1. Port Scanning and Spoofing (getting tough)
- Posted by who at bellsouth.net Jan 03, 2003
- 360 views
Hello all WebNetwork Guru's, Mostly non-Euphoria related, Im considering writing a program in Euphoria to trap/log into a EDS database from a Eu-program all port scans and attempt to hack my machine. When I recieve a Port Scan usually this is considered an attempt to get info from my machine, correct? Kat? Here is a port scan I traced back to Canada! -> port scan from 216.08.52.53 Bell Nexxia (NETBLK-BELLCANADA-4) 160 Elgin floor 12 Ottawa, ON K1G 3J4 CA Netname: BELLCANADA-4 Netblock: 216.208.0.0 - 216.209.255.255 Maintainer: LINX Coordinator: Daoust, Philippe (PD135-ARIN) noc at in.bell.ca +1-800-450-7771 +1-416-215-5423 Domain System inverse mapping provided by: NS3.BELLGLOBAL.COM 198.235.216.130 NS4.BELLGLOBAL.COM 198.235.216.131 ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE Record last updated on 10-Sep-1999. Database last updated on 23-Aug-2002 16:56:03 EDT. The information in this WHOIS database is current as of August 23, 2002, and has been retained for historical purposes only. For the most current information, query whois.arin.net or visit http://whois.arin.net. What can I do about/with this information? Im tired of the viruses, I recieved 4 in 2 days. Im tired of people/programz spoofing my name. I no longer will use an email name for more than 1 week I no longer will have my NetBIOS name the same each day. My DNS will automajically change on a daily bases. I've had it....if this is a problem for you simply do not exept email from any bellsouth user. I will not recieve anything further from verizon.net and if you have this ISP then Im very sorry ... Namely Anonymous
2. Re: Port Scanning and Spoofing (getting tough)
- Posted by Pete Lomax <petelomax at blueyonder.co.uk> Jan 03, 2003
- 336 views
On Thu, 2 Jan 2003 22:30:10 -0500, who at bellsouth.net wrote: >Im tired of the viruses, I recieved 4 in 2 days. >Im tired of people/programz spoofing my name. Sounds like you have a trojan sending out your new details the moment you change them. Have you tried ad-aware: http://www.lavasoftusa.com/ It is totally free and very good. It catches quite a few nasties my virus scanner doesn't. It will also make a proper backup of any suspect files it finds (providing you click the backup button) before deleting them. Pete
3. Re: Port Scanning and Spoofing (getting tough)
- Posted by David Cuny <dcuny at LANSET.COM> Jan 03, 2003
- 347 views
Euman wrote: > Here is a port scan I traced back to Canada! =46rom my meager reading, I'd guess that most external scans come from in= fected=20 machines, and it's a good bet the owners are clueless about this. If you don't already have it, I'd recommend getting ZoneAlarm=20 (www.zonelabs.com). It can help block scans, and inform you if any progra= ms=20 on your PC are trying to access the Internet. -- David Cuny
4. Re: Port Scanning and Spoofing (getting tough)
- Posted by Kat <gertie at PELL.NET> Jan 03, 2003
- 364 views
On 2 Jan 2003, at 22:30, who at bellsouth.net wrote: > > Hello all WebNetwork Guru's, > > Mostly non-Euphoria related, Im considering writing a program > in Euphoria to trap/log into a EDS database from a Eu-program > all port scans and attempt to hack my machine. Question: how will you get the Eu program to be notified of the attempts? > When I recieve a Port Scan usually this is considered an attempt > to get info from my machine, correct? Kat? Yes. Depending on what ports are hit, the OS is programmed to return certain info on some of them, time for instance, or if you have filesharing open to the net. > Here is a port scan I traced back to Canada! > > -> port scan from 216.08.52.53 > > Bell Nexxia (NETBLK-BELLCANADA-4) > 160 Elgin floor 12 > Ottawa, ON K1G 3J4 > CA That info is not a traceroute. That's a ip# whois dump. <snip> > What can I do about/with this information? Not much, unless you can show a firewall log of sustained scans (in violation of their isp's AUP) or illegal activity. > Im tired of the viruses, I recieved 4 in 2 days. Viruses don't usually come from port scans, unless you have a server with a hole in it. Or a trojan. Or adware. Or a "phone home" program. Or a OS with auto-update. Or you allow active scripting in your email or web browser. It's the easiest thing in the world to install trojans and viruses with java or javascript. Ditto VBS. Essentially, you need a "ring zero" logging firewall, and find out where all outgoing connections go to, and what type of connection it is. Set up the firewall to ask you for every connection, do normal things in that mode, look at the rules, set new rules to block everything you didn't just ok, and then set the firewall to "very paranoid" or whatever that setting is called on your firewall. I even block internet ARPcasts. This won't help a lot tho, for portscans, if you broadcast your ip# with a program like ICQ or other IM program, which will contact a server to let your "buddy list" know you are online. It will block netbios attacks, and assorted other things, which others have no business accessing. Oh, and most IM programs are hackable, as servers, and can introduce viruses when they do anything automagically for "enhancing your internet experience". > Im tired of people/programz spoofing my name. Anyone can spoof your name online. It's generally as easy as a setting in an email client. Just ask euman. > I no longer will use an email name for more than 1 week I don't see how that will help. I've had some email addys for 3 or 4 years, and i don't have the problems you describe. > I no longer will have my NetBIOS name the same each day. Do you have any firewall at all?? Netbios ports should never be online, ever ever ever. > My DNS will automajically change on a daily bases. Basis. You can't change your dns, unless you have a dynamic ip and you disconnect and reconnect. Again, this can't be a problem for you. I am online 24-7, same ip#, and i don't have your problems. Even if you do change ip#, the entire isp can be scanned to relocate you in a few minutes if you have open ports or a trojan. Or a virus emailing itself somewhere. > I've had it....if this is a problem for you simply do not exept > email from any bellsouth user. I will not recieve anything further > from verizon.net and if you have this ISP then Im very sorry ... Umm, well, ok. Kat