[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: persistent intruder attack



PureBytes Links

Trading Reference Links

<x-html><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.2614.3500" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=650291403-23081999>Gerrit</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=650291403-23081999></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=650291403-23081999>When 
you dial in to your ISP you get a new IP address assigned for that 
session.&nbsp; Unless someone has close ties to your ISP, they'll never know 
what your address is.&nbsp; On the other hand, there are a lot of ways for 
these&nbsp;turkeys can broadcast over the net and&nbsp;your system 
responds.&nbsp; I would think if that happens, it's possible to be at risk as 
well.&nbsp; I'm sold on firewalls.&nbsp; Glen and I use ConSeal, 
FWIW.</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=650291403-23081999></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=650291403-23081999>If you 
are on either a cable or DSL modem then your IP address remains fairly 
constant.&nbsp; In the case of my ISP, I have a dynamic IP address, but so far 
it appears to be static (hasn't changed).</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=650291403-23081999></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=650291403-23081999>Regards</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=650291403-23081999></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=650291403-23081999>Guy</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=650291403-23081999></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=650291403-23081999></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN 
class=650291403-23081999></SPAN></FONT>&nbsp;</DIV>
<DIV class=OutlookMessageHeader><FONT face="Times New Roman" 
size=2>-----Original Message-----<BR><B>From:</B> owner-metastock@xxxxxxxxxxxxx 
[mailto:owner-metastock@xxxxxxxxxxxxx]<B>On Behalf Of</B> Gerrit 
Marks<BR><B>Sent:</B> Sunday, August 22, 1999 5:42 PM<BR><B>To:</B> 
metastock@xxxxxxxxxxxxx<BR><B>Subject:</B> Re: persistent intruder 
attack<BR><BR></FONT></DIV>
<DIV><FONT face=Arial size=2>Do I take this to mean that those with dial up 
service are less at risk than those who are online via Cable or other continuous 
connection means?</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Respectfully</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Gerrit Marks</FONT></DIV>
<DIV>&nbsp;</DIV>
<BLOCKQUOTE 
style="BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
  <DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
  <DIV 
  style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B> 
  <A href="mailto:vitaly@xxxxxxxxxxxxx"; title=vitaly@xxxxxxxxxxxxx>Vitaly 
  Larichev</A> </DIV>
  <DIV style="FONT: 10pt arial"><B>To:</B> <A 
  href="mailto:metastock@xxxxxxxxxxxxx"; 
  title=metastock@xxxxxxxxxxxxx>metastock@xxxxxxxxxxxxx</A> </DIV>
  <DIV style="FONT: 10pt arial"><B>Sent:</B> Sunday, August 22, 1999 3:50 
  PM</DIV>
  <DIV style="FONT: 10pt arial"><B>Subject:</B> Re: persistent intruder 
  attack</DIV>
  <DIV><BR></DIV><BR>&gt;From a recent post<BR><BR>&gt; &gt; ...<BR>&gt; &gt; I 
  immediately disconnected from the internet.<BR>&gt; &gt; ...<BR><BR>Do we 
  overreact to dangers of intrusion?<BR><BR>I should admit that I know little on 
  the subject. So, the above is a question, indeed. Still, a<BR>common sense 
  makes me wonder, how real are these dangers?<BR><BR>What concerns me is a 
  possibility of giving somebody an access to private information kept on my 
  PC:<BR>personal data, financial records (# of credit cards, bank, brokerage 
  accounts). As some might have a<BR>bad luck to learn, this may spell a long, 
  long trouble in contrast to just temporary unpleasantness<BR>of restoring data 
  on HD damaged by a virus, from your backups. Yep, I do backups regularly after 
  I<BR>was taught a hard way (two HD crashes with total loss of all data) a 
  lesson on "What these freaking<BR>backups are for?"<BR><BR>As I understand, 
  for an outsider to ,say, read files on my PC connected to Internet, he should 
  be<BR>able to take over, at least partially, PC's operational system. For it, 
  PC should have installed a<BR>remote telecommunication program specially 
  tailored for these needs (an ability to transmit<BR>covertly, etc.). Not just 
  something standard, available on each computer like Hyperterminal in<BR>Win95. 
  Also, it cannot get there without your, though involuntary, participation - 
  you may put it in<BR>there when opening e-mail, downloading stuff from a Web 
  site, and so forth. Only then, I believe,<BR>you are ripe for being picked up 
  by an intruder. If you are "clean", the intruder may sniff out all<BR>your 
  ports, upper and lower, but no chances to succeed. Am I wrong on this? 
  Perhaps, most of these<BR>"attacks" are really innocent (like searching for a 
  partner to play a game), and we shouldn't get<BR>obsessed with it? Maybe, it's 
  a way the Web lives that we've just discovered to our confusion?<BR><BR>Also, 
  mind that even an intruder with an access cannot visit your PC casually, from 
  time to time.<BR>Each time you get connected to the Web, you get a new 
  Internet address, so next time you are lost<BR>for the intruder. It's true as 
  well for "always on" Internet connections like cable modems: as soon<BR>as you 
  turn off/on your PC (not sure if closing a browser does the trick), you get a 
  new address<BR>also.<BR><BR>Thanks for your patience.<BR><BR>Cheers, 
  Vitaly<BR><BR><BR><BR><BR><BR><BR></BLOCKQUOTE></BODY></HTML>
</x-html>From ???@??? Sun Aug 22 22:10:13 1999
Return-Path: <majordom@xxxxxxxxxxxxxxxxxx>
Received: from listserv.equis.com (listserv.equis.com [204.246.137.2])
	by purebytes.com (8.8.7/8.8.7) with ESMTP id VAA09013
	for <neal@xxxxxxxxxxxxx>; Sun, 22 Aug 1999 21:27:44 -0700
Received: (from majordom@xxxxxxxxx)
	by listserv.equis.com (8.8.7/8.8.7) id MAA31386
	for metastock-outgoing; Mon, 23 Aug 1999 12:07:31 -0600
X-Authentication-Warning: listserv.equis.com: majordom set sender to owner-metastock@xxxxxxxxxxxxx using -f
Received: from freeze.metastock.com (freeze.metastock.com [204.246.137.5])
	by listserv.equis.com (8.8.7/8.8.7) with ESMTP id MAA31381
	for <metastock@xxxxxxxxxxxxxxxxxx>; Mon, 23 Aug 1999 12:07:28 -0600
Received: from mail.rdc1.bc.home.com (imail@xxxxxxxxxxxxxxxxxxxxxxxxx [24.2.10.66])
	by freeze.metastock.com (8.8.5/8.8.5) with ESMTP id VAA02247
	for <metastock@xxxxxxxxxxxxx>; Sun, 22 Aug 1999 21:57:44 -0600 (MDT)
Received: from cs819150a ([24.65.28.95]) by mail.rdc1.bc.home.com
          (InterMail v4.01.01.07 201-229-111-110) with SMTP
          id <19990823034423.TBAI9566.mail.rdc1.bc.home.com@xxxxxxxxx>
          for <metastock@xxxxxxxxxxxxx>; Sun, 22 Aug 1999 20:44:23 -0700
Message-ID: <009b01beed19$c7ccb6c0$5f1c4118@xxxxxxxxxxxxxxxxxxxxxx>
From: "Glen Wallace" <gcwallace@xxxxxxxx>
To: <metastock@xxxxxxxxxxxxx>
References: <001101beeb01$6e503f00$758a6395@xxxxxx> <37BD5337.1DB53772@xxxxxxxxxxxxxxx> <37BD8022.D51D0C92@xxxxxxxx> <001501beebcd$8b3e6de0$238e6395@xxxxxx>
Subject: Re: persistent intruder attack
Date: Sun, 22 Aug 1999 20:37:58 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_007B_01BEECDE.387D8E80"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Sender: owner-metastock@xxxxxxxxxxxxx
Precedence: bulk
Reply-To: metastock@xxxxxxxxxxxxx
Status:   

<x-html><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.2614.3401" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>Walter:</DIV>
<DIV>&nbsp;</DIV>
<DIV>I know nothing about Intruder/Internet Alert, but if it protects only by 
blocking ports, be careful.&nbsp; Some ports must remain unblocked for e-mail 
(ports 25 and 110) and web access (port 80), for example.&nbsp; As a 
result,&nbsp;you would not be protected from trojans like E-mail Password 
Sender, WinSpy and Executor which&nbsp;use these&nbsp;ports, and Back Orifice 
and several others which are port-configurable.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Glen</DIV>
<BLOCKQUOTE 
style="BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
  <DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
  <DIV 
  style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B> 
  Walter Lake </DIV>
  <DIV style="FONT: 10pt arial"><B>To:</B> <A 
  href="mailto:metastock@xxxxxxxxxxxxx"; 
  title=metastock@xxxxxxxxxxxxx>metastock@xxxxxxxxxxxxx</A> </DIV>
  <DIV style="FONT: 10pt arial"><B>Sent:</B> August 21, 1999 05:06</DIV>
  <DIV style="FONT: 10pt arial"><B>Subject:</B> Re: persistent intruder 
  attack</DIV>
  <DIV><BR></DIV>
  <DIV><FONT size=2>Thanks to all the List members that helped me 
  out.</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT size=2>The new version of Intruder Alert is called Internet Alert 
  and is downloadable from the Bonzi site.</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT size=2>This security issue ... as Glen said, has a steep learning 
  curve but is worth it. Lots of ports to examine and enter the code 
  for.</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT size=2>Thanks again</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <DIV><FONT size=2>Walter</FONT></DIV>
  <BLOCKQUOTE 
  style="BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
    <DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
    <DIV 
    style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B> 
    wander@xxxxxxxx 
    </DIV>
    <DIV style="FONT: 10pt arial"><B>To:</B> <A 
    href="mailto:metastock@xxxxxxxxxxxxx"; 
    title=metastock@xxxxxxxxxxxxx>metastock@xxxxxxxxxxxxx</A> </DIV>
    <DIV style="FONT: 10pt arial"><B>Sent:</B> Friday, August 20, 1999 12:19 
    PM</DIV>
    <DIV style="FONT: 10pt arial"><B>Subject:</B> Re: persistent intruder 
    attack</DIV>
    <DIV><BR></DIV>Hi Walter, 
    <P>I decided on ConSeal.&nbsp; As you know I have used IA since you brought 
    it to my attention, and it caught a port scan.&nbsp; But in my experience 
    I've found that it can only monitor a small number of ports.&nbsp; Maybe 
    there is a way around this, but I'm not aware of it.&nbsp; This site lists 
    some ports that known trojans use:&nbsp; <A 
    href="http://www.simovits.com/nyheter9902.html";>http://www.simovits.com/nyheter9902.html</A>&nbsp;&nbsp;&nbsp; 
    Try loading them all in IA and see what happens.&nbsp; After hearing Guy 
    mention ConSeal&nbsp; <A 
    href="http://www.signal9.com/index.html";>http://www.signal9.com/index.html</A> 
    , a couple of&nbsp; weeks ago I tried a one of their products, CPD.&nbsp; 
    Very easy to use and offers much more protection than IA, IMO.&nbsp; 
    However, it interfered with my rt feed, so until the ConSeal tech can 
    determine how to resolve this it looks like I will use ConSeal PC 
    Firewall.&nbsp; The downside to using FireWall is defining exactly the right 
    ruleset, which apparently can be a bit difficult in the beginning. 
    <P>This site was posted to the ConSeal list the other day and is worth 
    looking at:&nbsp; <A 
    href="http://home.earthlink.net/~commodon/";>http://home.earthlink.net/~commodon/</A> 
    <BR>Once you enter, click on "How to Detect" for a method to determine if 
    your PC has been compromised.&nbsp; Another site mentioned (maybe by Guy) is 
    <A 
    href="http://www.dslreports.com/";>http://www.dslreports.com/&nbsp;</A>&nbsp;&nbsp; 
    Ther you can test your firewall security. 
    <P>Regards, <BR>Ken&nbsp;&nbsp; </P></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
</x-html>From ???@??? Sun Aug 22 22:10:16 1999
Return-Path: <majordom@xxxxxxxxxxxxxxxxxx>
Received: from listserv.equis.com (listserv.equis.com [204.246.137.2])
	by purebytes.com (8.8.7/8.8.7) with ESMTP id VAA09101
	for <neal@xxxxxxxxxxxxx>; Sun, 22 Aug 1999 21:38:45 -0700
Received: (from majordom@xxxxxxxxx)
	by listserv.equis.com (8.8.7/8.8.7) id MAA31327
	for metastock-outgoing; Mon, 23 Aug 1999 12:04:35 -0600
X-Authentication-Warning: listserv.equis.com: majordom set sender to owner-metastock@xxxxxxxxxxxxx using -f
Received: from freeze.metastock.com (freeze.metastock.com [204.246.137.5])
	by listserv.equis.com (8.8.7/8.8.7) with ESMTP id MAA31323
	for <metastock@xxxxxxxxxxxxxxxxxx>; Mon, 23 Aug 1999 12:04:32 -0600
Received: from basecamp1.netquest.net (netquest.net [204.140.219.1])
	by freeze.metastock.com (8.8.5/8.8.5) with ESMTP id VAA02239
	for <metastock@xxxxxxxxxxxxx>; Sun, 22 Aug 1999 21:54:48 -0600 (MDT)
Received: from p400 (dsl0037.netquest.net [206.117.109.37]) by basecamp1.netquest.net (8.8.8/8.8.6) with SMTP id UAA14425 for <metastock@xxxxxxxxxxxxx>; Sun, 22 Aug 1999 20:41:27 -0700 (PDT)
From: "Guy Tann" <grt@xxxxxxxxxxxx>
To: <metastock@xxxxxxxxxxxxx>
Subject: RE: persistent intruder attack
Date: Sun, 22 Aug 1999 20:41:27 -0700
Message-ID: <000801beed19$6133c2a0$256d75ce@xxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
In-Reply-To: <37C07E98.55C71BF4@xxxxxxxxxxxxx>
Importance: Normal
Sender: owner-metastock@xxxxxxxxxxxxx
Precedence: bulk
Reply-To: metastock@xxxxxxxxxxxxx
Status:   

Vitaly

With my DSL service, even though I'm supposed to have a dynamic IP address,
it has remained constant so far (and I turn the system off nightly and even
during the day if I'm not going to use it).  I'm not sure why, but all 3
systems on my LAN here at home seem to have fixed IP addresses.  With my
firewall, that makes setting the rules easy.

Regards

Guy


-----Original Message-----
From:	owner-metastock@xxxxxxxxxxxxx [mailto:owner-metastock@xxxxxxxxxxxxx]
On Behalf Of Vitaly Larichev
Sent:	Sunday, August 22, 1999 3:50 PM
To:	metastock@xxxxxxxxxxxxx
Subject:	Re: persistent intruder attack


>From a recent post

> > ...
> > I immediately disconnected from the internet.
> > ...

Do we overreact to dangers of intrusion?

I should admit that I know little on the subject. So, the above is a
question, indeed. Still, a
common sense makes me wonder, how real are these dangers?

What concerns me is a possibility of giving somebody an access to private
information kept on my PC:
personal data, financial records (# of credit cards, bank, brokerage
accounts). As some might have a
bad luck to learn, this may spell a long, long trouble in contrast to just
temporary unpleasantness
of restoring data on HD damaged by a virus, from your backups. Yep, I do
backups regularly after I
was taught a hard way (two HD crashes with total loss of all data) a lesson
on "What these freaking
backups are for?"

As I understand, for an outsider to ,say, read files on my PC connected to
Internet, he should be
able to take over, at least partially, PC's operational system. For it, PC
should have installed a
remote telecommunication program specially tailored for these needs (an
ability to transmit
covertly, etc.). Not just something standard, available on each computer
like Hyperterminal in
Win95. Also, it cannot get there without your, though involuntary,
participation - you may put it in
there when opening e-mail, downloading stuff from a Web site, and so forth.
Only then, I believe,
you are ripe for being picked up by an intruder. If you are "clean", the
intruder may sniff out all
your ports, upper and lower, but no chances to succeed. Am I wrong on this?
Perhaps, most of these
"attacks" are really innocent (like searching for a partner to play a game),
and we shouldn't get
obsessed with it? Maybe, it's a way the Web lives that we've just discovered
to our confusion?

Also, mind that even an intruder with an access cannot visit your PC
casually, from time to time.
Each time you get connected to the Web, you get a new Internet address, so
next time you are lost
for the intruder. It's true as well for "always on" Internet connections
like cable modems: as soon
as you turn off/on your PC (not sure if closing a browser does the trick),
you get a new address
also.

Thanks for your patience.

Cheers, Vitaly