Sign in with
Sign up | Sign in
Your question

Paranoia

Last response: in Networking
Share
June 24, 2002 11:38:10 AM

Help me out here...
I have Zonealarm installed as I almost constantly leave my
computer on and because I am slightly paranoid about intrusions...

That said, on to my question:
Zonealarm logs all attempts that has been made to gain access to
my computer, I checked it up and there were 500 of em´ (24h period).

Exactly what is all that?
I doubt that there are like 500 persons that have tried to gain access to
my computer so what else could it be?
(it´s almost always only IP numbers)

Some program that I have blocked earlier that still tries to gain
access or what?

Someone who knows?

Please...before I move from being slightly paranoid to
completely paranoid :wink:

<font color=blue>Current Mode :</font color=blue> Drunk Stoned <font color=red>RELAXED</font color=red>

More about : paranoia

June 24, 2002 1:51:33 PM

depends on what ports they are attacking ... some may be kaazaa probes some may be trojan probes.. go to <A HREF="http://www.mynetwatchman.com" target="_new">my net watchman</A> and read up on it

<font color=blue><b> Common Sense is anything but ... Common !</font color=blue></b>
June 24, 2002 2:16:34 PM

Depends on what ports they´re attacking?
Oh lord, I have so much to read up to do.
what is a port? :redface:

I´ve been using the net for quite some time now (years), but I got my own connection (home) a few weeks ago and until now I never cared about security and spyware.

But now it is my computer that might get "filthy", not the computer at work or something and suddenly I feel that I must protect my "baby" (yes, selfish...I know :smile: )

In the first couple of days when I got my connection, I surfed like mad (porn, appz, warez what have ya) and my computer was completely bombarded with spyware and shite.

Really pisses me off.
I just want to learn a bit of how the "security" works, so that I can avoid getting spyed(spelling?) at.

<font color=blue>Current Mode :</font color=blue> Drunk Stoned <font color=red>RELAXED</font color=red>
Related resources
June 24, 2002 5:11:56 PM

no need to worry, it was probly just some kids messing around with a port scanner, just hitting random ip addresses. i regularly get bombarded with scans. one time i left my old computer running in the dmz, outside my firewall, i checked it the next morning and there were java script boxes all over it, asking to run programs.

how do you shoot the devil in the back? what happens if you miss? -verbal
June 24, 2002 11:18:43 PM

I wouldn't worry too much.

Just in case though, <A HREF="http://grc.com/intro.htm" target="_new">here's</A> a link to a tool called "Shields Up". It's a very handy tool for testing your firewall and port status. It's very safe, so don't worry.

<b><font color=blue>~ What do you mean "It isn't working!"...Now where's my sonic screwdriver? ~ </font color=blue></b>
June 25, 2002 10:54:02 AM

Many thanks.
Read the part about different kinds of attacks...man, is that dude "deep" or what? :smile:

I sucked up a good part of it and found it interesting, going to try ShieldsUp after work.

<font color=blue>Current Mode :</font color=blue> Drunk Stoned <font color=red>RELAXED</font color=red>
June 25, 2002 8:45:21 PM

Cool. Let us know how things go.

<b><font color=blue>~ What do you mean "It isn't working!"...Now where's my sonic screwdriver? ~ </font color=blue></b>
June 25, 2002 9:23:39 PM

I tried shields up and it said that the preliminary internet connection was refused & lots of other good stuff.
In short, "they" think my computer is very secure.

Now I feel less paranoid :wink:

<font color=red>Japanese Telecom</font color=red>
June 26, 2002 12:22:09 PM

Hmmm, interesting.
Tried it at work:

Basically it said that my computer is wide open, so come and get whatcha want...

Also, I didn´t knew that there were a uniqe ID in every NIC card, interesting.
Just the same as with P3´s, but this you can´t disable.

Oh well.



<font color=red>Japanese Telecom</font color=red>
June 26, 2002 6:54:13 PM

Yep. It's known as the MAC (Media Access Control) address and part of it's number is particular to the manufacturer of the card. It's used by OSI level two devices (hub, bridge & switch) for network id and data transfer, or sometimes used with routers to determine IP numbers.

<b><font color=blue>~ What do you mean "It isn't working!"...Now where's my sonic screwdriver? ~ </font color=blue></b>
Anonymous
June 27, 2002 3:34:00 AM

Hi camieabz,

OK so I went to the links and end up running the shields up and the nanoport probe stuff. Fine.

They say I'm invisible, can't find me, and can't find my port 139, and others, and say no netbios contact either i'm in stealth mode. Also all my port probes are reported as stealth. Yay.

So what does it mean? Can I still get hacked? And the question of the day. is there more brutal tests which can help me find my weaknesses?

my intentions are good, but I just don't know enough about the subject to be of any real use.

No need for a dissertatuion or anything if you can help it. I follow links, and read books when necessary.

PS I'm just bugging you because you look like you know what you are typing about. sorry. Good Day!
Anonymous
June 27, 2002 6:03:26 AM

protocols traced by ZoneAlarm and any other firewall

ICMP - Internet Control Message Protocol
the standard error and control message protocol for Internet systems. Defined inRFC792, the most well known use of ICMP messages is the Echo Request - Echo Reply sequence used by Ping.

UDP - User Datagram Protocol
a connectionless protocol that, like TCP, runs on top of IP networks. unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. it is used primaly for broadcasting messages over a network. that allows an application program on one computer to send a datagram to an application program on another computer.

note: protocol with no connection required between sender and receiver that allows sending of data packets on the Internet (thought unreliable because it cannot ensure the packets will arrive undamaged or in the correct order)

TCP - Transmission Control Protocol
it is one of the main protocols in TCP/IP networks. whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered the same order in which they were sent.

FTP - File Transfer Protocol
FTP is a method using SLIP/PPP for retrieving files from a remote internet site. many sites out there allow what is termed and 'anonymous' connection. in other words, there exists a special username called 'anonymous' so that the site can act as a library of useful public domain programs and documents.
There are special programs that do this file transferring for those that upload and download in mass. There are thousands of FTP sites on the Internet offering files and programs of all kinds.

HTTP - HyperText Transport Protocol
used to link and transfer hypertext documents.

IP - Internet Protocol
it specifies the format of packets, also called datagrams, and the addressing scheme. most networks combine IP with a higher-level protocol called TCP, which establishes a virtual connection between a destination and a source. IP by itself is something like the postal system. it allows you to address a package and drop it in the system, but there is no direct link between you and the recipient. TCP/IP, on the other hand, establishes a connection between two hosts so that they can send messages back and forth for a period of time. (IP also provides for fragmentation and reassembly of long datagrams, if necessary, for transmission through small-packet networks)

TCP/IP
the method by which most Internet activity takes place. members with access to TCP/IP through a SLIP (Serial Line Internet Protocol) or PPP (Point to Point Protocol) connection can connect to many ISP services in this manner.

SLIP & PPP
SLIP is one of two standard methods of connecting to the Internet. with a SLIP account you can connect to your ISP over the Internet. it is a protocol used by TCP/IP routers and PCs to send packets over a dial-up and leased-line connections. SLIP has been pretty much replaced by PPP.


<i>if you know you don't know, the way could be more easy ...</i>
June 27, 2002 6:14:54 PM

Well then. Links it is.

<A HREF="http://www.johncarol.com/eicar-virus-test.com" target="_new">Virus Test</A> This one kinda just pops up as if it is a virus. Assuming you have AV software, it will try to quarantine the program. I have no idea what happens if you don't have AV software though :smile:

<A HREF="http://www.secinf.net/info/misc/maxsec/ch13/ch13.htm" target="_new">Guide to better security</A> Nuff said.

<A HREF="http://www.symantec.com/" target="_new">Symantec</A> Some don't like Norton. I do. Never had any probs with AV and Firewall. I don't trust Norton Utilities quite as much. Check out the site for all sorts of info. Also, check other AV sites.

<b><font color=blue>~ What do you mean "It isn't working!"...Now where's my sonic screwdriver? ~ </font color=blue></b>
Anonymous
June 27, 2002 7:50:53 PM

wow, cool, thanks. looks to be just what the doctor ordered.

I'll have to check this stuff out when I get home tonight.
June 28, 2002 9:28:25 AM

Can I add this one?
<A HREF="http://security.norton.com/default.asp?langid=us&venid=..." target="_new">Symantec's Online Virus and Security Check</A>

BTW, nice links camie. That virus test is weird. What <i>does</i> happen if I didn't have Panda activated??? :lol: 

I'll add that middle link to my <A HREF="http://www.btvillarin.com/links/security.html" target="_new">security links page</A>, if that's okay with you...

Bryan

<font color=red><Begin Signature></font color=red>
_____________________________
<A HREF="http://www.btvillarin.com" target="_new">btvillarin.com</A>
My personal website, chock full of tips and other computer stuff. No ads, banners, or catches. It's currently based on Windows XP, but Windows 2000 stuff to come.

<font color=green><A HREF="http://www.btvillarin.com/staff/bryan_villarin.html" target="_new">My System Rig</A> - can anyone give it a name? I haven't yet, and I don't have any ideas</font color=green>

<i>I'm back from Hawaii, so sorry if I'm a bit slow...</i> :lol: 

<font color=red></End Signature></font color=red>
June 28, 2002 7:48:35 PM

No.

:smile:

It's not my link anyway. It's one I just came across. Maybe I got it from Toey. Not sure.

I'll bookmark your ones too ITOKWY?

<b><font color=blue>~ What do you mean "It isn't working!"...Now where's my sonic screwdriver? ~ </font color=blue></b>
June 28, 2002 8:07:20 PM

:lol: 

What does ITOKWY mean???

Bryan

<font color=red><Signature></font color=red>
<b><A HREF="http://www.btvillarin.com" target="_new">btvillarin.com</A></b>
My personal website, chock full of tips and other computer stuff. No ads, banners, or catches. It's currently based on Windows XP, but Windows 2000 stuff to come.
<b><A HREF="http://www.btvillarin.com/staff/bryan_villarin.html" target="_new">My System Rig</A></b>
<font color=red></Signature></font color=red>
June 28, 2002 9:58:57 PM

[gleefull shout] IF THATS OK WITH YOU! [/gleefull shout]

:wink:

<b><font color=blue>~ What do you mean "It isn't working!"...Now where's my sonic screwdriver? ~ </font color=blue></b>
Anonymous
June 28, 2002 11:49:05 PM

Tiny Personal Firewall 2.0.15 - better firewall - for free.


<i>if you know you don't know, the way could be more easy ...</i>
June 29, 2002 12:46:40 PM

Why?

Not being argumentative, just curious.

<b><font color=blue>~ What do you mean "It isn't working!"...Now where's my sonic screwdriver? ~ </font color=blue></b>
Anonymous
June 29, 2002 1:19:36 PM

hack firewall.
you can manage with this firewall, ip adresses, port numbers, protocols,
you can trace an outgoing or an incoming connection, activate associated logs.
you have a real time status window with current open ports & programs which use them, real time transfer speed for each or all.
you can manage a filter rules. each rule is determined by
- the protocol used (udp, tcp, ftp, icmp, others..)
- the direction (incoming, outgoing, both)
- the port type (single port, ports range, list of ports)
- the associated application
- the remote address type (single address, network mask, network range, custom address group)
- the remote address port type
- the rule validity

moreover this firewall needs few resources. completely different of ZoneAlarm or NIS. you manage it with an under level nearest to the TCP/IP layer.


<i>if you know you don't know, the way could be more easy ...</i>
June 29, 2002 1:28:23 PM

So you would recommend this firewall with a non-NAT setup rather than try to configure a NAT setup with static IPs?

<b><font color=blue>~ What do you mean "It isn't working!"...Now where's my sonic screwdriver? ~ </font color=blue></b>
Anonymous
June 29, 2002 2:26:25 PM

Quote:
So you would recommend this firewall with a non-NAT setup rather than try to configure a NAT setup with static IPs?

of course, not. the need to have a NAT is commonly to create its own/home network. you can't replace a NAT by nothing if it is needed.


primary ips from NAT (or router) aren't static mandatory. they could be dynamic.
<A HREF="http://www.practicallynetworked.com/images/scrnshots/hp..." target="_new">a rooter setup screen capture</A>

secondly that depends of the router model & the efficiency of its integrated firewall.
you can use this firewall in addition like a second security.

here is an example:
<A HREF="http://www.practicallynetworked.com/review.asp?pid=306" target="_new">http://www.practicallynetworked.com/review.asp?pid=306&...;/A>

& here a security test between different routers:
<A HREF="http://www.2wire.com/support/pdf/tolly_firwl.pdf" target="_new">rooters firewall security test - pdf doc</A>


<i>if you know you don't know, the way could be more easy ...</i>
June 29, 2002 2:42:30 PM

You see I'll have 8 x IP addresses. 3 for router network & broadcast & 5 for devices.

I want to use the firewall side of the NAT set-up if I can, and I don't need the IP sharing side. Is this possible? How? Any links?

I would intend to run a firewall on each PC anyway, assuming it's warranted, depending on the purpose of the individual PC.

<b><font color=blue>~ What do you mean "It isn't working!"...Now where's my sonic screwdriver? ~ </font color=blue></b>
Anonymous
July 5, 2002 5:53:11 PM

Quote:
I would intend to run a firewall on each PC anyway, assuming it's warranted, depending on the purpose of the individual PC.

i think Tiny Personal Firewall is fine for that purpose. have a look at <A HREF="http://www.tinysoftware.com/home/tiny2?la=EN" target="_new">Tiny Software</A>.
there is also a new XP version (3.0) & a good Trojan Trap (3.0).


<i> :smile: I like Interactive THG!</i>
!