Sorry your browser is not supported!

does anyone else have this premium service from Norton Internet Security 2003 Professional?
or even standard...

i was attacked by someone a lil while ago and i was clicking through the information and i came up with ->



now... probably not someone here, but just incase it is - you live approximately 2 streets over from me here, so i'd have a huge worry about what i'm going to do to you once i return home >

if its no one here than by all means, probably a good warning to know that i can get your home address's (and this is through 50hops, someone wanted to really cover thier tracks)

Erm - that's not the address of the hacker, it's the address of the owner of the netblock. You could go on over there, but you'll find a massive data centre on which AOL rent space and if they're anything like the data centres in this country you'll probably find armed guards too.

Have fun! Don't get shot

Cheers,

Rich

Yes, don't get shot. Make sure you call the big guard Mr. Harry, he'll like that .

yeah, take a cyber dog with ya ...

no i'm pretty sure Suite 200 is one of the small skyrise apartment blocks just outside of town
why would someone at AOL be trying to hack me using a Backdoor/Trojan horse ... which i'm still trying to figure out how it got past NortonAV 2003

(^_^) well i'll find out in 2weeks time eh

Hmm, I don't think so...

In Suite2 100 is ExpoVenture

Suite 200 is the "Herndon Chamber of Commerce"

Suite 300 you've got the "Liberian International Ship & Corporate Registry"

Suite 401 is "One About Allegiance"

etc etc

AOL have been listed there for many many years, it's one of their central offices. Definitely not an apartment block by any stretch of the imagination!

Besides - Norton cannot and will never give you a home address of a hacker for the simple reason that it's absolutely impossible. All it's done is a reverse look-up on the IP of the attack and given you as much info as is possible on it. You can tell from the CIDR block this is one BIG range (not many companies have ranges this large open to them).

Basically some kid on AOL has done an IP sweep and hit your box in the process (or maybe targetted you specifically, but it's very doubtful).

I swear firewall software causes more paranoia than it prevents!

Cheers,

Rich "nearly a decade of working for ISPs so kinda really does know his shit when it comes to this stuff" Davey

Wait..First of all, who in their right mind would use AOL when they are a hacker? Cover story? "Oh no! I didn't know the HACK PERSON button actually hacked somebody!"

o_O not my IP... O_O

actually have a long list of IPs here ... my mate pointed out its not one of the apartment blocks along the street across cause i live on Westwood Blvd, Irvine, CA, and thats on Westwood Street, Sunnyville, VA (a good 75-100miles away or so i'm told)

Anyone here wants to wonder how i get lost all the time i think right there is a big clue

But still that covers my general area ... i wonder if its my home system sending it - funny thing is most of the attacks are from an AOL based person here.
i've not had NortonIS on here for a while, so what the heck are they trying to break into for?

i mean unrelated i think the same thing, but 18times within the past hour from a dynamic AOL account ... it flashes up almost on clockwork. You'd think after 1 or 2 failed attemps someone might get the idea no?

i'm not sure where they'd pull my router IP from though ... because my AOL IP is dynamic, which leaves the router IP as my system IP also changes whenever i switch machines - so i dunno seems weird to me.

They most likely aren't trying to break into anything. Those programs you mentioned (SubSeven, etc) have IP range scanning built into them. They plug in the starting IP address of a network/ISP and then it goes and scans all of the IP addresses in that range triggering off various firewall systems in the process until they find one that is open to attack, doesn't have a firewall and then play with it.

Don't take this "hack" personally - if someone was trying a personal hack against you (and if they had any sense!) SubSeven would be the last thing to use.

Norton will automatically block the IP address of the attacker for 30mins upon it detecting a hack attempt. So the same IP can't have been attacking you (not 18 times in 1 hour at any rate).

They don't have to pull your IP address from anywhere, it's just a range scan. Piece of piss to do, so easy infact it would appear even an AOL user can do it

Cheers,

Rich

Script kiddies like this are just SOOOO lame, you don't have to be massively clever to defend yourself. I don't think the ISPs would help you track the hacker either.

i still don't understand
first thing i don't understand right... On the Norton Tracer Map, it highlighted South Nevada and placed up Sunnyville - yet Sunnyville is literally on the otherside of the states in Virgina (thats weird on its own)

Secondly if someone attacks my AOL account, they have to know my router IP to be able to actually reach my system - because my account is a standard international package

My Computer -> Local AOL -> Router -> Home AOL -> Internet
(its 28hops just to finally get online, looses alot of speed )

so i'm confused how can they actually reach my system when the first IP range they have is the Home AOL ... then it'd hit the Router ... so then they'd need a second range for my Local AOL - then finally they can get on.

i know SubSeven isn't exactly the best software to use (which begs the question why try) - but it seems like alot of trouble to go though just to hit a single computer.

i had one last nite around 2:30 called Angelion, tried to gain access through my DirectPlay port range
just seems very weird ... thing being is i switch to Eidosnet.co.uk and i still get it.

and its not the same IP 18x in a row... AOL as most ISPs use a dynamic range - well not very dynamic its just a rotational, so the incremental and changes every 360seconds or something like that.

i dunno, seems weird to me. I'm not one for understanding any of this hacking stuff, (^_^) never done it myself or cared to ... and most of my mates who understand this are back in the states. Probably nothing as you said, but its worrying that i get so many warnings per hour

All users do - I get an average of 10 to 20 and most of the time I reckon it is NETBN and those lame Port Scanner tools.

from the same attacker? ...
i'll show you something a little later, found that the AOL thing is the office in VA right which is clear across the country, yet the map also shows the origin of the attack ... which is around 50miles north of my place in Cali, close to Walnut Creek.

If the thing was bouncing all about the country, it's be oki that cool - or if the pointer was showing the AOL plaza or something.
What i find wierd is this ->

"FMTAU-RAVEN-i1(xxx.xxx.xxx.xxx),xxxxx"

that is the target... i know its weird enough to have someone using such a pathetic tool, but its ever weirder for them to be trying to access my system name directly no?
That isn't the name i'm using right now because i'm on HOME-JAMES-i4(xxx.xxx.xxx.xxx),xxxxx

just seems a little suspicious to me...

"first thing i don't understand right... On the Norton Tracer Map, it highlighted South Nevada and placed up Sunnyville - yet Sunnyville is literally on the otherside of the states in Virgina (thats weird on its own)"

Herein lies a problem with the Norton service IMHO. All it can ever do is give you a very very approximate guess of where the IP address of the attacker is located. It is impossible (as in - technically impossible) to geographically pin-point someone on their IP address to anything more meaningful than their local phone exchange (and as you know they service very large areas).

Which is why the Norton thing bugs me a little because all they are doing is a trace-route back to the source and a reverse-DNS lookup on the IPs they get and then trying to figure out location based on the results (a router might come back as being called "gateway-sf-cali.isp.net" for example.

The reason they could never trace an IP geographically is because that information isn't located anywhere! Your phone line doesn't have lattitude and longtitude associated with it Your ISP knows your address (usually, for billing purposes) and they know when you've logged-in because they monitor it - but they don't then broadcast out the two sets of information. Norton is very misleading

"Secondly if someone attacks my AOL account, they have to know my router IP to be able to actually reach my system - because my account is a standard international package"

Nah, they don't need to know your IP, just the range it's sat on. Think about it like this:

for ip=1 to 255
portscan x1.x2.x3.ip
next ip

voila - you've just scanned 255 potential hosts. Do the same for variables x1,x2 and x3 and you can literally scan every single possibile public IP address in the world.

That is all they've done - started off scanning a range and found something they liked the look of so dug a bit deeper. If it was a "personal" attack I would expect to see much more than SubSeven knocking on your firewalls door! (trust me, it doesn't take much to bring down Norton, but 99.9% of the time it's fine for detering the script kiddies which I why I use it too).


"so i'm confused how can they actually reach my system when the first IP range they have is the Home AOL ... then it'd hit the Router ... so then they'd need a second range for my Local AOL - then finally they can get on."

They don't need to know ANY of the hops inbetween - they only need the final destination IP address. Sad but true!

If you think about it - your system might mask your real (local) IP address, BUT it has to present something to the outside world - something valid that the Internet can use in order to send those packets of data your way. Otherwise you'd never be able to visit a web site, post here, etc. All an attacker needs to do is hit lucky while scanning the valid range you are part of and he'll soon enough find your host - this part is unavoidable due to the way networks function. What you can do (and what Norton does) is limit how far INSIDE he can get. He might reach your box but Norton will hide anything important from him and stop anything he might try to send at you from doing damage. That is the whole function of a firewall - it's not to make you "invisible", it's to stop people giving you grief (and to hide your home network perhaps, local printers, that kind of thing).

"i know SubSeven isn't exactly the best software to use (which begs the question why try) - but it seems like alot of trouble to go though just to hit a single computer."

No trouble at all - fire it up, whack in a random IP range (or a range you've acquired from someones email address and a quick DNS look-up) and let it rip. They might have been bored, looking to inflict some damage for fun, who knows. SubSeven does at least demonstrate they weren't particularly bothered about the results they got (i.e. this was no Pro hack). More like a joyride.

"but its worrying that i get so many warnings per hour"

I'd be more worried that you DIDN'T get any warnings - that means Norton has been disabled somehow It does me good to know that my little Norton globe will start flashing up a couple of times a day, it reassures me it's still working. If it sat there and did nothing ever I'd be VERY worried. That's just the state of the Internet today.

Cheers,

Rich

kinda rather people don't joyride around in my system ... i have the systems own firewall setup more protective than norton it seems - infact oftenly i have to bypass the blasted thing through a port i've setup just to log onto the net.

but still personally think its worrying anyone is even trying this, its like why bother for such pathetic means?

Well that's the whole point - they're not joyriding around inside your system - they never got that far.

It might be worrying and pathetic but that won't stop it happening

As long as something exists, someone will try to exploit it. You've got a firewall running, it did no damage - leave it at that. It will happen again I guarantee, best not to worry about it - think yourself the lucky one that you blocked it while the next IP in the range might have been some old ladies wide open to attack and they go an infect her PC with SubSeven because "they can". Such a life!

Cheers,

Rich

> Wait..First of all, who in their right mind would use AOL > when they are a hacker?

I would, why not? AOL uses dynamic addressing which means you are literally untraceable when you launch an attack, a perfect place to launch attacks. Ever thought why there's more IP scannings on AOL than say NTL? Even if you manage to obtain the hacker's IP, AOL UK don't even do anything about it AFAIK (this is based on a number of complaints I sent them couple of years ago). I'm glad I got rid of AOl ... Nortons Firewall makes you more vunerable as it opens up more ports than it tells you (on winxp it doesn't tell even ask for access for SSDP discovery service which can be exploited) ... it also installs some crap called Smproxy service whick opens port 80 and watches / filters communications using a rule based system ... get zonealarm pro or sygate professional instead.

- Rav.

ZoneAlarm sits there and tells you your being broken into... and does bugger all.
Atleast Norton stopps people ... that said i've not just got Norton setup but also WinXP's Server Firewall, which is pretty comprehensive to what you allow access to and where. I mean i know alot of people knock XP's own software, but somedays i don't know why because it does do a great job.

Yeah, most probly someone using a port scanner, like 'cyberscan' on your local IP ranges. Good scanners like these automatically scan 'default' ports for NetBios, trojans and the like.

But to think an actual 'hacker' would not cloak whilst scanning is in itself pretty ludicrous

Any 'network security' enthusiasts present?

Just so i know what kind of people i'm dealing with here