Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / Viruses, Hacking, Trojan Horses, stuff like that.

Author
Message
Fallout
22
Years of Service
User Offline
Joined: 1st Sep 2002
Location: Basingstoke, England
Posted: 12th Sep 2003 20:04
Link
Why am I getting shafted six ways from sunday by viruses hackers and monkies with cyber spanners? Basically, every time I log onto the internet (evening using different ISPs so getting different IP addresses) I'm getting remote computers trying to get into my system (inbound comms) and today I had a trojan horse virus attempting to go outbound. I have a brand spanking new firewall detecting all this stuff, and the newest definitions for my virus scanner, and they're constantly quarenteening files, and then deleting them, and catching stuff in my email, and blocking inbound and outbound comms from viruses.

The point is, if my IP is dynamic and I'm using different ISPs, it can't be just me, can it? There must be a lot of this business going round these days, and as annoying as it is for me, what about all you muppets out there without virus scanners or firewalls? I can't even begin to imagine what's being pulled off your computers and put onto them if you don't have any of this security software. But its mental stuff, cos I feel like every time I log onto the internet my computers being dropped into the national iraqi museam and a thousand looters are trying to take a bite!

Insiiiiiiiiiiiiiiiiiiiiiiiide!
Back to top
Profile PM
OSX Using Happy Dude
21
Years of Service
User Offline
Joined: 21st Aug 2003
Location: At home
Posted: 12th Sep 2003 20:48
Link
Get a hardware firewall - saves a lot of trouble... I presume you've also done a full virus scan as well - you could have something already, or you could have open ports somewhere.


Avatar & Logo by Indi. Come to the UK DBPro Convention in Chichester
Back to top
Profile PM Email Website
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 12th Sep 2003 21:14
Link
put yourself behind a router that has NAT translation, and use a software firewall like blackIce or Zonealarm and your pc will be INVISIBLE on the internet

-RUST-
Back to top
Profile PM
the_winch
21
Years of Service
User Offline
Joined: 1st Feb 2003
Location: Oxford, UK
Posted: 12th Sep 2003 21:53
Link
I have a simple adsl router with NAT translation and software firewall(tiny) and have never had a problem. Virus scanners arn't a problem if you don't use microsoft programs like explorer or outlook and don't download and run dodgy programs so kazaa is out.
Back to top
Profile PM Website
Mentor
22
Years of Service
User Offline
Joined: 27th Aug 2002
Location: United Kingdom
Posted: 12th Sep 2003 22:06 Edited at: 12th Sep 2003 22:13
Link
lots of people must be doing something I am not, or maybe not doing something I am , I have a firewall and the AV is updated daily and I never have had a virus or any serious attempt to hack my PC (just the odd one off hit every few months), I download tons of freeware too, virii and hackers just avoid me or something...not that I am complaining , then I have mates who are under constant 24hr attack, just what`s the difference?, they swear they have a firewall up all the time and the latest AV and yet I spend a lot of time rescueing their data from the digital dustbin, then I spend 16hrs a day online and download an average of 10 freewares a day and I have no problems whatsoever, maybe it`s cos I have all the MS updates and patches and they don`t or something, weird

Mentor.

BTW: visit this site and find out just how secure your system is, this guy just lives for system security.
http://grc.com/default.htm
Back to top
Profile PM
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 12th Sep 2003 22:42
Link
most Firewalls will block ports no problem, the problem lies in the ports being seen by IP scanners in the first place. When a scanner sweeps a range of ip's, if any port on a given ip responds to the scan, the ip is added to a list. Now the hacker knows a machine exists at that address. Later he may try to get in but be blocked by the firewall, youre still known to exist at that address. DHCP may change your address at some point but the scans will still find you for the simple reason that particular ports will still be seen, no matter how locked they are.
A better alternative is to not let your pc ever be seen by the sweeps in the first place. You won't be added to any list, you won't be interrogated any further
No matter how good a firewall is, some ports will "display" themselves to a scan (Usually 113) and this is where the trouble begins. When I installed my software fire wall, iwas still "seen" on the net but no one could get in. I would have tons of constant attempts in the intruder list but luckily all were thwarted. Now that I am behind a router doing NAT Translation AND a firewall my pc is INVISIBLE on the net and I haven't gotten an attempted intruder since - the reason is that the Router now gets assigned the DHCP IP address and handles the traffic, while assigning up to 4 pcs internet UNROUTABLE addresses (192.168.x.x) Some isp's do this for you on their end but most do not. If you have broadband I would suggest that you get a sw firewall like BlackIce or ZoneAlarm(free) (especially XP users (you have the most compromisable OS in the world-the built in Firewall is jack!), and spend the 50 bucks for a good NAT router like LINKSYS 4port, not only will you be protected but you can share the bandwidth with up to 4 machines.

This is what has worked for me so take this info however you like!
Good luck

-RUST-
Back to top
Profile PM
Fallout
22
Years of Service
User Offline
Joined: 1st Sep 2002
Location: Basingstoke, England
Posted: 12th Sep 2003 22:50
Link
Yeah, actually, the XP updates are about all I don't have. I've got SP1 and a few added extras here and there, but I dont have all the newest bits and bobs.

I did a full virus scan a few days a go, but I suppose it could've weaseled its way on sinse then, so I'll do another one. I also did a symantec security check and I have no open ports to sneak in or anything. The only tiny security leak I have is my virus checker which is one generation behind the newest technology, although it still have virus definitions from 1 week a go.

I get the feeling that these viruses must be resident on certain servers and the people who come in contact with them (maybe via their ISP or similar) are gonna get attacked constantly.

I'm on BT Openworld, and I can say with my hand on my heart that it's the worst most unreliable piece of crap ISP I have ever used, full of stupid policies and procedures to make your internet experience a complete piss take. It wouldn't surprise me in the least if some of the problem was to do with their systems security due to their sheer incompetence.

Insiiiiiiiiiiiiiiiiiiiiiiiide!
Back to top
Profile PM
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 12th Sep 2003 23:25
Link
@Fallout

I hear ya. I don't even run virus protection here as it isn't really necessary because virii have only 4 ways in: 1 floppy, 2 you download and run, 3 mail attchment that you run, 4 Hacker gets in and places it on machine. Other than that there isn't a way that a virus could hit you (unless your friends are putting them on the machine when you're not looking )
1,2,and 3 should not happen, 4 could happen anytime unless protected. My advice is there regarding 4 so all I can say is throw on your Stealth Cloak and good luck.

a good link to test your machine is at:
https://grc.com/x/ne.dll?bh0bkyd2
cheers

-RUST-
Back to top
Profile PM
Fallout
22
Years of Service
User Offline
Joined: 1st Sep 2002
Location: Basingstoke, England
Posted: 12th Sep 2003 23:33
Link
Norton just burst into life about 30 minutes a go and starting scanning my HD. Must've been a scheduled one or something. Anyway, it's turned up 1 virus so far, and its still going. It's probably that naughty little trojan horse that tried to contact its mate earlier. Cheeky little blighter.

I hate hackers. I hate people who make viruses. I hate Mick Jagger (and Peter Stringfellow).

Insiiiiiiiiiiiiiiiiiiiiiiiide!
Back to top
Profile PM
Mentor
22
Years of Service
User Offline
Joined: 27th Aug 2002
Location: United Kingdom
Posted: 12th Sep 2003 23:45
Link
I use Freeserve at £14 a month, the only downer is they kick you off every two hours and I sometimes get a connection that "sleeps" (never responds to anything), but I just reconnect when that happens, you need a download resume util for large files but thats no problem and the connection is mostly fast enough to game on and score against other players, from what I hear from my workmate BT is dire, bad connections, slow, constant redials to get in, gets locked out often, and more rules than the local prison, put me right off the idea, the only thing I would like to see on freeserve now is broadband, I checked with the BT broadband site and they said (more or less quote)" your number will NEVER be on broadband, you require at least 600 users per exchange to enable us to upgrade the exchange to broadband, your local exchange only has 260 users, if you could get broadband our tests show you would be able to connect at about 480k/sec, thank you for your interest in BT broadband", not that they rub it in or anything , if I was PM I would have the lot shot (the NEVER caps where mine btw, I was impressed by the finality of their decision )

Mentor.
Back to top
Profile PM
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 13th Sep 2003 01:12
Link
I feel bad for those without a broadband connection. I consistently hit 400KB/sec download speed (yes that's KILOBYTES/SEC not Kbps which is KiloBITS/SEC-and yes I can pull down 1 Meg every 3 seconds!) You should see all these lamer DSL people swearing dsl is faster than cable PAAAHHH!! They have no clue of the difference between a bit and a byte, yet they swear they are faster - I just laugh and laugh

If you have the option to get a broadband connection - do it!
Even dsl with its 84KB/Sec (for $40/Month) or Cable with its 400+KB/Sec (for $40/Month) whatever...it's worth it!!

(Yes there are dsl speeds that can exceed cable speeds but they are rare becuse you need specific wiring and they cost $500/month)

Hands down Cable vs. DSL (in same price range) Cable wins, always.

Not that this was on topic - LOL

-RUST-
Back to top
Profile PM
Easily Confused
22
Years of Service
User Offline
Joined: 22nd Oct 2002
Location: U.K. Earth. (turn right at Venus)
Posted: 13th Sep 2003 01:19 Edited at: 13th Sep 2003 01:42
Link
In the last couple of weeks I've noticed a sudden increase in activity. My firewall was getting something like 50 hits every 5 minutes, mostly from NTL adresses. Gosh! Don't they have great security. Ahem!

My hard drive was also doing things it shouldn't, it sounded like something was scanning through it. So I did a virus check and found a deltree trojan (that thing has been going around since 1996), a nasty one if activated, it deletes the contents of the drive. Lucky I found that.

But I don't think that was scanning the drive however, so in my firewall settings I blocked out RPCSS.exe (that silly "distributed COM services" thing) and everything is quite again. I'm begining to understand why alot of people don't like RPCSS.exe

Programming anything is an art, and you can't rush art.
Unless your name is Bob Ross, then you can do it in thirty minutes.
Back to top
Profile PM
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 13th Sep 2003 01:32 Edited at: 13th Sep 2003 01:34
Link
yes Remote Procedure Call AAAAAAACK!
goto the link I posted above for FALLOUT, there is a DCOM-bobulator app to automatically close DCOM components of winnt-2k-xp or just close dcom services manually.

Also, I wrote a batch that runs at startup to close all of win 2k/xp default shares, which the OS opens for networking purposes. If you are not linked to another pc where you are trying to share files explicitly, you can close these.

If you have 2k/xp, start a command window and type NET SHARE<enter>
you will see a share open for each physical drive and then ipc and admin. so it will look like

LETTER$ (for each physical drive)
ADMIN$
IPC$

use a bat file at startup to close the default shares. look in the net share help (NET SHARE /?) for the DELETE syntax. DELETE will close the share this session but reboot will automatically re-enable the shares. I actually made a vb6 exe which prompts me at startup to close the shares or not. If no, VB app exits, no bat run--If YES vb app calls batch to close all shares, vb app exits, batch re-reports to screen the net share status. When there are no open shares, NET SHARE will report "NO ENTRIES IN LIST", otherwise it will list the share name. Yes I am paranoid but I am not having all the problems I read about here and elsewhere concerning hacking etc etc

Good luck

-RUST-
Back to top
Profile PM
Newbie Brogo
21
Years of Service
User Offline
Joined: 10th Jul 2003
Location: In a Pool of Cats
Posted: 13th Sep 2003 01:35 Edited at: 13th Sep 2003 01:35
Link
hey, get a cable mode, even though my download speed doesnt seem as fast as cattlerustler, btu i got a download accelerator that gets me anywhere from 100kb-300kb, sometimes if lucky near 400, but anyway, i got a router for my firewall, and it works fine, umm... its a linksys, i've heard they're good if you set them up right, and believe me, the manual, sets it up wrong, so its easier for someone to hack, and a guy could come for free and set it up for you, but he follows the manual too, he's just memorized the manual, it takes a true geek to set up my router right, luckily my uncle is one, so he set mine up(he happened to be in the house, when we bought our firewall/router)
Wireless Access Point Router, with 4-port switch....

You did what? For who?! For how many jellybeans?!?
Back to top
Profile PM Email Website
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 13th Sep 2003 02:11
Link
If anyone is going wireless router style - wait for good 802.11G protocol. It runs on 5+GHZ and won't have interference probs with all the devices that run on 2.4, plus it has encryption me thinks.


-RUST-
Back to top
Profile PM
Fallout
22
Years of Service
User Offline
Joined: 1st Sep 2002
Location: Basingstoke, England
Posted: 13th Sep 2003 02:37
Link
Well, anyway, I found that virus, but the file couldn't be quarentined or deleted. Don't know why. I really feel sorry for people who aren't as experienced with computers as people like us - they literally would've done nothing about the file because the software couldn't do anything about it. I couldn't manually locate the file either. I went through my computer, and the directory was hidden. It's weird because even with view hidden and system files switched on, the directory still wasn't visible. I got into it by copy and pasting the reported directory from my antivirus software into a run box. I tried to delete the file manually, but it came up with weird errors (not the usual "file in use" errors). Couldn't get read/write access. I used task manager to close down everything, and I still couldnt access it.

Anyway, it was hidden in some remote corner of my temporary internet files folder, so in the end all I had to do was delete temp internet files via explorer, but that really was a cheeky trojan.

Once again, I hate virus coders. They're kinda the computer equivilent to 14 year old kid vandels who kick down walls and throw bricks through phone box windows. Basically, pathetic.

Insiiiiiiiiiiiiiiiiiiiiiiiide!
Back to top
Profile PM
Ibrahim
21
Years of Service
User Offline
Joined: 22nd Sep 2003
Location: United Kingdom
Posted: 26th Sep 2003 00:58
Link
ive got a suggestion

1) get your mums hand bag or sisters handbag
2) get a brick or 2
3) put it in the handbag zip it up
4) smash up your computer until it turns into dust
5) that'll teach them virus makers and hackers
hope it helped
Back to top
Profile PM Email Website
AlecM
22
Years of Service
User Offline
Joined: 26th Aug 2002
Location: Concord, MA
Posted: 30th Sep 2003 14:12
Link
If your just routing an internet connection 802.11b is fine. You basically add 1 or 2 to your ping. Howevre for networking I would say that 802.11b is right out I read a review of an 802.11g hub and they didnt like it very much.

[P4 2.8C @ 3.03 with an 866mhz FSB:: MSI Neo-2LS running PAT:: 1gb Mushkin PC-3500 DDR High Perf level 2@ 2,2,2 :: ATI Radeon9800ProAIW :: 120Gb SeagateBarracuda 7,200RPM SATA HD :: Antec Plus1080AMG]
Back to top
Profile PM Email Website
OSX Using Happy Dude
21
Years of Service
User Offline
Joined: 21st Aug 2003
Location: At home
Posted: 30th Sep 2003 14:52
Link
Fallout - might be worth trying Nildram - they're pretty good.


Avatar & Logo by Indi. Come to the UK DBPro Convention in Chichester
Back to top
Profile PM Email Website
Benjamin
21
Years of Service
User Offline
Joined: 24th Nov 2002
Location: France
Posted: 30th Sep 2003 15:52
Link
My connection sometimes 'sleeps'. BTW I was looking around on the net and i saw this page that was selling bandwidth or something(i dont get it either). Anyway, i saw the fastest connection there was...2.7GBps! Obviously home pcs cant get this sort of connection(yet heh) but I mean thats an amazing speed.


http://fingaming.0wns.org/nANo/
Back to top
Profile PM Email
Back to top

Login to post a reply

Server time is: 2024-11-23 23:15:39
Your offset time is: 2024-11-23 23:15:39