Re: I am happy with XP:s integreted firewall!

From: Ditoa (ditoa@null.com)
Date: 07/18/02


From: "Ditoa" <ditoa@null.com>
Date: Thu, 18 Jul 2002 22:51:40 +0100

both of you are half right.

You CAN attack any open port if something is listening, you can use methods
sucvh sa bufferoverflow, doing this with telnet is easy, there was a problem
with Norton AV 2001 with the POP mail scanning as it setup a pop server
onyour system and would scan traffic that way, all a cracker had to do was
send more than 256 characters to the server and it would take the systems
CPU upto 100% and keep it there for as long as the cracker kept sending
data, 2 minutes of this and your machine is unusable forcing a reboot or
network disconnect

1 minute on the computer or a whole day none stop it doesnt matter, it is
true crackers and others are scanning subnets for exploits or trojans
running on system, all the data gets logged and then the cracker tries and
connects, if you have a decent antivirus software you should have no
trojans, if you do regular updates you should have no exploits. remember
hacking isnt just attach ports, there is webbased (coded pages that execute
code remotely) there is a HUGE porblem in IE at the moment, i could make it
so that when you went to my website it would automatically grab the contents
of what you have in your clipboard and then add what i want to it, and i
could also execute any program on your system, jsut imagine if you went to a
site where it added a string to your registry and then ran "shutdown -t 2 -r
" (winxp machine this is) it would cause your system to reboot and then the
registry string (in this example it is a Run string) would run when the
system bootsup, this could be something simple like "ping -t www.yahoo.com"
say 10,000 people visit my site, this would cause 10,000 computers to ping
www.yahoo.com until it is halted this is how DDoS attacks are done, etc.

now telnet can be used like i said however you cant jsut leech into a port
and get acces to a system, there needs to be an exploit, just because a port
is open it doesnt mean there is a server daemon running, it might jsut be an
IE data port that is on LISTENING status, however if there is an exploit
then you could be in trouble. Problems can also arise from unsecured
services such as Routing and Remote access on Windows 2000 or the more
common NetBIOS, if you have file and print sharing on a system but it isnt
secured with a good password or no password at all any cracker can map a
drive to your system by type "net use G: \\computername_or_IP" they can
check your computer for any shares with "net view \\computername_or_IP" etc.

The Windows XP Firewall is good, it doesnt have excellent loggin, however
there IS logging, it only protects inbound which shouldnt really be a
problem if you have a decent antivirus software which is updated with every
new update that is available and if you are careful with the software you
download and install.

I have only mentioned a few well known bits of network knowledge, i am by no
ways a genius at this, the above might sound impressive but any cracker will
know how to do all this are more.

As Steve Gibson says a false sense of security is worse than no security at
all, keep up to date and be care with all you do on the net.

"svek" <svek-NO-SPAM@gmx.net> wrote in message
news:Xns924FE5B8D223Asvek@130.133.1.4...
> "CJ" <difficult@times.com> wrote in
news:ujdplvajred561@corp.supernews.com:
>
> > That just isn't so svek..you have all your "facts" screwed up. No doubt
> > simply repeating what someone else told you.
>
> and what facts are you talking about? the approach a cracker use to hide
> his tracks? you can't really believe that he will use his own system in an
> attack towards a high profile site?
> or is it the way you exploit remote holes? do you really believe all
> intrusions are because some person has installed a trojan before he
> connects to the system and port scanning is just a way of finding
installed
> trojans and not services that can be exploited?
> please give me your facts and explain to me how intrusions does happen, I
> am all ears.
>
> > Plus the OP was about firewalls on home computers...your 'examples"
> > dealt with servers....do you really even know the difference?
>
> if you haven't noticed most operation systems are pretty much servers or
> they offer services, services that should perhaps not be offered to the
> wide world (I have made just one installation of windows XP and I allmost
> shit my pants, pardon the expression, when I saw all the services running
> after a default installaion.)
>
> > Please try to force feed my system anything..I'll email you the IP.
> > Prove to me it can be done because I already know it can't....
>
> good for you that you have locked down your box but do you really think
you
> are a 100% secure? if you do then you truly are a fool any one who has
even
> the tiniest grasp on security knows that one can never be 100% secure.
> but if you are not running any services or have blocked those so they can
> not be accessed from the Internet you are more safe then one who is
running
> a default installation.
> I know I wouldn't leave any box on default after the installation, would
> you?
>
> /svek



Relevant Pages

  • RE: Strange loopback in firefox.
    ... described as heavy attack from outside IP addresses. ... either using the Microsoft_DS port or epmap port to connect). ... For example a connection from port 3014 to 3015 and the next ... to facilitate one-on-one interaction with one of our expert instructors. ...
    (Security-Basics)
  • Re: Security problem
    ... simply to use a non-standard port. ... names and passwords, on large ranges of IP addresses. ... order to perform successful brute-force attack and that's ludicrous. ... DROP incoming packets for other ports (and what internet-facing server ...
    (comp.os.linux.development.apps)
  • FW: Legal? Road Runner proactive scanning.[Scanned]
    ... You consider a port scan to be an attack? ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
    (Security-Basics)
  • Re: SSH server under attack...
    ... It's highly possible that even though you changed the port, an automated script discovered the new port by probing the ports and matching version numbers, ie: ... the new machine to attack me is 200.55.192.29. ... Failed password for invalid user admin from::ffff:200.55.192.29 port ...
    (Security-Basics)
  • SSH server under attack...
    ... OK...within a few hours the server was being attacked again on port 2222. ... The router/firewall logs dont show any dropped packets sent to port 22 so he changed the port of the attack script. ... I scanned the machine and found that it is hosting a webserver Server at www.springs.cl) among other services. ... Invalid user admin from::ffff:200.55.192.29 Failed password for invalid user admin from::ffff:200.55.192.29 port ...
    (Security-Basics)