have you been attacked?

[johnnymier]

I would like to know if anyone has been the victim of a serious hacking attack on your home computer. I am refering to an attack that couldn't have been stopped by following some basic security measures like having a firewall and AV. What I am trying to get at is that real attacks performed by real pros rarely or never happen to someone's home computer, or maybe I am wrong and experts do target home PC's. What will be the real gain an expert can have attacking a home user?? Do you think home computers are at a big risk of being victims?

I'll be happy to here everyones insight and opinions on this matter.

Thanks

[Syini666]

I don't see dialup users as being at risk, because of their limited abilites due to their connection. However, I can see the uses for compromising a broadband home user, to use their machine as a drone in a DDoS attack. That being said, the only real Pros I can see going after home computers would be people like "el8" as a way to try to humiliate and damage the reputation of a computer security professional by attacking them at home. Just my 2 cents...

[alittlebitnumb]

I was attacked by HVLRat about two years ago and to this day I have no idea what the kiddie got. As for real professionals attacking home computers, I do not see that as a common practice when most professionals have bigger and better things to do.

However, it is common for professionals to get corrupt and steal information as an "inside job." A lot of people in my experience think of external attacks, but rarely think about that most attacks come from the inside. Take the PWA incident of ysteryear. Folks at Intel were using Intel for sending hardware and configured the network to download warez from Senitel. The whole bunch was arrested after a sting operation by the FBI when the ops of Senitel cooperated with the feds. Robin Rothburg, the founder of Pirates With Attitudes did not have to hack from the outside to get what he wanted. He used corrupt professionals.

Lastly, greed and acceptance are big motivators for attacks by professionals and everyone else down the line. Just my 2c Honestly, it makes it look bad for the real professionals doing a good job.

albn

[jdonovan]

Originally posted here by johnnymier
I would like to know if anyone has been the victim of a serious hacking attack on your home computer. I am refering to an attack that couldn't have been stopped by following some basic security measures like having a firewall and AV. What I am trying to get at is that real attacks performed by real pros rarely or never happen to someone's home computer, or maybe I am wrong and experts do target home PC's. What will be the real gain an expert can have attacking a home user?? Do you think home computers are at a big risk of being victims?

I'll be happy to here everyones insight and opinions on this matter.

Thanks

I agree with 666 in that any zombie that a hacker can recruit is another drone to use in a DoS attack, but also it provides another layer of obscurity to cover his/her tracks when making mischief.

Aside from keeping your machine safe as a way to support the on-line community in general, remember that there has been some talk of liability for those whom are deemed negligent by leaving their computers open for unscrupulous manipulations.

[kiowa-mike]

I have been under attack from a cracker since Dec. So far I have not been able to stop him/her
below is a sample of todays attempts to gain access to my computer . If anyone has any idea of how to stop this attack please let me know..........

Event Date Source IP Target Port Event Note*
1/22/2003 8:03:14 PM 199.181.135.149 1955 D The ‘D’ at the end indicates a
1/22/2003 7:34:41 PM 199.181.135.149 1550 D blocked IP address
1/22/2003 7:34:20 PM 199.181.135.149 1543 D
1/22/2003 7:24:18 PM 199.181.135.149 1196 D
1/22/2003 7:14:37 PM 199.181.135.149 1192 D
1/22/2003 7:14:14 PM 199.181.135.149 1189 D
1/22/2003 7:04:12 PM 199.181.135.149 1185 D
1/22/2003 6:54:31 PM 199.181.135.149 1181 D
1/22/2003 6:54:10 PM 199.181.135.149 1178 D
1/22/2003 6:44:07 PM 199.181.135.149 1174 D
1/22/2003 6:34:25 PM 199.181.135.149 1170 D
1/22/2003 6:34:04 PM 199.181.135.149 1167 D
1/22/2003 6:24:01 PM 199.181.135.149 1163 D
1/22/2003 6:14:20 PM 199.181.135.149 1159 D
1/22/2003 6:13:58 PM 199.181.135.149 1156 D
1/22/2003 6:03:55 PM 199.181.135.149 1152 D
1/22/2003 5:54:15 PM 199.181.135.149 1148 D
1/22/2003 5:53:54 PM 199.181.135.149 1145 D
1/22/2003 5:43:51 PM 199.181.135.149 1141 D
1/22/2003 5:34:09 PM 199.181.135.149 1137 D
1/22/2003 5:33:48 PM 199.181.135.149 1134 D
1/22/2003 5:23:45 PM 199.181.135.149 1130 D
1/22/2003 5:14:03 PM 199.181.135.149 1126 D
1/22/2003 5:13:42 PM 199.181.135.149 1123 D
1/22/2003 5:03:40 PM 199.181.135.149 1119 D
1/22/2003 4:53:59 PM 199.181.135.149 1115 D
1/22/2003 4:53:38 PM 199.181.135.149 1112 D
1/22/2003 4:43:56 PM 199.181.135.149 1108 D
1/22/2003 4:43:35 PM 199.181.135.149 1105 D
1/22/2003 4:33:32 PM 199.181.135.149 1101 D
1/22/2003 4:23:51 PM 199.181.135.149 1097 D
1/22/2003 4:23:29 PM 199.181.135.149 1094 D
1/22/2003 4:13:26 PM 199.181.135.149 1090 D
1/22/2003 4:03:44 PM 199.181.135.149 1086 D
1/22/2003 4:03:23 PM 199.181.135.149 1083 D
1/22/2003 3:53:20 PM 199.181.135.149 1079 D
1/22/2003 3:43:40 PM 199.181.135.149 1075 D
1/22/2003 3:43:18 PM 199.181.135.149 1072 D

[DjM]

I traced the IP address (199.181.135.149) and it appears to belong to the The Disney Channel. There is a technical contact at "TechEmail: [email protected]". Shoot him an e-mail with a clip of your logs and ask him if he can explain whats going on.


Cheers:

[Tedob1]

OrgName: The Disney Channel
OrgID: THEDIS-1

NetRange: 199.181.129.0 - 199.181.135.255
CIDR: 199.181.129.0/24, 199.181.130.0/23, 199.181.132.0/22
NetName: DISNEY-CBLK
NetHandle: NET-199-181-129-0-1
Parent: NET-199-0-0-0-0
NetType: Direct Assignment
NameServer: SENS01.DIG.COM
NameServer: SENS02.DIG.COM
NameServer: ORNS01.DIG.COM
NameServer: ORNS02.DIG.COM
NameServer: HUEY.DISNEY.COM
Comment:
RegDate: 1994-03-28
Updated: 2002-12-03

TechHandle: JM3462-ARIN
TechName: Mansukhani, Jeff
TechPhone: +1-818-553-7268
TechEmail: [email protected]

AbuseHandle: ABUSE133-ARIN
AbuseName: Abuse Contact
AbusePhone: +1-509-742-4698
AbuseEmail: [email protected]

send a letter with a copy of the logs to the abuse and the tech address

[ShagDevil]

Djm has some good info there as does Tedob1. Try what they suggested. Until you get some kind of response or resolution to the issue, I suggest creating a specific ruleset for this IP address and/or range. Set up your protocol and reject/deny (your choice) the range and/or address.
Maybe like a (199.181.129.* - 199.181.135.*) block (I think asterisks are accepted wildcards)

[Tiger Shark]

There is quite a noticable pattern in that trace and since it is consistent and long running coming out of the disney network I would suggest you set up a packet capture and lets see what other data we can glean before you contact them. It may be some spyware stuff or similar that you have activated yourself at some time in the past.

[Tedob1]

sorry to get off track johnnymier! to try and answer your question private machines are used to aid in the attack of major sites. they mask the real id of the attacker. And hey as long as s/he's in there anyway might as well look and see whats of value for when s/hes done using the machine. if you got a script kiddie into "carding" its allot easier to get them off of @home machines than off of corporate sites you might even find enough info on the computer to steal the whole identity, easier than fishing and not as dangerous if you have a brand new exploit