What will they do next after they scan your ports?

[novkhan]

My PC have been compromised lately and I want to secure it.
B4 i that i hope to noe how they manage to intrude into my system

recently I have been reading about all sorts of network security stuff!
Stated that "Attacks will begin after scanning for open ports"

I tried to use a scanner to scan my PC for open ports.
After that a list of ports is revealed .
Waht will they do after they noe certain ports is open?


what kinda Tools or Method will they use on those Open ports?

I noe dictionary attack is one of them! What else?...

[lepricaun]

they will first try to determine your OS, after this is done,
check for (known) vulnerabilities,
and if these are found try to exploit them.

so best you can do is stay up to date with all your software, so that known vulnerabilities have no chance of being found on your system.

also stop all services which aren't necessary for you to use, so that the chance of having a leak / vulnerability is is as small as possible.

as for the rest, pray that you don't get cracked, cause if some determined cracker with enough knowledge is after you, he will get in!

[Atticus|1]

novkhan,

Greetings and salutations...

I tried to use a scanner to scan my PC for open ports.
After that a list of ports is revealed .
Waht will they do after they noe certain ports is open?

What i would do if i wanted to break in to your computer would be to start with a port scan. Scan your computer, see what services you where running, what OS your running, if you had a firewall, ...etc.
If i then found any interesting ports open,or services running, i would look on google and see if there are any exploits known. If so maybe that would be one way in.
I`m sure you`ll get plenty of feedback on your question ,this is just one thing that came to mind.

what kinda Tools or Method will they use on those Open ports?

If you had a trojan on your computer you didn`t know about with backdoor capabilities, The attacker could use that method. Which is why it is always smart to be cautious when accepting files from anyone/anything. and scanning your computer regularly for trojans, spyware, keyloggers.....you get the picture.

I noe dictionary attack is one of them! What else?...

Keep tight password rules. In other words, change them often and keep them strong.(long) make a combination like < mh^4F8#k2229Zq > that may take a long time to crack with a dictionary(brute force) type attack. The main thing is to be smart.

As for the what else question....I`m sure others here can help you much better than i can.

I did forget one thing...try not to trust people on the internet,emails you open,or files you download (no matter where from).and social engineering is a good way to access a computer. Like if you posted this question to this forum, worded as you`ve done, but really you just wanted to ask smoothly how in the world can i bust into someones computer?(example), or maybe you "think" your rapping with some chick on IRC and you want to see her pic because she`s already said how hot she is. She sends this picture, you`re in a rush to see it, so you don`t pay any attention to the size of the file or the extension and it turns out to be a trojan...**** like that can be prevented 9 times out of 10 if your being cautious.

EDIT~~~~~

I need to pay more attention, you`ve pretty much already asked this question....http://www.antionline.com/showthread...hreadid=256699

[dopeydadwarf]

Unless you are a big target. For example whitehouse.gov, which I doubt since you are asing us for advice. Which means you are most definetly an EU. This eliminates alot of the threats.

Patch your OS with anything applicable. Disable services you do not need. Run a firewall, and for the love of god read the logs. They are there for that exact reason. There is a very good discussion on firewalls and the home user here. Just search for firewalls. Despite the various opinions, based upon your knowledge, it couldn't hurt much to use a firewall. Be sure and set good rules for what ever firewall you use.

If you need help, or have a specific question come back. Ask intelligent questions as you have done already. Give all information applicable to the question, and somebody will point you in the correct direction.


Be safe and stay free

[kryptonic]

They will use the open ports to connect to you or maybe send you a trojan.

[embro1001]

Originally posted here by kryptonic
They will use the open ports to connect to you or maybe send you a trojan.

Oh no! Open ports are not a big problem unless they are unsecure. If you have outdated software daemons running, you have a larger risk of being "0wn3d" then if you keep everthing up-to-date. If you improperly configure server apps, or make you own without putting it through the loops, then you increase your risk.

But it's not as though someone can "h4x0|2" your box because someone scanned you and "port 22" came up as OPEN (OMG!! OPEN PORT, RUN! &lt;-ssh...not too much to worry about...)

Getting write access to your compy is pretty much necessary to upload a trojan, unless they can get your machine to run arbitrarily uploaded code (again - check what services you are running, and keep the software up to date.)

Know what your machine is running. A quick scan of my machine shows the following:

Port Scanning host: 127.0.0.1

Open Port: 21 ftp
Open Port: 22 ssh
Open Port: 80 http
Port Scan has completed ...

If you ever see something you don't recognize, look it up. If it shouldn't be there, find a way to get rid of it.

Another good idea is a firewall. We had a discussion not too long ago as to whether or not you should go both hardware AND software, or one or the other. JP suggested only one was necessary (hardware - but this was for the Business Setting). I would suggest a software firewall for the home user. Z-A works well enough, in my opinion, but everyone seems to think otherwise. I've not used it since I Switched (I mean, I REALLY Switched &lt;-now I just have to get YellowDog Linux PPC to make the transfer perfect), so I'm not too savvy on the program anymore.

Hope my random thoughts help.

~m

[Spyder32]

It's alway's good to use a firewall to moniter/control your open and active port's. Close the one's you don't need open and disable any service's not needed. Now to answer your question, in basic term's after they scan your port's they are going to look for way's to get in through those port's. One way is by finding exploit's (via google.com or any search engine really) to your OS, a particular service, or possibly a trojan. Another way is by attempting to login through a terminal (such as telnet, ssh, etc) and try getting/guessing/finding out your password. There are many way's they can do it but just keep updating your software and scan for viruses/trojans/spyware/etc often.

[AngelicKnight]

Indeed, ZA doesn't have many fans in AO, but I like it ok. For a home user, it should do fine, so you may want to check it out.

[adiz]

i hope to noe how they manage to intrude into my system

novkhan,

My first comment/question -- is how do you know you computer has been compromised?

I have always heard the only way you can defend against something is to know it. If I was you I would first check my log files (if you have logs) and see if there is anything out of the ordinary.

As far as a firewall I would say definately Sygate! I use it and like it. There is a large amount of other tools able to be used.

I would go into explaining how someone can gain access but all the previous-posts have explained certain aspects. If you need anymore help or whatever PM me.


- Adiz

P.S. - What OS are you using?

[dbernie41]

How do you determine someone's OS after you scan their ports?