Author |
Message |
ParaNoid
** REMEMBERED **
Joined: 12 Sep 2006
Posts: 5123
Location: Looking for Steward.
|
Posted:
Sun Nov 18, 2007 12:58 am |
|
My AV software just put this up on my screeen a bit earlier today. (I was NOT on eater, but I was on Yahoo and gmail.)
An intrusion attempt by 61.178.176.152 was blocked 11/17/07 4:43pm
I looked the IP up and found this.
whois wrote: |
inetnum: 61.178.176.0 - 61.178.176.255
netname: ZY-AREA-NET-CLUB
country: CN
descr: Gansu,Zhangye area net club
admin-c: YZ37-AP
tech-c: YZ37-AP
changed: ***@public.lz.gs.cn 20040519
mnt-by: MAINT-CHINANET-GS
status: ASSIGNED NON-PORTABLE
source: APNIC
person: Yang Zhanrong
address: No.405 Pingliang Road
address: Lanzhou,Gansu
address: 730000,P.R.China
country: CN
phone: +86-931-8789183
fax-no: +86-931-8788139
e-mail: ***@public.lz.gs.cn
nic-hdl: YZ37-AP
mnt-by: MAINT-CHINANET-GS
changed: ******@public.lz.gs.cn 20020206
source: APNIC
|
Is there any way to report this attempted attack on my computer? Is tis the type of thing that creates a botnet and therefore dds attack?
Now I am really ParaNoid.
Second attack just moments ago, data: An intrusion attempt by 220.189.238.42 was blocked 11/17/07 5:57pm
whois wrote: |
inetnum: 220.189.238.40 - 220.189.238.43
netname: CHANGXING-MIDDLE-SCHOOL
country: CN
descr: Changxing Middle School
descr:
admin-c: GL581-AP
tech-c: CH119-AP
status: ASSIGNED NON-PORTABLE
changed: ********@dcb.hz.zj.cn 20051104
mnt-by: MAINT-CN-CHINANET-ZJ-HU
source: APNIC
role: CHINANET-ZJ Huzhou
address: No.18 Hongqi Road,Huzhou,Zhejiang.313000
country: CN
phone: +86-572-2022163
fax-no: +86-572-2210609
e-mail: *********@mail.huptt.zj.cn
trouble: send spam reports to *********@mail.huptt.zj.cn
trouble: and abuse reports to *********@mail.huptt.zj.cn
trouble: Please include detailed information and times in UTC
admin-c: CH50-AP
tech-c: CH50-AP
nic-hdl: CH119-AP
mnt-by: MAINT-CHINANET-ZJ
changed: ******@dcb.hz.zj.cn 20031204
source: APNIC
person: Guobin Lu
nic-hdl: GL581-AP
e-mail: *********@mail.huptt.zj.cn
address: No.208,Jinlin Road(north),Changxing,Huzhou,Zhejiang.
Postcode:313100
phone: +86-572-6227690
country: CN
changed: ********@dcb.hz.zj.cn 20051104
mnt-by: MAINT-CN-CHINANET-ZJ-HU
source: APNIC
|
EDITED to add times and second attack data |
_________________ Gold Coins here
x 4 <b>Looking for a Mentor? Click here</b>
"If I get mad at you, please just understand me. I am just being ParaNoid because I love you so much." - unknown
Visit www.scamwarners.com
Last edited by ParaNoid on Sun Nov 18, 2007 1:16 am; edited 1 time in total |
|
|
|
Scam Patroller
Baiting Guru
Joined: 08 Jul 2004
Posts: 11857
Location: UK
|
Posted:
Sun Nov 18, 2007 1:06 am |
|
|
|
|
ParaNoid
** REMEMBERED **
Joined: 12 Sep 2006
Posts: 5123
Location: Looking for Steward.
|
Posted:
Sun Nov 18, 2007 4:09 am |
|
Thank you SP.
General question: Do "they"use random number generators to troll for vulnerable IPs? Much like they hit email accounts and are able to use the account name in an email. (I always assumed the email addresses were hand harvested.)
I always say that Eater is educational. |
_________________ Gold Coins here
x 4 <b>Looking for a Mentor? Click here</b>
"If I get mad at you, please just understand me. I am just being ParaNoid because I love you so much." - unknown
Visit www.scamwarners.com |
|
|
|
Stoker Thompson
419Eater is my life
Joined: 11 Apr 2007
Posts: 271
Location: Out There.
|
Posted:
Sun Nov 18, 2007 4:42 am |
|
Hi ParaNoid
Is your computer connected directly to the internet modem? This would be the cable modem box or the DSL modem. If so power off the modem for a minute and then power it back on. This will change your IP slightly.
Chances are someone is just scanning a block of address's. That's fairly common. I would recommend getting a router if you don't already have one. I am assuming that you are running current AV software, a good firewall, and some anti-spyware software.
I'd recommend getting a Mac or setting up an old laptop with Linux for browsing & baiting if you are worried about security. |
|
|
|
|
Don
Baiting Guru
Joined: 25 May 2004
Posts: 3045
Location: Italy, 87.2.222.132
|
Posted:
Sun Nov 18, 2007 6:59 am |
|
ParaNoid wrote: |
Do "they"use random number generators to troll for vulnerable IPs? |
Well, yes. Basically port scans make part of the everyday white noise of the internet. Nothing special and nothing terribly worrying, provided your PC is patched and secured by a firewall. Let's just say that marking such scans as "intrusion attempts" is a bit of PR from the firewall makers themselves. You have to say "good puppy" every now and then to keep it happy.
A good firewall will not respond to such attempts and play dead. You can test here whether your firewall is worth its dogfood and doesn't bark. |
_________________ x12
No sugar plum fairies have been hurt during the process of creating this message.
**"Freedom? There ain't no fuckin' Freedom!"** |
|
|
|
Reaper
Hello I'm New here!
Joined: 06 May 2007
Posts: 0
Location: Travelling in a fried-out combie. On a hippie trail, head full of zombie...
|
Posted:
Sun Nov 18, 2007 7:14 am |
|
Quote: |
Your system has achieved a perfect "TruStealth" rating. Not a single packet � solicited or otherwise � was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice. |
Now everyone go test your firewall and post your results like we always do when we find something like this! |
_________________ 110+
x15 x18 50+
Shola - 4.3k miles Lagos - Abidjan | Lagos - N'Djamena, Chad | Lagos - Sokoto "i have not eaten anything except water"
Mr Floyd - Lagos - N'Djamena, Chad | Lagos -N'Djamena --> Abeche, with RS (7 days in hell ) "we are dieing here"
Art Trophies: <a href="http://forum.419eater.com/forum/viewtopic.php?t=129502">Eva Bust</a> - <a href="http://forum.419eater.com/forum/viewtopic.php?t=135167">Reaper's Art Gallery</a>
- I am the King of Rome, and above grammar
|
|
|
|
Pastor Frank
Baiting Guru
Joined: 31 Jan 2007
Posts: 12237
|
Posted:
Sun Nov 18, 2007 7:19 am |
|
Don wrote: |
Let's just say that marking such scans as "intrusion attempts" is a bit of PR from the firewall makers themselves. You have to say "good puppy" every now and then to keep it happy. |
Amen! Thus reminding you that the damn thing is protecting you from someone stealing your wife and first born, and reminding you to renew your subscription when it expires. |
_________________ "Father Juan are sure that you are man of God,because your behaviors showed you as unbeliever" -Mary R |
|
|
|
wingman
Master Baiter
Joined: 31 Oct 2007
Posts: 156
Location: State of Confusion, USA
|
Posted:
Sun Nov 18, 2007 2:18 pm |
|
All my ports were stealth, but:
Ping Reply: RECEIVED (FAILED) � Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.
I don't know how to correct this. Or if I even need to. |
_________________ This is not a signature. I type this at the end of every post to ensure quality control.
Total amount in counterfeit checks taken off the street: $11450USD
"YOU THE TALK OF SCAM YOU WILL REMAIN POOR OVER THERE, YOU DONT KNOW EZE EGO OF IHIALA.."[email protected]
"if only u had a little bit more education........u probably wouldn't have ended up this way."...Dr Bola Taylor
"THE GOD OF ABRAHAM WILL DESTROY U THIS 2007 YOU WILL NOT ENTER 2008 ."...henry oranusi (fake minister)
x5 x6 |
|
|
|
SlapHappy
Baiting Guru
Joined: 15 May 2006
Posts: 9612
Location: Floating up and down with happiness.
|
Posted:
Mon Nov 19, 2007 5:23 pm |
|
^^wingman,
What firewall are you using? and are you using a router, too?
Sounds like you may have a problem there... |
_________________ x Reven U., Fats Walla, Donny
x10 X2 MM:Mikex2, JohnK, D@rlington, Ob1, Armstrong, Ismail, TG&Friend
x3 Nancy, Security Guy, Robert Accra-Tamale
(19 mo.) Tina and Joe's Safari - Accra to Niger & Timbucktu
Z@ke & Charlie -Wulugu Or Bust Safari- Lagos to Paga & Tokwari X2 - 3800mi.
x3 H3ctor & C@leb - Yankar1 & Parakou
x2 Charles and Friend-Amsterdam to Vatican
Issac to Chad
Be A Cool Cat, Like Me Trophy Videos Cool Stuff
|
|
|
|
Don
Baiting Guru
Joined: 25 May 2004
Posts: 3045
Location: Italy, 87.2.222.132
|
Posted:
Mon Nov 19, 2007 5:31 pm |
|
Pastor Frank wrote: |
Thus reminding you that the damn thing is protecting you from someone stealing your wife and first born, and reminding you to renew your subscription when it expires. |
And makes for some impressive figures, like mine letting me now that "12249 Intrusions have been blocked since install". Doesn't actually mean anything but looks impressive. Especially when you keep the pop up thingie enabled...makes you feel a proper internet ninja, clining to the flag in a hacker thunderstorm... |
_________________ x12
No sugar plum fairies have been hurt during the process of creating this message.
**"Freedom? There ain't no fuckin' Freedom!"** |
|
|
|
flushmynutz
Master Baiter
Joined: 31 Oct 2007
Posts: 130
|
Posted:
Mon Nov 19, 2007 5:42 pm |
|
Had to go there to get my own "pat on the head"...
Quote: |
YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion. |
and if that didn't make me cool enough...
Quote: |
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet. |
I feel so validated now! |
_________________ If you need shipping, you need to get
L.O.S.T. |
|
|
|
D11
Elite Baiter
Joined: 02 Jul 2006
Posts: 1702
|
Posted:
Tue Nov 20, 2007 4:41 am |
|
I like the IDS system I use, a lot of white noise isnt an attack, in your case (the original poster - i simply dont know but im refering to basic internet white noise)
Some p2p creates white noise, as the people using p2p there machine "reaches out" to other machines, those with p2p get a response those without get a log
Virgin im sure has helkern virus on there system, everytime i put my computer on there network i get at least 4 alerts a day, on every other isp its about 1 every 3 or 4 weeks! |
_________________
1x 0x
Click here to support 419Eater.com
I make software that drives lads crazy. Thats my revenge on lads. (it all helps)
this transaction is 100 percent risk/hitch free - bobo
why no pay me - abum bello
because the cops will know it was you - me
ok this is good - abum bello |
|
|
|
ParaNoid
** REMEMBERED **
Joined: 12 Sep 2006
Posts: 5123
Location: Looking for Steward.
|
Posted:
Tue Nov 20, 2007 5:00 am |
|
Thanks Don, you're the ... well it already says t in your title line. I seem to already have my computer configured tightly.
Shields Up wrote: |
Your system has achieved a perfect "TruStealth" rating. Not a single packet � solicited or otherwise � was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice. |
I never knew I was a ninja! I was pretty sure I didn't really "exist" though...
Damn the attackers... |
_________________ Gold Coins here
x 4 <b>Looking for a Mentor? Click here</b>
"If I get mad at you, please just understand me. I am just being ParaNoid because I love you so much." - unknown
Visit www.scamwarners.com |
|
|
|
Ghost
419Eater Admin
Joined: 26 Jun 2004
Posts: 6162
Location: Dating Gal Gadot... in my mind.
|
Posted:
Tue Nov 20, 2007 5:40 am |
|
How did I do this? I never did anything special other than install Norton Internet security.
Quote: |
Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion. |
and this
Quote: |
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet. |
I know this sounds good but I have no idea what is going on. Don can you explain?
Edit: You know what Don never mind. You'll probably confuse me even more. I'll just be happy with what it told me |
_________________
8/11/07-12/15/08 i am totally a looser -Bruce The trophy machine
2/25/08-4/10/10 It is going to cost me more this time - Lawrence, EFCC Lad Deck participant
3/3/08-6/6/10 i know some day you'll send me some real good bucks ok - Byran The Eater Bunny
3/13/08-3/25/10 i have played my path and now I am waiting for the pay - Wale Wild card |
|
|
|
Don
Baiting Guru
Joined: 25 May 2004
Posts: 3045
Location: Italy, 87.2.222.132
|
Posted:
Tue Nov 20, 2007 8:58 am |
|
|
|
|
Doctor X
** ACCOUNT CLOSED **
Joined: 15 Apr 2007
Posts: 766
|
Posted:
Tue Nov 20, 2007 11:58 am |
|
Stoker Thompson wrote: |
I'd recommend getting a Mac. . . . |
Which pretty much is all that needs to be stated.
Right . . . I will just let myself out the back. . . .
--J.D.
P.S. Though Macs are vulnerable through ports too. |
_________________ וגם־אני נתתי להם חקים לא טובים ומשפטים לא יחיו בהם
ואטמא אותם במתנותם בהעביר כל־פטר רחם למען אשםם למען אשר ידעו אשר אני יהוה |
|
|
|
|