Results 1 to 7 of 7

Thread: Certificates and routing

  1. #1

    Unhappy Certificates and routing

    Please don't think I'm stupid... but I have all of these certificates in my Certificate Store that are for "server authentication and e-mail authentication" and they are from all over the world. I don't get e-mail from all over the world, so why should I have a certificate from Deutsche Telekom or China or Poland or anywhere else in my Store??? Is this normal?
    Also, what will tracing a route tell me? I know how to do it, but not how to interpret the results. My firewall, Zone Alarm Pro, blocks about 300 port scans an hour, approximately 15 requests for Kazaa file sharing per hour and I can't tell you how many SQL-Slammer scans!
    For the last 8 months, the same IP's have been "hitting" on me, even though I've changed my server connections. I am not (to my knowledge or approval) part of any LAN. I've reported the abuse, but the attacks continue to follow me wherever I go...from the same providers such as Deutsche Telekom. What to do????

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Well first about the certificates. I assume you are referring to the certificates in the Web Browser? Those are third party certificates to verify various hosts. Since Browser distributors don't know where most people will go they include as many recognized and accepted Certificate Authorities (CAs) as they can to meet all potential users.

    Tracing a route, referred to as traceroute or tracert, is where you tell where packets will go from you to a destination. It will tell you all the devices and networks the packets travel to get from point A (you) to point B (the destination).

    Lastly, when you reported the abuse, was it to your ISP or to their ISP?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Wow! thanks for getting back so soon~! I reported the abuse to both my ISP AND the "abuser's" ISP, but never heard back (although I asked for a confirmation) from either!
    Right now I'm with AOL and most of the intruders (even from 8 months ago) are AOL subscribers. The situation keeps getting worse. AOL proxies interfere with my surfing so I block them in ZA and the situation improves for that day only. By the next day, I'm getting DoS messages again. I think AOL is getting tired of hearing from me, and there are also two problems.... Because I don't know alot about networking, I have difficulty explaining the problem AND because I don't have a great deal of networking experience, I'm just kind of doing everything by the seat of my pants....
    As far as tracert goes, is there any significance in the fact that MOST of the IP's I'm blocking are following the same routes????
    I have built a database to track and record the information and have discovered a great deal of common links but am uncertain as to whether this is because I use the same computer or because "they" are all coming from the same places.

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Well, one thing to keep in mind is that some of the activity may be due to a worm. I regularly get pounded by other users of my ISP who are infected with Code Red, Code Red II, Nimda, etc. Complaining regularly is one way to encourage ISPs to do something. Sometimes they cannot see the forest for the trees. You might also want to look into newsgroups or forums and report it there. The more that it's public the more they will likely deal with it (not the best way but sometimes you have to do it).

    The fact that they all come from the same place would make me think it's a worm or someone who thinks you might be worth looking into. But the plus is at least you have a smaller block list.

    As for following the same routes, given that you are on the single largest ISP I'd expect pretty much all packets to follow pretty close to the same path. It's probably what helps them keep their speed. =P
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    Thanks again for the prompt reply. Following advice found in other newbie postings, I've downloaded "The Cleaner" as well as windump and its library accomplice. I will be running them. Although I've run worm and trojan cleaners before (and have come up clean) I'll give it another shot.
    But I have a strong suspicion that I've been hacked-because I partitioned my computer one night, wiping it clean and didn't reinstall an os before going to work. When I returned home and turned the computer on, it booted to Win98 through a "network" boot via my phone line. I immediately repartitioned it again and loaded WinXP, (with the phone line unplugged) and it worked ok for a short time. However, after I took a mini vacation, the problem returned. I found files in my computer that had been modified during my absence.
    I've informed the authorities (local pd, FBI, and FCC) but the first group is computer illiterate, and I haven't suffered enough economic loss for FBI or FCC to care! Therefore, I've been trying to resolve it on my own.
    I'm getting ready to change ISP's again (I do this regularly, when the traffic gets heavy) so I'll watch the routes and see what happens.
    AntiOnline is a must for people like me.Thanks again.
    History records the effects of power--
    Literature records the effects of history on people.
    Of the two, literature is the more accurate record.

  6. #6
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    But I have a strong suspicion that I've been hacked-because I partitioned my computer one night, wiping it clean and didn't reinstall an os before going to work. When I returned home and turned the computer on, it booted to Win98 through a "network" boot via my phone line. I immediately repartitioned it again and loaded WinXP, (with the phone line unplugged) and it worked ok for a short time. However, after I took a mini vacation, the problem returned. I found files in my computer that had been modified during my absence.


    Sounds like fun to look at this one and find out EXACTLY what's going on, but since that is not possible, my advice ( for what its worth ) is:

    If you think you have enough computer knowledge, proceed with the following; if you don't, get the computer to someone who does. I take NO responsibility for lost data, information, copyright infringement, etc. Use this information at your own risk. ( can you tell I've been exposed to a lot of lawyers? )

    . back up any DATA files

    . get a copy of
    PC-Cillin's Emergency Rescue Disks and a clean boot disk ( NEITHER from your computer, but from a known clean computer )

    . make sure the BIOS will boot the floppy drive first

    . boot ( from a shut-down state ) to the emergency PC-Cillin rescue disks

    . once completed, reboot to the clean boot disk

    .fdisk the hard drive(s): make sure you review the current partitions, and remove them ALL.

    ******* Very important ! ! ! ***********

    Someone may have put a " non DOS" partition on the drive. If you can not remove a partition, replace the drive until someone can clean it for you ( I believe I've read several posts on AO about this topic which you might want to search; I've had success with a Linux fdisk and also the Maxtor " Max-Blast" disk to remove these "non-dos" partitions, ) then rerun fdisk in dos mode. You may have to run "fdisk /mbr"

    . once there are NO partitions, re-partition the drive(s), making sure the size of the partitions equals the total disk size ( remember, some manufacturers use the convention where one megabyte is equal to 1,048,576 bytes, and one gigabyte is equal to 1,073,741,824 bytes.)

    . format the drive(s)

    . Install the operating system. Make sure you install all the software from "original" disks while there is NO physical connection to any other computer, network, phone line etc.

    . Make sure you install your ZA and up-to-date antivirus software BEFORE you connect the box to any physical connection out

    . for any software not from "original disks", check all check-sums and PGP signatures before loading

    You should consider ALL files from the original computer compromised. Make sure you virus check your old data before you re-install it.

    Also, someone probably has your master password for your ISP account, ( and any credit cards numbers and passwords used and/or stored on your old computer ) so you will want to either cancel or change them.

    Hope this helps, it's drastic, but sounds like you need drastic.
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  7. #7

    been there...done that!

    I've spent a great deal of time and money on trying solve the problem. I went to my computer dealer (HP) and had THEM partition/ reinstall etc...etc... even went the mbr route. I had them install clean OS files from their master disks and didn't transfer any files before going to work. Came home to the same old, same old problem. (I suspect a neighbor as the hacker, an "ex" burglar who's found something new to break into, he's quite computer capable but with the hacking programs available, even I could hack someone if I was so inclined!) There are no "non-dos" partitions on the computer, that's been checked and verified, and all of my program files appear to be legit. I have so much "anti=hack" software at this point, I could open my own store! And I change all of my passwords weekly and make really good ones mixing upper/lower, numbers and symbols when allowed. I store NOTHING in the computer anymore and carry sensitive information on my person when I go out. Do I sound paranoid?????
    So this was good advice, but been there and done ALL of that. Still, it will probably help someone else who hasn't gone that far yet! By the way, The Cleaner ([program) gave me a clean bill of health, which confirms that my problem is caused neither by Trojan or worm but by a snake in the grass!
    Thanks again! Ta Ta
    History records the effects of power--
    Literature records the effects of history on people.
    Of the two, literature is the more accurate record.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •