Re: Hacked
From: John Phillips (Thisis@bogusaddress.com)Date: 04/13/02
- Next message: Naim Matasci: "Re: This showed up last night... What is it?!"
- Previous message: John Phillips: "Re: Hacked"
- Maybe in reply to: John Phillips: "Re: Hacked"
- Next in thread: Wolfgang Kueter: "Re: Hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: John Phillips <Thisis@bogusaddress.com> Date: Sat, 13 Apr 2002 21:47:53 GMT
On Wed, 13 Feb 2002 20:23:08 +0100, Wolfgang Kueter
<wolfgang@shconnect.de> wrote:
>Brett wrote:
>
>> I use Norton firewall and every now and again it will report that
>> someone using a back door Trojan tried to access my machine and it has
>> been blocked.
>
>The subject indicates that you lack knowledge and therefore believe
>that you are 'hacked' thought probably nothing like that happened:
>
>RTFF
>http://www.blood-thirsty-barbarians.de/Firewall.html
>
>Someone uses a scanner to see whether a service is listening on a port
>that is known as a port used by a trojan horse. As long as the trojan
>horse is not installed on your system, you are safe.
>
>> It gives me the IP address of, I assume, the hacker.
>
>I'd not call a script kiddie with a portscanner a hacker.
>
The following is a piece of a post I made to another Newsgroup.
I just started using NetWatchman. It appears to be an excellent way to
report hits automatically on your firewall. The service is free.
NetWatchman aggregates the hits from all of its reporting sites and
reports to the ISP's among other things. The service works with a
number of popular firewalls including Zone Alarm and Black Ice. If you
download the software, make sure that you follow the installation
instructions.
The following e-mail exchange with Lawrence Baldwin of NetWatchman
should be of interest. The chronological order is bottom to top. If
you wish to contact him:
Lawrence Baldwin
myNetWatchman.com
330 Oakhurst Leaf Drive
Alpharetta, GA 30004
o: 678-624-0924
f: 678-566-0354
c: 678-595-8949
baldwinl@mynetwatchman.com
http://www.mynetwatchman.com/contact.htm
http://www.mynetwatchman.com/
John,
Thanks for the comments...I need all the validation I can get after
spending
almost two years developing this thing...I don't really accept
donations,
but anything you can do to spread the word is appreciated....esp. if
you
have any press contacts.
Also, if you're interested I do have a small group of volunteers who
help me
with some of the manual processing that's required...If the idea of
back-tracing IP addresses is intriguing to you, you might find that
process
interesting.
ISPs are well aware of the problems of worms, viruses, and trojan
horse
programes (e.g. sub-7)...unfortunately they really don't have an
effective
way of dealing with it (something I'm hoping to change).
Regards,
Lawrence Baldwin
myNetWatchman.com
-----Original Message-----
From: John Phillips [mailto:jhphillips@adelphia.net]
Sent: Wednesday, April 10, 2002 6:02 PM
To: support@mynetwatchman.com
Subject: RE: Invalid Agent e-mail
Thanks Lawrence.
Are you NetWatchman? If so, I commend your efforts.
Do you have a mechanism set up for individual donations? I am on a
small
fixed income but....
I would like to publish your response on a news group connected with
my ISP
I would also appreciate your comment on the dangers, if any, connected
with
what seems to me to be the current high level of Sub 7 port scans.
There
appear to be a lot of users infected. I feel very secure behind my
firewall.
If I were infected though, I would like someone to tell me. Is it
otherwise
a big problem for the ISP's?
Best Regards,
John Phillips
John,
I'm funded as follows:
1) Corporate clients that pay for us to process their log files and
take
action against the sources that are probing them.
2) ISPs who subscribe to our real-time report view...we help them
identify
the most serious security issues...the ones that will likely generate
a
*high* volume of complaints if they don't act immediately and also the
ones
that will likely cost them $$$ for excessive bandwidth or denial of
service.
The former has been somewhat successful, the latter has been a LONG,
HARD
road. Not many ISP's are really interested in doing things more
efficiently, but I'm getting the attention of most of the major ones
now
(esp. since we account for about 10% of their security-related
complaints).
They love the format of the emails we send them...getting them to pay
for it
or subscribe to the real-time views is something different entirely.
lb.
-----Original Message-----
From: John Phillips [mailto:jhphillips@adelphia.net]
Sent: Wednesday, April 10, 2002 5:25 PM
To: support@mynetwatchman.com
Subject: RE: Invalid Agent e-mail
Lawrence,
Thanks for the quick response. I actually registered several months
ago. I discovered that I had my IE 6 browser set for high security and
had to make an exception for the NetWatchman site. Since I have, the
uploads appears to be clicking along.
By the way, how does NetWatchman get funded?
Thanks again.
Regards,
John Phillips
Regards,
John Phillips
- Next message: Naim Matasci: "Re: This showed up last night... What is it?!"
- Previous message: John Phillips: "Re: Hacked"
- Maybe in reply to: John Phillips: "Re: Hacked"
- Next in thread: Wolfgang Kueter: "Re: Hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
