is a relative newcomer:

    http://www.tallemu.com/

    As already noted, if you are running a honeypot you are inviting traffic so please don't blame the firewall.

    2. There are so many compromised machines in the World these days that just because an IP address resolves to a particular country, does not mean that is where the attacker is operating from. Last I read for China was a ratio of 2:1 externally controlled bots to local Chinese ones.
    Last edited by nihil; June 21st, 2009 at 03:13 PM.

  10. #10
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,253
    I like and identify with you...
    nuff said
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •