1. Port Scanning and Spoofing (getting tough)
- Posted by who at bellsouth.net
Jan 03, 2003
Hello all WebNetwork Guru's,
Mostly non-Euphoria related, Im considering writing a program
in Euphoria to trap/log into a EDS database from a Eu-program
all port scans and attempt to hack my machine.
When I recieve a Port Scan usually this is considered an attempt
to get info from my machine, correct? Kat?
Here is a port scan I traced back to Canada!
-> port scan from 216.08.52.53
Bell Nexxia (NETBLK-BELLCANADA-4)
160 Elgin floor 12
Ottawa, ON K1G 3J4
CA
Netname: BELLCANADA-4
Netblock: 216.208.0.0 - 216.209.255.255
Maintainer: LINX
Coordinator:
Daoust, Philippe (PD135-ARIN) noc at in.bell.ca
+1-800-450-7771 +1-416-215-5423
Domain System inverse mapping provided by:
NS3.BELLGLOBAL.COM 198.235.216.130
NS4.BELLGLOBAL.COM 198.235.216.131
ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Record last updated on 10-Sep-1999.
Database last updated on 23-Aug-2002 16:56:03 EDT.
The information in this WHOIS database is current as of August 23, 2002,
and has been retained for historical purposes only. For the most current
information, query whois.arin.net or visit http://whois.arin.net.
What can I do about/with this information?
Im tired of the viruses, I recieved 4 in 2 days.
Im tired of people/programz spoofing my name.
I no longer will use an email name for more than 1 week
I no longer will have my NetBIOS name the same each day.
My DNS will automajically change on a daily bases.
I've had it....if this is a problem for you simply do not exept
email from any bellsouth user. I will not recieve anything further
from verizon.net and if you have this ISP then Im very sorry ...
Namely Anonymous
2. Re: Port Scanning and Spoofing (getting tough)
On Thu, 2 Jan 2003 22:30:10 -0500, who at bellsouth.net wrote:
>Im tired of the viruses, I recieved 4 in 2 days.
>Im tired of people/programz spoofing my name.
Sounds like you have a trojan sending out your new details the moment
you change them.
Have you tried ad-aware: http://www.lavasoftusa.com/
It is totally free and very good. It catches quite a few nasties my
virus scanner doesn't. It will also make a proper backup of any
suspect files it finds (providing you click the backup button) before
deleting them.
Pete
3. Re: Port Scanning and Spoofing (getting tough)
Euman wrote:
> Here is a port scan I traced back to Canada!
=46rom my meager reading, I'd guess that most external scans come from in=
fected=20
machines, and it's a good bet the owners are clueless about this.
If you don't already have it, I'd recommend getting ZoneAlarm=20
(www.zonelabs.com). It can help block scans, and inform you if any progra=
ms=20
on your PC are trying to access the Internet.
-- David Cuny
4. Re: Port Scanning and Spoofing (getting tough)
On 2 Jan 2003, at 22:30, who at bellsouth.net wrote:
>
> Hello all WebNetwork Guru's,
>
> Mostly non-Euphoria related, Im considering writing a program
> in Euphoria to trap/log into a EDS database from a Eu-program
> all port scans and attempt to hack my machine.
Question: how will you get the Eu program to be notified of the attempts?
> When I recieve a Port Scan usually this is considered an attempt
> to get info from my machine, correct? Kat?
Yes. Depending on what ports are hit, the OS is programmed to return
certain info on some of them, time for instance, or if you have filesharing
open to the net.
> Here is a port scan I traced back to Canada!
>
> -> port scan from 216.08.52.53
>
> Bell Nexxia (NETBLK-BELLCANADA-4)
> 160 Elgin floor 12
> Ottawa, ON K1G 3J4
> CA
That info is not a traceroute. That's a ip# whois dump.
<snip>
> What can I do about/with this information?
Not much, unless you can show a firewall log of sustained scans (in violation
of their isp's AUP) or illegal activity.
> Im tired of the viruses, I recieved 4 in 2 days.
Viruses don't usually come from port scans, unless you have a server with a
hole in it. Or a trojan. Or adware. Or a "phone home" program. Or a OS with
auto-update. Or you allow active scripting in your email or web browser. It's
the easiest thing in the world to install trojans and viruses with java or
javascript. Ditto VBS.
Essentially, you need a "ring zero" logging firewall, and find out where all
outgoing connections go to, and what type of connection it is. Set up the
firewall to ask you for every connection, do normal things in that mode, look
at the rules, set new rules to block everything you didn't just ok, and then set
the firewall to "very paranoid" or whatever that setting is called on your
firewall. I even block internet ARPcasts. This won't help a lot tho, for
portscans, if you broadcast your ip# with a program like ICQ or other IM
program, which will contact a server to let your "buddy list" know you are
online. It will block netbios attacks, and assorted other things, which others
have no business accessing. Oh, and most IM programs are hackable, as
servers, and can introduce viruses when they do anything automagically for
"enhancing your internet experience".
> Im tired of people/programz spoofing my name.
Anyone can spoof your name online. It's generally as easy as a setting in an
email client. Just ask euman.
> I no longer will use an email name for more than 1 week
I don't see how that will help. I've had some email addys for 3 or 4 years, and
i don't have the problems you describe.
> I no longer will have my NetBIOS name the same each day.
Do you have any firewall at all?? Netbios ports should never be online, ever
ever ever.
> My DNS will automajically change on a daily bases.
Basis. You can't change your dns, unless you have a dynamic ip and you
disconnect and reconnect. Again, this can't be a problem for you. I am online
24-7, same ip#, and i don't have your problems. Even if you do change ip#,
the entire isp can be scanned to relocate you in a few minutes if you have
open ports or a trojan. Or a virus emailing itself somewhere.
> I've had it....if this is a problem for you simply do not exept
> email from any bellsouth user. I will not recieve anything further
> from verizon.net and if you have this ISP then Im very sorry ...
Umm, well, ok.
Kat
