Are you being hacked????

[Mayhem]

The fire wall program on my Forward LAN Router has been logging IPs of at least 3-4 attemted hacks every day for the last two months. None have been successful so far (Linux firewalls are great) usually I just laugh at at their pathetic attempts. But night before last I came home in a lousy mood and found another nine attempts logged.

OK, My turn to have fun. As I said the firewall logs the IPs of the attemted hackers, so to make a long story short... 6 of 9 had resumes in their My Documents folder. I now have copies of all of them.

Hope they're not too happy with their current employment.

[Auric]

hope im not or i'll call the ISP that i work for and have em traced

[Fubarian]

let the isp trace 'em? bah! I go right after 'em myself first, then after I know enough about the attempt, I call them and let 'em know everything they'd want to know.

[DANIMAL]

I get anywhere from 15- 40 attempts in an hour but I have Zonealarm doing it's job.

Most attepts are usually internet noise and crap.

[Spaceman Spiff]

[quote]Originally posted by *MAYHEM*:
<strong>OK, My turn to have fun. As I said the firewall logs the IPs of the attemted hackers, so to make a long story short... 6 of 9 had resumes in their My Documents folder. I now have copies of all of them.

Hope they're not too happy with their current employment. </strong><hr></blockquote>

I've never been interested in the hacking game, so I have little personal knowledge about how it's all done. However, don't most hackers use IP spoofing to hide their actual IP address while essentially using some other poor smuck's IP address during the process? I would expect that most hackers would somehow mask their own IP address. That seems pretty basic to me. How do you know that you didn't get resumes from six totally innocent people? How sure are you? I'd give that some thought before you possibly ruin some innocent people's lives...

[MacGyver]

I just ignore my firewall log. I'll let the firewall do it's job, and I'll do mine.

[Fierce]

I have zonealarm too, and I just let it do its job....I'm not going to go thru 500+ attempted hacks just to retaliate, thats what my firewalls are for...they don't get the satisfaction of successfully hacking me.

[Mayhem]

OK, update, no I'm not turning them in. I have however sent them all an email warning that someone in their house hold is hacking and that this practice will not be tolerated. I warned them that my firewall had loged their IP and I will be watching for further attempts, at which time I would be inclined to prosecute.

Their resumes, BTW, showed they were 19-23yr. old males, working at Best Buy, Staples, Babbages, etc. and read like they were copied word for word from the book "How to Write a Network Administrators Resume". It leads me to believe that these are just a bunch of Script Kiddies who prob'ly haven't figured out how to spoof an IP.

I am not interested in hacking either, I have more important things to do than go poking around other peoples machines. but as I said in the previous post I came home from a bad day at work and was in a mood to cause some MAYHEM of my own. Hopefully, this will give second thoughts about this sort of thing to at least a few of them.

[Triumph]

I've never been interested in the hacking game, so I have little personal knowledge about how it's all done. However, don't most hackers use IP spoofing to hide their actual IP address while essentially using some other poor smuck's IP address during the process? I would expect that most hackers would somehow mask their own IP address. That seems pretty basic to me. How do you know that you didn't get resumes from six totally innocent people? How sure are you? I'd give that some thought before you possibly ruin some innocent people's lives...

This is what I think happened to this guy who got fingered by the MPAA for stealing music and had his cable modem shut off. Also all thise probes your systems are getting is a virus. @home just disable port 80 and the attacks are much less common.

<a href="http://www.salon.com/tech/feature/2001/08/23/pirate/index.html" target="_blank">http://www.salon.com/tech/feature/2001/08/23/pirate/index.html</a>

I just emailed the MPAA and Time Warner and tore them a small one

[gabby2600]

I have a simple solution for my home. I use non standard server apps, so about 0 peope know how they work, I don't adrvertise what server apps I use, again this stops people looking for hacks for them.

Next step is setting up the network properly, so I use TCP/IP for net traffic, and IPX/SPX for internal networking, than I chek all the bindings are bound to the right places with the minumum amount of crossover between tcp/ip and ipx. This make the network a little more secure.

As I have had experience of things like

Zone Alarm (A trojan can get through this is the trojan is programed to.)
Norton Personal firewall (Useless on a network, as it has invisiable rules, which hinder network traffic)
ATguard (This is the best win/PC based firewall I have ever seen, however it won't work with ME or win2k, it was bought by norton then buggered up)

Next step is to try a linux firewall, my only worry with this is latancy Issues, I don't want my ping times to double when playing net games.

I'm also thingking of useing Novell on my servers as I ahve no problems with this range of server software, except Border manager, but I think the BM issues have been solved now.

As Microsoft is insecure, and Linus and beos or whatever flavour you use, are becoeming to popular so hackers are taking them to bits to find loopholes and security flaws. Which leads me to Novell, the main reason (providing they have implimented it properly) is you can bind IP and MAC addresses to User accounts, This is better as you can spoof an IP but as far as I know you cannot spoof an MAC address.

Also I think firewalls should logg MAC addresses, because you can spoof IP or you Ip may change everytime you logon, but your MAC address won't. Therefor makeing hackers easyer to track and stop, Unless a hacker is willing to change ther network card and modem evertime they hack someone.

Anyway I have said my bit.

Gabby

[SoJo]

Real Hackers aren't intersted in joe smowes home computer, (unless it's some big time VP or they want to plant a trojan for a DOS/SNY attack) the real kick is a company firewall where a sys admin left a hole open.

Mayhem's right, these were wantabe hackers who got ahold of a few outdated hacking tools and tried to gain access to any computer on the net they could find open, and then brag to their buddies that they'er a "Big Time Hacker". I'm with you Mayhem, send a little love their way I do.

[Daemon]

<h5>OK, My turn to have fun. As I said the firewall logs the IPs of the attemted hackers, so to make a long story short... 6 of 9 had resumes in their My Documents folder. I now have copies of all of them.</h5>


Humm kinda sounds like bullsheit to me.

[iamtheman]

Most of what you see in your firewall logs are not "hack" attempts. They are either random scans or the results of an automated worm, see "Code Red".

Everything you see is not a hack attempt, remember the Internet is one big Network. By the way if you try to screw with the wrong person on the Net you will be owned.

[Spaceman Spiff]

[quote]Originally posted by Daemon:
<strong>Humm kinda sounds like bullsheit to me.</strong><hr></blockquote>

Good point, Daemon. Why be indignant about these "hackers" (do you really know they did it?) when you're hacking their systems to get info. Isn't that the pot calling the kettle black? Just curious... <img src="confused.gif" border="0">

[savagegerbil]

Funny this topic is here. lastnight I noticed that someone hacked into my server. My network is based on the client/server, having winnt 4.0 server and win98 as clients. I use IIS for web hosting, winproxy, and black ice defender. I also have my ip's as non routable meaning 90.0.0.1 , 90.0.0.3, etc so if anyone actually got in, they couldnt get much. of course i have all my security in place so all he could get were my public folder, where i let my family have access to. now mind you i dont really know much about hacking and ip terminology so bear with me. he intercepted some packets my brother had been sending/receiving and he (the hacker) guessed some numbers or whatnot. anyhow, he ends up with my brothers access to the network through the transparent proxy. Black ice had a warning that i was under attack, but that was an hour ago. i figured it was over since there was that one instance and no others. it wasnt until i looked at winproxy and my brother was sending something to the same IP. now i'm not talkin his ip ie. 90.0.0.2, i mean the hackers sending and receiving was the same under my brothers name. to tell the truth i was impressed and i wanna see if he does it again, just to see how many other ways i can detect an intruder when they do that kind of attack again.