Re: Port Scanning and Spoofing (getting tough)
On 2 Jan 2003, at 22:30, who at bellsouth.net wrote:
>
> Hello all WebNetwork Guru's,
>
> Mostly non-Euphoria related, Im considering writing a program
> in Euphoria to trap/log into a EDS database from a Eu-program
> all port scans and attempt to hack my machine.
Question: how will you get the Eu program to be notified of the attempts?
> When I recieve a Port Scan usually this is considered an attempt
> to get info from my machine, correct? Kat?
Yes. Depending on what ports are hit, the OS is programmed to return
certain info on some of them, time for instance, or if you have filesharing
open to the net.
> Here is a port scan I traced back to Canada!
>
> -> port scan from 216.08.52.53
>
> Bell Nexxia (NETBLK-BELLCANADA-4)
> 160 Elgin floor 12
> Ottawa, ON K1G 3J4
> CA
That info is not a traceroute. That's a ip# whois dump.
<snip>
> What can I do about/with this information?
Not much, unless you can show a firewall log of sustained scans (in violation
of their isp's AUP) or illegal activity.
> Im tired of the viruses, I recieved 4 in 2 days.
Viruses don't usually come from port scans, unless you have a server with a
hole in it. Or a trojan. Or adware. Or a "phone home" program. Or a OS with
auto-update. Or you allow active scripting in your email or web browser. It's
the easiest thing in the world to install trojans and viruses with java or
javascript. Ditto VBS.
Essentially, you need a "ring zero" logging firewall, and find out where all
outgoing connections go to, and what type of connection it is. Set up the
firewall to ask you for every connection, do normal things in that mode, look
at the rules, set new rules to block everything you didn't just ok, and then set
the firewall to "very paranoid" or whatever that setting is called on your
firewall. I even block internet ARPcasts. This won't help a lot tho, for
portscans, if you broadcast your ip# with a program like ICQ or other IM
program, which will contact a server to let your "buddy list" know you are
online. It will block netbios attacks, and assorted other things, which others
have no business accessing. Oh, and most IM programs are hackable, as
servers, and can introduce viruses when they do anything automagically for
"enhancing your internet experience".
> Im tired of people/programz spoofing my name.
Anyone can spoof your name online. It's generally as easy as a setting in an
email client. Just ask euman.
> I no longer will use an email name for more than 1 week
I don't see how that will help. I've had some email addys for 3 or 4 years, and
i don't have the problems you describe.
> I no longer will have my NetBIOS name the same each day.
Do you have any firewall at all?? Netbios ports should never be online, ever
ever ever.
> My DNS will automajically change on a daily bases.
Basis. You can't change your dns, unless you have a dynamic ip and you
disconnect and reconnect. Again, this can't be a problem for you. I am online
24-7, same ip#, and i don't have your problems. Even if you do change ip#,
the entire isp can be scanned to relocate you in a few minutes if you have
open ports or a trojan. Or a virus emailing itself somewhere.
> I've had it....if this is a problem for you simply do not exept
> email from any bellsouth user. I will not recieve anything further
> from verizon.net and if you have this ISP then Im very sorry ...
Umm, well, ok.
Kat
|
Not Categorized, Please Help
|
|
