Re: Port Scanning and Spoofing (getting tough)
- Posted by Kat <gertie at PELL.NET> Jan 03, 2003
- 363 views
On 2 Jan 2003, at 22:30, who at bellsouth.net wrote: > > Hello all WebNetwork Guru's, > > Mostly non-Euphoria related, Im considering writing a program > in Euphoria to trap/log into a EDS database from a Eu-program > all port scans and attempt to hack my machine. Question: how will you get the Eu program to be notified of the attempts? > When I recieve a Port Scan usually this is considered an attempt > to get info from my machine, correct? Kat? Yes. Depending on what ports are hit, the OS is programmed to return certain info on some of them, time for instance, or if you have filesharing open to the net. > Here is a port scan I traced back to Canada! > > -> port scan from 216.08.52.53 > > Bell Nexxia (NETBLK-BELLCANADA-4) > 160 Elgin floor 12 > Ottawa, ON K1G 3J4 > CA That info is not a traceroute. That's a ip# whois dump. <snip> > What can I do about/with this information? Not much, unless you can show a firewall log of sustained scans (in violation of their isp's AUP) or illegal activity. > Im tired of the viruses, I recieved 4 in 2 days. Viruses don't usually come from port scans, unless you have a server with a hole in it. Or a trojan. Or adware. Or a "phone home" program. Or a OS with auto-update. Or you allow active scripting in your email or web browser. It's the easiest thing in the world to install trojans and viruses with java or javascript. Ditto VBS. Essentially, you need a "ring zero" logging firewall, and find out where all outgoing connections go to, and what type of connection it is. Set up the firewall to ask you for every connection, do normal things in that mode, look at the rules, set new rules to block everything you didn't just ok, and then set the firewall to "very paranoid" or whatever that setting is called on your firewall. I even block internet ARPcasts. This won't help a lot tho, for portscans, if you broadcast your ip# with a program like ICQ or other IM program, which will contact a server to let your "buddy list" know you are online. It will block netbios attacks, and assorted other things, which others have no business accessing. Oh, and most IM programs are hackable, as servers, and can introduce viruses when they do anything automagically for "enhancing your internet experience". > Im tired of people/programz spoofing my name. Anyone can spoof your name online. It's generally as easy as a setting in an email client. Just ask euman. > I no longer will use an email name for more than 1 week I don't see how that will help. I've had some email addys for 3 or 4 years, and i don't have the problems you describe. > I no longer will have my NetBIOS name the same each day. Do you have any firewall at all?? Netbios ports should never be online, ever ever ever. > My DNS will automajically change on a daily bases. Basis. You can't change your dns, unless you have a dynamic ip and you disconnect and reconnect. Again, this can't be a problem for you. I am online 24-7, same ip#, and i don't have your problems. Even if you do change ip#, the entire isp can be scanned to relocate you in a few minutes if you have open ports or a trojan. Or a virus emailing itself somewhere. > I've had it....if this is a problem for you simply do not exept > email from any bellsouth user. I will not recieve anything further > from verizon.net and if you have this ISP then Im very sorry ... Umm, well, ok. Kat