Folks, ever since I got this Black Ice program a few months back I’ve noticed an appalling number of people scanning my system. The jump from dial-up to ADSL, it seems, has opened me wide up, and I know I’m not the only one. Now I know all the little script kiddies out there are pretty harmless for the most part, and I’m not interested in the people who ping me a couple of times and move on. But there are people out there, it would appear, trying to actively gain entry. The little shield symbol in the system tray turns this heinous shade of sickly red, and I notice a few of the same IP addresses trying over and over again. I think I’ve ruled out the “false positives”…my question: anything I can do to, how shall I say it, discourage the more malicious twits out there? I’ve reported it to my ISP; they don’t seem to care. I feel reasonably well protected; I’m just wondering if there are any photon torpedos or even phasers I could use instead of just sitting with shields up all the time. Suggestions?
Check out https://grc.com/x/ne.dll?bh0bkyd2
Thanks, sailor. The security tester says my PC is in “full stealth mode,” and says that I am one of the well-equipped few. So that’s good. But I guess my question was more along the lines of what can I do to move beyond the deterrent stage and into the return fire stage? Surely there’s something. Surely I’m not the first person to ask this question. I don’t want to be a cracker or anything; I just want to offer some active discouragement.
If it’s coming from the same source, as was the case fairly recently with me, and their really trying to get in, keep up the pressure with your ISP.
If their anything worth their salt, and you tell them some key info- like your firewall, security settings, and act like you know what you’re talking about, they should respond with some sort of action. Tell them where it’s coming from, times and number of attempts, blah… blah… blah.
If not, and this is what finally worked for me, start threatning them. I told them I wanted my service cancelled immediately if they did not address it now! Stress that you’re computer savvy and will be checking to see what actions they have taken.
They hate losing people right now, there’s any number of carriers out there and competing services that they will eventually do something just to keep you and shut you up.
I don’t know enough about it to be anything more usefull than relaying my own personal experience. I bitched away and make a stink. Random ‘pinging’ is pretty harmless, it’s when they actively start probing that I lost it. They eventually were very helpfull and the probing stopped.
Good luck, it’s a bitch sitting there watching it happen in real-time and feeling helpless.
Simplest method I can think of: Give 'em what they want. Prepare a malicious executable of some sort (just how malicious is up to you), and label it with some appealing (to a cracker) name, like anarchy.exe or pornview.exe, or something. Use your imagination. Be sure to include plenty of warnings when it’s run, that it’s potentially damaging, are you sure you want to run this, etc. (this is to cover you rear should they try to sue or something). Then, take down your guard just enough to let them get in and steal that file.
Of course, this is not a sure-fire recipe. You’ve got to bait them in such a way that they’ll want the file, drop your guard in such a way that they’re not suspiscious, etc. Script kiddies (ptooie!) aside, most cracking and countercracking is actually a matter of psychology, not programming.
If you think they’re running a Windows or a Mac machine, try a Ping of Death. It’s a MOOB (Message Out Of Band) that causes a stack overflow and crashes their system (immediate Blue Screen of Death on an NT machine). You can look it up on Yahoo and get some more info. It’s sad how easy Windows and Mac are to break. It really is. There are also patches you can install on yours if you feel vulnerable to this kind of attack. A good link is The Ping o’ Death Page, which explains the theory. It also tells how to test yourself to check your vulnerability to such an eaxy exploit.
Thanks Chronos and derleth…Ping Of Death sounds very interesting. If anybody else has any high-powered, underground tools for effecting temporary disaster, please let me know. I tried the trojan horse executable route; nobody ever really bit, even with creative file names. I take it most people aren’t interested in retrieving anything from me–they simply want to gain access for hacking other systems or DoS attacks.
Wow! Well now.
I feel like a little wimp now. I too thank the above advice.
Sidenote to Chronos- Why should you be worried about covering your ass? Their the people probing your comp., F’em!
That ping of death shouldn’t work on anyone who has enough knowledge to try to get to you. Of course, they could be complete script kiddies and not know how to find the patches.
Anyway, go to a site like rootprompt.org (i think, not gonna bother looking it up) and rummage around for exploits. Or bugtraq, though they are usually fairly responsible and will make you at least compile them yourself.
Here are a few search terms to get your arsenal started. I’ve been out of the game for a while, so most of these are probably obsolete.
For specific exploits:
Winnuke
ssping
teardrop
smurf
land
pepsi
For general terms:
DOS attack
DDOS attack
nuke
ping flood
syn flood
General (probably illegal) fun:
back orifice
back orifice 2000
netbus
SATAN
COPS
There, that should get you started.
Following TheNerd’s advice is at your own risk. I know that BackOrifice, a backdoor program that gives you very good access to a remote computer stealthily, is probably not a good thing to use against a good user who could conceivably track packets going in and out, as it requires you to be in communication with the target machine. Netbus is the same, IIRC. SATAN is a valid security tool that essentially port surfs, finding open doors in odd places. Winnuke is a MOOB aimed at Windows machines. Of course, you could run a denial-of-service attack. Simple, dirty, does the job. Anyway, a quick Yahoo or Google serch on any one of TheNerd’s terms will give you plenty of ammo. Have fun, stay anonymous, stay safe.
Remember that most revenge (as opposed to protective) measures are illegal and, according my reading of the standards of this board, inappropriate here.
I went to the link that Sailor posted and I saw this:
Scared the crap out of me, for a couple of reasons…
I’m on a dial-up, though, so I am not too worried…
Yer pal,
Satan - Commissioner, The Teeming Minions
*TIME ELAPSED SINCE I QUIT SMOKING:
Five months, one week, five days, 2 hours, 29 minutes and 47 seconds.
6604 cigarettes not smoked, saving $825.52.
Extra time with Drain Bead: 3 weeks, 1 day, 22 hours, 20 minutes.
*“I’m a big Genesis fan.”-David B. (Amen, brother!)
That’s my problem. I want to defend myself strongly, not act overtly in the same manner that I’m trying to prevent. I wouldn’t play with BackOrifice. Ping of Death sounds pretty interesting, though…even just to see if I’m at risk. Thanks for the suggestions, everyone…
http://www.rootshell.org…I think you mean
Sometime a while back someone managed to get my password on my dial up account(before I got cable), and when I tried to log in, I got bumped off immediately because I was already logged on. I called the ISP, they changed my password, but wouldn’t drop the connection the other person was using. They did however, give me the IP they had assigned. So I tried ping of death, no luck, and then found a program that would send a constant stream of bogus error msges (web page not found kind of things). I forget the name of it, but basically the end result is that anywhere they try to go after that just comes up as an error. The guy of course disconnected pretty quick, and when he tried to call in again the password had been changed. not quite as elegant as the ping of death, but effective.
If you have their IP addresses, can’t you track them down? I mean the human beings themselves.
My brother-in-law does network support and recently caught a newbie hacker trying to break into one of his client’s systems. He checked out the IP address, found the company this person worked for (she was hacking from the office–not too smart) and called her up and told her to stup f’ing around. Scared the shit out of her.
And really, you should be trying to find THEIR ISP and complain to them–not your own ISP.
Two good DOS programs:
stream
raped
(sorry, don’t have time right now to track them down and provide you with a link.)
I used these this summer (in a labratory setting), and they
were pretty effective. IIRC “stream” just utterly hosed the
Win NT sp5 system I pointed it at. Assume it would work on other windows boxes. But people scanning your system could well be on linux/unix boxes…
As an aside, it’s generally not a good idea to get into a
war with the people on the other side out there. There are
thousands of them, and only one of you. Plus, on the off
chance they aren’t script kiddies, you could be in for a
world of trouble. I would also caution against the bait trap method Chronos is advocating, for the same reasons.
Deterrence is the best option here. And yes, if you can trace them to an ISP in an English speaking country, you might be able to get their account booted.
Rather than black ice try http://www.zonelabs.com/
zone alarm. Its free, and it will even let you know when programs are trying to access the net that shouldnt. There are a lot of spyware programs(broderbund, for example), that wills try and send info about you behind your back. Zonealarm caught it right off the bat, and asked me if I wanted to let it act as a server. I told it no, and now it can’t. ads an extra level of security, and seems to work as well or better then black ice.
Satan, I always follow that site’s advice and disconnect my bindings and do not share my HD (or protect it with a password).
The only time I reinstalled WIN and forgot to do it, I was infected with a worm which was harmless, but I learnt my lesson. Even on a dialup connection you are vulnerable. But I just doing what that site tells you I have never had any problem and I am online for many hours every day.
Well, that’s the problem–I’m being targeted by IP addresses from my own ISP. It’s SWBell, so you can imagine how many people/states that accounts for. I’m taking CnoteChris’s advice as well and being persistent. Very persistent. Hopefully they’ll get tired of me sending them all my BlackIce logs.
Will try Zone Alarm and look into Stream as well–I suppose it is better not to get in a biscuit throwing contest with the Great Unknowns out there, I’d just like to have something with a little bite for the folks who are clearly (or so it would seem) targeting me.
As I understand it, you can be vulnerable whenever you are connected to the Internet, even on a dial-up connection.
I use a hybrid service from my cable company. A dial-up connection is used for uplink, and an external cable modem for downlink (which is plugged into a power strip so I can turn it off if I’m not using the Internet). I use ZoneAlarms, and I see attempted accesses every time I’m logged on.
One weekend when I was on for a few hours, I logged attempts from a certain address which was repeated every 15 minutes. Each new attempted access was to a port number one higher than the previous attempt. I traced the address and it turned out to be in Korea. My guess is that this person was sequentially scanning a large range of IP addresses and I got hit whenever my address came up again.