attacking a remote computer

[blayde]

Okay, my question is this....I have setup in my room 4 computers all of which are connected to outside lines (no dsl service yet), but anyway i was wondering how secure these computers are.
So my plan was to launch an attack on my own system to #1 gain experience to the steps taken by someone else on my system and to #2 learn where my security holes are.
When i tried to execute this plan i entered my MS-DOS prompt, pinged one of my other computers IP, resulting in 100% packet loss. Then i ran a trace router to check the connection path. Realizing that i may not be able to connect directly to my remote port i pinged my internet host (AOL ISP). Also transfer failure. I then began backtracking until somwhere in the middle I made a connection but was lost at that point. So my question being is it possible to attack a remote computer by IP and if so what steps should i take.
I was hacked 1 month 2 weeks 3 hours ago by a script kiddie and i realized that i definetly needed to learn a lot more on security measure. So please lend me a hand. I know C++ I am pretty familiar with networks so dont hold back. Thanks this site is great i have never seen a gathering of more intelligent people...well maybe MIT but whos counting....

[petemcevoy]

AOL sucks.

[freeOn]

yeah ok AOL, some AOL servers allow you to do alot more then others, it all depends on the number that your dialing into. So if somthing doesn't work then dial another number. I'm assuming that you don't have any firewalls up and that your running windows 98 because you said Ms-dos prompt. AOL leaves some ports open, but nothing like telnet, or ftp, things like that. So do a port scan for the really high ports or UDP ports 3000, 5000. If you find any of those open it's possible to create a program with C++ to gain access. Or borrow some code and modify sub 7 or somthing whatever.

So the best way to gain information about your security leaks is Port Scan your own computer but get a real port scanner. Nmap, Portflash, genius, sam spade. Scan really high numbers as well. Since some AOL servers

Get a firewall. Zone alarm and Tiny Personal firewall are both free and work great. One place I recomend is going to symantec.com and doing there Security Risk Scan, it's free and they will let you know if you do have any security leaks. Also patch all of your software so it's up to date. Even your Ant-Virus Software.

My version of how Hackers hack.

1. hackers have ways to get IP's
mail, lookup, chatrooms, IRC, Instant Messengers(only if direct connected) internet games like quake, or counterstrike. There are probably others.

2. Port Scan-- The IP
-port scan every port
- create a list of all open ports
- research and test the open ports, hackers-break into
computer by exploiting vulnerabilitys.
3. exploit the system.
with the research exploit the vulnerability's
and then reformat the hard drive, move all the company money into a swiss bank account. Retire and never have to work again. But make sure you leave the country.

Well so get a firewall, patch all your software, get up to date Virus software, and pray to god.ANd make sure you don't have file print sharing on. lol, hope it helps.

AOL will also keep track of Telnet history, pings, tracerts, stuff like that. So if you ever have trouble dialing in it might be because they think you are hacking. They also download monitoring software, through those annoying downloads that come on right after you sign off, they call them updates. So pull the plug after you sign off.

[zion1459]

if u wanna learn security fast then buy the newest "Hacking Exposed".... it gives a quick walkthrough of some of the more common hacking techniques and a few of the more advanced.... it might be easier 2 buy a book like this than to gather all the info urself aound the net (that's how i learned.... i surfed the net 24-7 for info.... hmmm... i still do... doh!.. but that's how u become l33t )

books like "Hacking Exposed" are nice to read for beginners with some network experience.... and it's an international best seller!

(to all the script kiddies out there: "KEEP UR FILTHY HANDS AWAY FROM THAT BOOK!" muhahaha)

and no i'm not here 2 help the Hacking Exposed guys sell more books

[K-Line]

I personally agree with Zion1459. I have read "Hacking Exposed - Windows 2000" from cover to cover. It's an absolute goldmine of information, and will certainly help you to secure your Windows 2000 box.

I haven't read "Hacking Exposed", though. However, if it's half as good as it's Windows 2000 counterpart, then it will be worth every penny.

Another good book I have read is "Security Complete" from Sybex. It covers practically every security related topic you could think of. It's over a thousand pages long, for $19.99. At that price, it's worth a look.

Hope that I've been some help to you.

Regards,

K-Line.

[blayde]

Hey thanks for the input. That gives me a much better bases on how its done. I will also plan on picking up a copy of those books.
Oh yeah and AOL does suck theres no doubt about that.
later