Announcement

Collapse
No announcement yet.

Dsl Hack Attack :(

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • #16
    I got the Linksys router mainly for its ability to handle the hack attempts on Cable. Without it my s/w firewall (Zone Alarm at the time) was registering over 200 attempts every 30 minutes!. Totally NUTS, but the hackers look at cable as fertile hunting grounds.

    Now that the Linksys's NAT is handling things I don't concern myself with those morons at all.

    Dr. Mordrid
    Dr. Mordrid
    ----------------------------
    An elephant is a mouse built to government specifications.

    I carry a gun because I can't throw a rock 1,250 fps

    Comment

    • #17
      dizzynoodle

      I have noticed that whilst using Zone Alarm, most of the messages I get are are from the organisations that I have just visited and are in no way malicious. Do you know from where these *hack attacks* have come? Because most of it is probably just harmless traffic.

      regards Michael
      Interests include:
      Computing, Reading, Pubs, Restuarants, Pubs, Curries, More Pubs and more Curries

      Comment

      • #18
        Ok, to address some issues:

        CODE RED:

        Code Red (2) exploits a known vulnerability in Microsoft's Web Server (IIS). The packets it sends to EVERYONE it can find are harmless unless you have IIS installed and haven't patched it.

        Lots of Intrusions:

        Black Ice, Zone Alarm, and others report lots of 'attacks'. Unfortunately, their idea of an 'attack' is any unsolicited incoming packets. Now, depending on whose service you use you can get a LOT of those.

        Media One (now AT&T Broadband) will hit you with packets from other Media One machines on a random basis. Sometimes as often as several a minute.

        Most broadband providers will send lots of traffic your way from the DNS servers. Oftentimes it is updates to your DNS table (not that you are necessarily maintaining one). The sites you visit will send you packets after the fact - cookie updates, keepalive requests, "are you there?" packets, etc.

        -------------

        Ok, I hope this helped.

        - Gurm
        The Internet - where men are men, women are men, and teenage girls are FBI agents!

        I'm the least you could do
        If only life were as easy as you
        I'm the least you could do, oh yeah
        If only life were as easy as you
        I would still get screwed

        Comment

        • #19
          GURM
          WinXP does have a built in Firewall .... works very well and it's enabled by default.
          If you disable it and the visit GRC (shields up) then your machine will be wide open !

          Once again .. check http://www.robertgraham.com/pubs/firewall-seen.html to see what the different ports are for.
          Fear, Makes Wise Men Foolish !
          incentivize transparent paradigms

          Comment

          • #20
            I just found one of these CodeRed infected morons peddling child porn off his server... Hmm... looks like he's in Arkansas

            Anyone have a PH to the Arkansas State Attorney handy?
            "Be who you are and say what you feel, because those who mind don't matter, and those who matter don't mind." -- Dr. Seuss

            "Always do good. It will gratify some and astonish the rest." ~Mark Twain

            Comment

            • #21
              You want to turn yourself in ?

              edit by Greebe...

              Don't act like a fool! Some of us take this shit very seriously.

              Edit by Kosh :
              I do to ... can't really see the harm
              Last edited by Kosh Naranek; 16 August 2001, 13:37.
              Fear, Makes Wise Men Foolish !
              incentivize transparent paradigms

              Comment

              • #22
                Originally posted by Dr Mordrid
                I'm using a Linksys Cable/DSL router/switch.

                It has a built-in hardware NAT firewall that uses zero system resources and requires zero maintenance. It does log intrusion attempts though.
                I'm using the BEFSR11 at home. I've seen several statements at various places around the web that it logs intrusion attempts, as well as people alluding to being able to examine this log, but no information as to how. I'm not familiar with all the sub screens on the router setup pages, but I don't recall seeing anything at all related to the logs, and after searching the LinkSys web site, saw nothing there either (already reread the user's guide, which is very basic). So where does the router store its logs and how do you examine them?
                "..so much for subtlety.."

                System specs:
                Gainward Ti4600
                AMD Athlon XP2100+ (o.c. to 1845MHz)

                Comment

                • #23
                  btw, the reason I'm askin is that I've noticed major latency increases (pings shot up to just about every web site and game server I normally use- on the order of 3x or 4x) each evening since Monday, starting at around 9PM CT. Prior to that time each night, the pings appear normal. I just want to see if possibly there's something going on with my system, something trying to access my system (stopped at the firewall, etc.), etc, etc., etc. Besides, it's always nice to be able to see who's hitting your machines.
                  "..so much for subtlety.."

                  System specs:
                  Gainward Ti4600
                  AMD Athlon XP2100+ (o.c. to 1845MHz)

                  Comment

                  • #24
                    Microsoft Explorer Bookmark Redirects update | Verizon Support
                    http://cgi.verizon.net/systemstatus/default.asp?template=dsl
                    Retirement of wapp.verizon.net


                    Look at the two "CodeRed" notes


                    ie Yes this is causing lag... tho 3-4x greater would be very suprising to me. I don't see that much even tho I have a massive amount of hits happening here.
                    "Be who you are and say what you feel, because those who mind don't matter, and those who matter don't mind." -- Dr. Seuss

                    "Always do good. It will gratify some and astonish the rest." ~Mark Twain

                    Comment

                    • #25
                      Ok, let me clarify a few things:

                      1. I visited GRC. I'm running XP. I do NOT have the firewall enabled...

                      ...and...

                      I'm completely secure.

                      2. So I asked for a detailed port scan (from both GRC and a couple other places). Here's the results:

                      All closed (to be expected without running a port stealther - i.e. software firewall), except for my IDENT port at 113 (for my multiple concurrent IRC connections).

                      Which version of XP are YOU running that's "wide open"?

                      - Gurm
                      The Internet - where men are men, women are men, and teenage girls are FBI agents!

                      I'm the least you could do
                      If only life were as easy as you
                      I'm the least you could do, oh yeah
                      If only life were as easy as you
                      I would still get screwed

                      Comment

                      • #26
                        Gurm, instead of bashing, why not write up a detailed means of achieving what you have done instead?!
                        "Be who you are and say what you feel, because those who mind don't matter, and those who matter don't mind." -- Dr. Seuss

                        "Always do good. It will gratify some and astonish the rest." ~Mark Twain

                        Comment

                        • #27
                          Thanks for the info Greebe. I kind of suspected it was something along those lines, though the major spiking blows my mind too. An example of the ping increase is that the UT server, 'the Factory' goes from averaging close to 60ms to 260ms once this kicks in. And it IS happening at a nearly preset time each night, because I've checked the pings immediately after getting home, and all's been well, then played until it starts lagging hard, noting that time..

                          Back to my first question though- how do I examine these logs my router supposedly keeps?
                          "..so much for subtlety.."

                          System specs:
                          Gainward Ti4600
                          AMD Athlon XP2100+ (o.c. to 1845MHz)

                          Comment

                          • #28
                            GURM

                            I don't get that ... what about workgroup name / Machine Name etc. ?

                            I'm running Win Me with ZA Pro !

                            Did run WinXP Once ... RC1 with and without firewall enabled.
                            With the builtin firewall enabled it passed Shields Up but without it it didn't stand a chance.
                            I didn't do anything special when I removed the FireWall like normal users would and the Comp. was wide open.
                            Fear, Makes Wise Men Foolish !
                            incentivize transparent paradigms

                            Comment

                            • #29
                              Err.. never mind about the logs.

                              Sheesh, I can't believe I've been overlooking that tab all this time..
                              "..so much for subtlety.."

                              System specs:
                              Gainward Ti4600
                              AMD Athlon XP2100+ (o.c. to 1845MHz)

                              Comment

                              • #30
                                I'm not so sure Ace's problems are due to attack

                                Ace: DSL or cable?

                                This is more likely if you're on cable (DSL can be oversold, but it's less likely). It may be that your part of the network is oversold. Either a bunch of people go online at 9, or maybe you have somebody running a warez server in the evenings. You may need your provider's help (good luck).

                                Just an alternate theory, I'm not staking anything on validity.
                                Gigabyte P35-DS3L with a Q6600, 2GB Kingston HyperX (after *3* bad pairs of Crucial Ballistix 1066), Galaxy 8800GT 512MB, SB X-Fi, some drives, and a Dell 2005fpw. Running WinXP.

                                Comment

                                Previous 1 2 3 template Next
                                Working...
                                X