PureBytes Links
Trading Reference Links
|
<x-html><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.2614.3500" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=650291403-23081999>Gerrit</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=650291403-23081999></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=650291403-23081999>When
you dial in to your ISP you get a new IP address assigned for that
session. Unless someone has close ties to your ISP, they'll never know
what your address is. On the other hand, there are a lot of ways for
these turkeys can broadcast over the net and your system
responds. I would think if that happens, it's possible to be at risk as
well. I'm sold on firewalls. Glen and I use ConSeal,
FWIW.</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=650291403-23081999></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=650291403-23081999>If you
are on either a cable or DSL modem then your IP address remains fairly
constant. In the case of my ISP, I have a dynamic IP address, but so far
it appears to be static (hasn't changed).</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=650291403-23081999></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=650291403-23081999>Regards</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=650291403-23081999></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=650291403-23081999>Guy</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=650291403-23081999></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=650291403-23081999></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=650291403-23081999></SPAN></FONT> </DIV>
<DIV class=OutlookMessageHeader><FONT face="Times New Roman"
size=2>-----Original Message-----<BR><B>From:</B> owner-metastock@xxxxxxxxxxxxx
[mailto:owner-metastock@xxxxxxxxxxxxx]<B>On Behalf Of</B> Gerrit
Marks<BR><B>Sent:</B> Sunday, August 22, 1999 5:42 PM<BR><B>To:</B>
metastock@xxxxxxxxxxxxx<BR><B>Subject:</B> Re: persistent intruder
attack<BR><BR></FONT></DIV>
<DIV><FONT face=Arial size=2>Do I take this to mean that those with dial up
service are less at risk than those who are online via Cable or other continuous
connection means?</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Respectfully</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Gerrit Marks</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A href="mailto:vitaly@xxxxxxxxxxxxx" title=vitaly@xxxxxxxxxxxxx>Vitaly
Larichev</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
href="mailto:metastock@xxxxxxxxxxxxx"
title=metastock@xxxxxxxxxxxxx>metastock@xxxxxxxxxxxxx</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Sunday, August 22, 1999 3:50
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: persistent intruder
attack</DIV>
<DIV><BR></DIV><BR>>From a recent post<BR><BR>> > ...<BR>> > I
immediately disconnected from the internet.<BR>> > ...<BR><BR>Do we
overreact to dangers of intrusion?<BR><BR>I should admit that I know little on
the subject. So, the above is a question, indeed. Still, a<BR>common sense
makes me wonder, how real are these dangers?<BR><BR>What concerns me is a
possibility of giving somebody an access to private information kept on my
PC:<BR>personal data, financial records (# of credit cards, bank, brokerage
accounts). As some might have a<BR>bad luck to learn, this may spell a long,
long trouble in contrast to just temporary unpleasantness<BR>of restoring data
on HD damaged by a virus, from your backups. Yep, I do backups regularly after
I<BR>was taught a hard way (two HD crashes with total loss of all data) a
lesson on "What these freaking<BR>backups are for?"<BR><BR>As I understand,
for an outsider to ,say, read files on my PC connected to Internet, he should
be<BR>able to take over, at least partially, PC's operational system. For it,
PC should have installed a<BR>remote telecommunication program specially
tailored for these needs (an ability to transmit<BR>covertly, etc.). Not just
something standard, available on each computer like Hyperterminal in<BR>Win95.
Also, it cannot get there without your, though involuntary, participation -
you may put it in<BR>there when opening e-mail, downloading stuff from a Web
site, and so forth. Only then, I believe,<BR>you are ripe for being picked up
by an intruder. If you are "clean", the intruder may sniff out all<BR>your
ports, upper and lower, but no chances to succeed. Am I wrong on this?
Perhaps, most of these<BR>"attacks" are really innocent (like searching for a
partner to play a game), and we shouldn't get<BR>obsessed with it? Maybe, it's
a way the Web lives that we've just discovered to our confusion?<BR><BR>Also,
mind that even an intruder with an access cannot visit your PC casually, from
time to time.<BR>Each time you get connected to the Web, you get a new
Internet address, so next time you are lost<BR>for the intruder. It's true as
well for "always on" Internet connections like cable modems: as soon<BR>as you
turn off/on your PC (not sure if closing a browser does the trick), you get a
new address<BR>also.<BR><BR>Thanks for your patience.<BR><BR>Cheers,
Vitaly<BR><BR><BR><BR><BR><BR><BR></BLOCKQUOTE></BODY></HTML>
</x-html>From ???@??? Sun Aug 22 22:10:13 1999
Return-Path: <majordom@xxxxxxxxxxxxxxxxxx>
Received: from listserv.equis.com (listserv.equis.com [204.246.137.2])
by purebytes.com (8.8.7/8.8.7) with ESMTP id VAA09013
for <neal@xxxxxxxxxxxxx>; Sun, 22 Aug 1999 21:27:44 -0700
Received: (from majordom@xxxxxxxxx)
by listserv.equis.com (8.8.7/8.8.7) id MAA31386
for metastock-outgoing; Mon, 23 Aug 1999 12:07:31 -0600
X-Authentication-Warning: listserv.equis.com: majordom set sender to owner-metastock@xxxxxxxxxxxxx using -f
Received: from freeze.metastock.com (freeze.metastock.com [204.246.137.5])
by listserv.equis.com (8.8.7/8.8.7) with ESMTP id MAA31381
for <metastock@xxxxxxxxxxxxxxxxxx>; Mon, 23 Aug 1999 12:07:28 -0600
Received: from mail.rdc1.bc.home.com (imail@xxxxxxxxxxxxxxxxxxxxxxxxx [24.2.10.66])
by freeze.metastock.com (8.8.5/8.8.5) with ESMTP id VAA02247
for <metastock@xxxxxxxxxxxxx>; Sun, 22 Aug 1999 21:57:44 -0600 (MDT)
Received: from cs819150a ([24.65.28.95]) by mail.rdc1.bc.home.com
(InterMail v4.01.01.07 201-229-111-110) with SMTP
id <19990823034423.TBAI9566.mail.rdc1.bc.home.com@xxxxxxxxx>
for <metastock@xxxxxxxxxxxxx>; Sun, 22 Aug 1999 20:44:23 -0700
Message-ID: <009b01beed19$c7ccb6c0$5f1c4118@xxxxxxxxxxxxxxxxxxxxxx>
From: "Glen Wallace" <gcwallace@xxxxxxxx>
To: <metastock@xxxxxxxxxxxxx>
References: <001101beeb01$6e503f00$758a6395@xxxxxx> <37BD5337.1DB53772@xxxxxxxxxxxxxxx> <37BD8022.D51D0C92@xxxxxxxx> <001501beebcd$8b3e6de0$238e6395@xxxxxx>
Subject: Re: persistent intruder attack
Date: Sun, 22 Aug 1999 20:37:58 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_007B_01BEECDE.387D8E80"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Sender: owner-metastock@xxxxxxxxxxxxx
Precedence: bulk
Reply-To: metastock@xxxxxxxxxxxxx
Status:
<x-html><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.2614.3401" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>Walter:</DIV>
<DIV> </DIV>
<DIV>I know nothing about Intruder/Internet Alert, but if it protects only by
blocking ports, be careful. Some ports must remain unblocked for e-mail
(ports 25 and 110) and web access (port 80), for example. As a
result, you would not be protected from trojans like E-mail Password
Sender, WinSpy and Executor which use these ports, and Back Orifice
and several others which are port-configurable.</DIV>
<DIV> </DIV>
<DIV>Glen</DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
Walter Lake </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
href="mailto:metastock@xxxxxxxxxxxxx"
title=metastock@xxxxxxxxxxxxx>metastock@xxxxxxxxxxxxx</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> August 21, 1999 05:06</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: persistent intruder
attack</DIV>
<DIV><BR></DIV>
<DIV><FONT size=2>Thanks to all the List members that helped me
out.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>The new version of Intruder Alert is called Internet Alert
and is downloadable from the Bonzi site.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>This security issue ... as Glen said, has a steep learning
curve but is worth it. Lots of ports to examine and enter the code
for.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>Thanks again</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>Walter</FONT></DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
wander@xxxxxxxx
</DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
href="mailto:metastock@xxxxxxxxxxxxx"
title=metastock@xxxxxxxxxxxxx>metastock@xxxxxxxxxxxxx</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Friday, August 20, 1999 12:19
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: persistent intruder
attack</DIV>
<DIV><BR></DIV>Hi Walter,
<P>I decided on ConSeal. As you know I have used IA since you brought
it to my attention, and it caught a port scan. But in my experience
I've found that it can only monitor a small number of ports. Maybe
there is a way around this, but I'm not aware of it. This site lists
some ports that known trojans use: <A
href="http://www.simovits.com/nyheter9902.html">http://www.simovits.com/nyheter9902.html</A>
Try loading them all in IA and see what happens. After hearing Guy
mention ConSeal <A
href="http://www.signal9.com/index.html">http://www.signal9.com/index.html</A>
, a couple of weeks ago I tried a one of their products, CPD.
Very easy to use and offers much more protection than IA, IMO.
However, it interfered with my rt feed, so until the ConSeal tech can
determine how to resolve this it looks like I will use ConSeal PC
Firewall. The downside to using FireWall is defining exactly the right
ruleset, which apparently can be a bit difficult in the beginning.
<P>This site was posted to the ConSeal list the other day and is worth
looking at: <A
href="http://home.earthlink.net/~commodon/">http://home.earthlink.net/~commodon/</A>
<BR>Once you enter, click on "How to Detect" for a method to determine if
your PC has been compromised. Another site mentioned (maybe by Guy) is
<A
href="http://www.dslreports.com/">http://www.dslreports.com/ </A>
Ther you can test your firewall security.
<P>Regards, <BR>Ken </P></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
</x-html>From ???@??? Sun Aug 22 22:10:16 1999
Return-Path: <majordom@xxxxxxxxxxxxxxxxxx>
Received: from listserv.equis.com (listserv.equis.com [204.246.137.2])
by purebytes.com (8.8.7/8.8.7) with ESMTP id VAA09101
for <neal@xxxxxxxxxxxxx>; Sun, 22 Aug 1999 21:38:45 -0700
Received: (from majordom@xxxxxxxxx)
by listserv.equis.com (8.8.7/8.8.7) id MAA31327
for metastock-outgoing; Mon, 23 Aug 1999 12:04:35 -0600
X-Authentication-Warning: listserv.equis.com: majordom set sender to owner-metastock@xxxxxxxxxxxxx using -f
Received: from freeze.metastock.com (freeze.metastock.com [204.246.137.5])
by listserv.equis.com (8.8.7/8.8.7) with ESMTP id MAA31323
for <metastock@xxxxxxxxxxxxxxxxxx>; Mon, 23 Aug 1999 12:04:32 -0600
Received: from basecamp1.netquest.net (netquest.net [204.140.219.1])
by freeze.metastock.com (8.8.5/8.8.5) with ESMTP id VAA02239
for <metastock@xxxxxxxxxxxxx>; Sun, 22 Aug 1999 21:54:48 -0600 (MDT)
Received: from p400 (dsl0037.netquest.net [206.117.109.37]) by basecamp1.netquest.net (8.8.8/8.8.6) with SMTP id UAA14425 for <metastock@xxxxxxxxxxxxx>; Sun, 22 Aug 1999 20:41:27 -0700 (PDT)
From: "Guy Tann" <grt@xxxxxxxxxxxx>
To: <metastock@xxxxxxxxxxxxx>
Subject: RE: persistent intruder attack
Date: Sun, 22 Aug 1999 20:41:27 -0700
Message-ID: <000801beed19$6133c2a0$256d75ce@xxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
In-Reply-To: <37C07E98.55C71BF4@xxxxxxxxxxxxx>
Importance: Normal
Sender: owner-metastock@xxxxxxxxxxxxx
Precedence: bulk
Reply-To: metastock@xxxxxxxxxxxxx
Status:
Vitaly
With my DSL service, even though I'm supposed to have a dynamic IP address,
it has remained constant so far (and I turn the system off nightly and even
during the day if I'm not going to use it). I'm not sure why, but all 3
systems on my LAN here at home seem to have fixed IP addresses. With my
firewall, that makes setting the rules easy.
Regards
Guy
-----Original Message-----
From: owner-metastock@xxxxxxxxxxxxx [mailto:owner-metastock@xxxxxxxxxxxxx]
On Behalf Of Vitaly Larichev
Sent: Sunday, August 22, 1999 3:50 PM
To: metastock@xxxxxxxxxxxxx
Subject: Re: persistent intruder attack
>From a recent post
> > ...
> > I immediately disconnected from the internet.
> > ...
Do we overreact to dangers of intrusion?
I should admit that I know little on the subject. So, the above is a
question, indeed. Still, a
common sense makes me wonder, how real are these dangers?
What concerns me is a possibility of giving somebody an access to private
information kept on my PC:
personal data, financial records (# of credit cards, bank, brokerage
accounts). As some might have a
bad luck to learn, this may spell a long, long trouble in contrast to just
temporary unpleasantness
of restoring data on HD damaged by a virus, from your backups. Yep, I do
backups regularly after I
was taught a hard way (two HD crashes with total loss of all data) a lesson
on "What these freaking
backups are for?"
As I understand, for an outsider to ,say, read files on my PC connected to
Internet, he should be
able to take over, at least partially, PC's operational system. For it, PC
should have installed a
remote telecommunication program specially tailored for these needs (an
ability to transmit
covertly, etc.). Not just something standard, available on each computer
like Hyperterminal in
Win95. Also, it cannot get there without your, though involuntary,
participation - you may put it in
there when opening e-mail, downloading stuff from a Web site, and so forth.
Only then, I believe,
you are ripe for being picked up by an intruder. If you are "clean", the
intruder may sniff out all
your ports, upper and lower, but no chances to succeed. Am I wrong on this?
Perhaps, most of these
"attacks" are really innocent (like searching for a partner to play a game),
and we shouldn't get
obsessed with it? Maybe, it's a way the Web lives that we've just discovered
to our confusion?
Also, mind that even an intruder with an access cannot visit your PC
casually, from time to time.
Each time you get connected to the Web, you get a new Internet address, so
next time you are lost
for the intruder. It's true as well for "always on" Internet connections
like cable modems: as soon
as you turn off/on your PC (not sure if closing a browser does the trick),
you get a new address
also.
Thanks for your patience.
Cheers, Vitaly
|