Remember when some n00b b0rked the forums, and someone got his details from his ip


Well, how do you do that? Cos someone keeps trying to hack me, according to Norton2002

His(/her?) ip is: 194/164/41/71
It seems to happen every 30 or so mins, but has happened 447(!) times and there have been 29 different ips :o

wtf is going on?:shake::dead:


edit: this is oooold skool, go to page3 for recent input.

» Edited on 27-2-2003 by mrplow

i keep getting 24.213.62.251 tonight

"Security Alert! Default Block Bla Trojan horse

24.213.62.251 blocked for 30 minutes"

30 mins later guess what...

"Security Alert! Default Block Bla Trojan horse

24.213......."

I don't know shit bout this sortta thing but doesn't that mean u have a trojan in your system or either someone is trying to access the port that their trojan uses??

do you not have a server in your flat? if you've stopped using that now and that's when this started happening then that'll be why becuase as far as i know masquerade and internet connection sharing would stop this happening to other computers on the LAN cause unless the ports were forwarded.

blah, all of the above is a BIG MAYBE :o hope it helps

u r right i have stopped using my server and am now using my own computer as the gateway

but it means this guy had access to my server, since I didnt use Norton on it, just gayass MS Firewall (and it seems to go straight through that)

grrr, if i find out this is the same guy "cool", im gonna fly to russia, buy me some soldiers and an AK, and get medieval on his ass

You should consider getting an old machine (486 or sumthin) and using Smoothwall. A linux based firewall is going to give infinitely more protection than anything M$ and a more secure solution than Norton. (you know I just love M$ :shake: )

yeah basically that's what i was gonna say :P

maybe i will

i would prefer running proper linux tho with a firewall on top...

renko me lad, i dont suppose you could knock up a linux firewall for n00bs article? taking into account BT OpenWorld and perhaps NTHell/bl00yonder access?

pwetty please? :D

I thinks he could do that

/me takes out his 1911 from back poket and points it at renkos pump

Now Jon be a nice boy and start writing this article....
:hmm:

yeah sure I'd do that. Will have to be smoothwall (know a little about setting up firewall rules but not enough that I'd trust it.)

Might be a while before I get it done, lots on at uni. If ur a in a hurry I might manage to get it done at the weekend. :rolleyes:

np

someone tried to SubSe7en me today, biatch

213.122.184.83

Use this it will show the IP route.

http://www.amnesi.com/hostinfo/ipinfo.jhtml

WHOIS Query Result for 213.122.184.83:

inetnum 213.122.0.0 - 213.122.255.255
Origin BT-IMSNET
descr BT-IMSNET
country GB
Admin. Contact BS1474-RIPE
Tech. Contact BS1474-RIPE
status ASSIGNED PA
remarks Please send abuse notification to abuse@btinternet.com
mnt-by BTNET-MNT
changed support@bt.net 20000711
changed preston.dialip@bt.com 20010523
changed preston.dialip@bt.com 20010628
source RIPE
route 213.120.0.0/14
descr BT Public Internet Service
Origin AS2856
remarks Please send abuse notification to abuse@bt.net
remarks PLEASE DIRECT ALL QUERIES TO support@bt.net
mnt-by BTNET-MNT
changed support@bt.net 20000607
source RIPE
role BTnet Support
address 154 St Albans Rd
address Sandridge
address St Albans
address Hertfordshire
address AL4 9NH
address GB
phone +44 1189 512313
e-mail support@bt.net
trouble support@bt.net
Admin. Contact FLS15-RIPE
Tech. Contact BS1474-RIPE
NIC Handle BS1474-RIPE
remarks Please send abuse notification to abuse@bt.net
remarks For all queries contact support@bt.net
mnt-by BTNET-MNT
changed preston.dialip@bt.com 20010613
changed support@bt.net 20011112
source RIPE

WHOIS Query Result for 194.164.41.71:

inetnum 194.164.41.0 - 194.164.41.255
Origin WOAFTECH-NET
descr Woaf Tech
country GB
Admin. Contact JO497-RIPE
Tech. Contact MB5206-RIPE
mnt-by NK-CORE-MNT
status ASSIGNED PA
changed mark@netkonect.net 20020411
source RIPE
route 194.164.0.0/16
descr NETKONECT-AGG2
Origin AS3328
mnt-by AS3328-MNT
changed abirch@netkonect.net 19960328
source RIPE
person Jonathan Oddy
address 24a West End
address Witney
address Oxon
address OX8 6NE
phone +44 1993 703581
NIC Handle JO497-RIPE
changed mark@netkonect.net 20000907
source RIPE
person Mark Belchamber
address Netkonect Communications plc
address Opus House
address Manor court
address Herriard
address Basingstoke
address Hampshire
address RG25 2PH
phone +44 870 0632222
fax-no +44 870 0634444
NIC Handle MB5206-RIPE
changed markb@netkonect.net 20000724
source RIPE

their ADDRESSES? :o

but how do i know they are really hackers, could it be something else?

another one :hmm:


WHOIS Query Result for 212.162.185.122:
inetnum 212.162.185.0 - 212.162.188.255
Origin ADMEO
descr admeo networks ab
descr Malmoe Sweden
country SE
Admin. Contact MB21039-RIPE
Tech. Contact MB21039-RIPE
status ASSIGNED PA
Notify ripe@admeo.com
mnt-by SYDKRAFT-MNT
changed ripe@admeo.com 20011016
source RIPE
route 212.162.160.0/19
descr Sydkraft bredband AB
Origin AS20734
Notify matts.behrens@admeo.se
mnt-by SYDKRAFT-MNT
changed matts.behrens@admeo.se 20010711
source RIPE
person Matts Behrens
address Admeo networks ab
address Östra kanalgatan 3
address Box 4299
address 20314 Malmö
address Sweden
phone +46-40-6643600
fax-no +46-40-6643609
NIC Handle MB21039-RIPE
remarks Please report any abuse to abuse@admeo.com
remarks Other tech problems to hostmaster@admeo.com
remarks I'll be happy to assist but the other is usually faster.
changed matts@admeo.com 20001013
source RIPE

i find it weird all these ppl are hacking me, can it be true

"Default Block Backdoor/SubSeven Trojan Horse blocked"

is norton just being over protective?

"Read the alert and evaluate the risk. You can get more information about this kind of attack. Most Security alerts trigger AutoBlock, preventing the computer from communicating with your computer for 30 minutes.
Ensure that the alert describes a real attack and not a legitimate attempt to access your computer. If the attempt is legitimate, add the computer that is attempting to connect to you to the Trusted zone or use Internet Access Control to allow the type of connection described in the alert.

Don’t assume that every security alert represents an attempt to hack your computer. There are many more-or-less harmless events on the Internet that cause security alerts.
This alert is warning you about a possible remote access Trojan horse program. A Trojan horse program masquerades as a legitimate program and damages or compromises the security of your computer.
Some Trojan horse programs perform malicious actions on the computer on which they are run, while others, such as Back Orifice, provide remote-control capabilities for hackers.

For more information, visit www.symantec.com/avcenter"

Any good hacker would hijack an IP so these are the last point before you unfortunatly... :(

You can get messages when people are connecting to you even if they are not hackers. It all depends on your level of protection & what software is being used.

Was it happening when you hads any chat software running etc...

no it seems to understand chat progs and lets them thru

seems to block some games though - i cant play online CS or TO, however other ppl on my network can (i am currently the net server) ?!?

oh well im going to the pub

plow, is there any way to find out exactly what ports these guys are trying to connect to? It may just be that it's harmless attempt to connect to a high port and it's being interpreted as sub7.

Is the website hosted on your machine? (ie. ur ip address is available to the world and his dog) or are u visiting any dodgy irc channels? :D

lol the website is not hosted on my machine
what kind of cowboy operation do you think i'm running here :P

i am in a pretty dodgy irc channel tho...

#techangel on irc.quakenet.org :o

:D

lol who would ever go in in there? :shake:

lol

:hmm:...The fuggers are on me with a BLA trojan-

421 attempts by a total of 258 attackers in the space of 4 - 5 hours - how annoying -

is there anything I can do about this?? The only change that has occured this afternoon is that there has been another PC added to the network- I've virus checked all the other machines and they're fine - the machine in question is the main access machine for btbroadband - since writing the attempts have risen by 2 each on attacks, and attempted attackers- how many quoniums!!

gettin fugged by BLA trojan - 460 attacks by 260 attempted attackers in 4 hours - any clues? the cntz...

i never put in place any wonder solution. i just stopped using norton (cos it didnt work too well with sharing anyway) and i use the built in xp one now.

to be honest, i don't think all the attempted "hackings" i was getting were actually anything malicious.

yeah I cant imagine so many attempted hacks coming at once from nowhere when I hardly ever get any - I might look at new firewall software as I've read several times that Norton is a bit iffy- Thing that I don't like though is that if I disable Norton while I'm online then this BLA thing will get into my system, and from what I've seen that isn't too healthy a thing to happen...

when u say its the "main access machine", are you just using it to share the connection or is it actually used as a proper computer?

cos if its just sitting there sharing net (or if you have an old computer sitting doing nothing which could be used to share the connection) i'd recommend setting up a smoothwall machine

http://www.smoothwall.org

yeah it's actually being used by me as a workstation- it was the first machine in the building, and recently I've got a couple more put in and networked them together - it's since the latest addition today that this burst has occured - I'l lcheck out that smoothwall cheers- The plan in the near future is to take the older workstation that has been replaced by the new machine, and use it as a shared hard drive to store all client work (to keep them in the sme place basically) - I know nothing about servers, networking etc- I'm just a designer- my workpal however knows a bit more about it - I'll put smoothwall across to him too and see what he's saying - cheers! attacks continue....about 10 whilst I typed this

smoothwall does steal the PC all for itself.

if you want to have a fileshare type thing as well, then best to stick to windows (or a linux install).

my pc is the internet sharing machine in this house. i just use the XP firewall which may well not be the best but i dont seem to be the victim of international terrorist hackers.. yet..

if you're getting SO many attacks, it might be a good idea to do as many checks as you can for installed trojans.
and have you reconnected your [i assume] broadband? cos that will probably change your IP.

I was kind of worried about this, but I have that SMC Broadband Router inbetween the pc's and the cable modem. It's acting as a hardware firewall. Ya think that's okay for the moment or would I be best off with a smoothwall pc between the cable modem and the router?

Got attacked tonight myself with someone trying to use SUbSeven trojan too, NortonAV and NortonPF2003 work nice together

might try that - this BLA's still going like there's no tomorrow - alllll day and counting- I got 200 attacks in 5 minutes, pretty much all different folk too- so I guess it's not malicious, just a fuggin problem...

surely all this is people scanning ranges of IPs???

it's not really that much to be concerned about (I hope). Basically, if you don't have a trojan installed on your PC then you're cool. But best to have a firewall on just in case.

The XP one isn't amazing but It will stop most script kiddies. (hopefully)

Yeah I installed a trial version of Anti Trojan and running a can it didn't pick anything up so it's all cool- BUT- if I do disable norton for any space of time I'll be infected with this thing- it's now at 576 attacks with 220 attempted- bollll- loks- I'm not a wizard on virus protection but I can do some research - if there is any GOOD firewall device that someone feels compelled to recommend, I would be most grateful to hear so I can check it out- as for now - It's friday night so I ain;t soing sh-t else but let norton carry on blocking the bloody thing!!

Originally posted by leo
BUT- if I do disable norton for any space of time I'll be infected with this thing

I don't think so! my point is that this is simply scanning to see if you have the trojan installed (but the scans are being picked up by the firewall).

If you had the trojan already installed and the firewall was down then you may well get hacked but you first need to get the trojan on your PC installing it (by mistake) via some malicious software or email attachement, for example.

Ummm, how do you watch for these attacks, you got a prog or summat that does this?

yeah Norton anti virus - I just got the settings so that it informs me everytime something comes in or goes out, or tries to-

Norton is lovely :love: ave it!

Originally posted by leo
yeah Norton anti virus - I just got the settings so that it informs me everytime something comes in or goes out, or tries to-

i think u mean norton internet firewall, or norton internet security.... whatever its called.

can u tell it not to alert you everytime? that'd be a nice workaround :)

I hate Symantec.

yeah internet security - I guess so

i agree with harry tho. these "attacks" are NOT trying to put a trojan on your system. they are looking for a trojan, so that they can connect to it.

if you dont have any installed (and your checks would suggest that you, thankfully, dont) then you are not at risk from the attacks.

and if your scared of taking the firewall down while you install another one, you can always disconnect from the internet you know!! ;)

yeah its cool- Mr Plow you make good sense- I didn;t know till recently that a trojan horse installs itself on your system in order for the main attack to take place - and, I don't have a trojan on my system, so you're right - on another (but similar) note- I have norton anti virus server, but haven;t gone about installing it - any comments?? Is it worth installing as well as internet security?

Originally posted by synaptyx
I hate Symantec.

I agree I hate Synaptyx too! :P

You love me. :p

Originally posted by leo
on another (but similar) note- I have norton anti virus server, but haven;t gone about installing it - any comments?? Is it worth installing as well as internet security?

im not sure what that is. as far as i know "Internet Security" includes that years release of "AntiVirus". i dont know what that "server" version is, altho i would assume it was for some kind of network-wide protection.

as long as you definately have antivirus installed, you'll be ok. (probably :P)