Wed, Nov 13, 8:32 PM CST

Renderosity Forums / OT



Welcome to the OT Forum

(Last Updated: 2024 Aug 27 11:07 am)

This forum is a place to relax, unwind,and
discuss topics which may not be appropriate for the other forums.

Remember to stick to discussing issues, not members.
Personal attacks will not be tolerated.

We want this forum to be enjoyable for everyone.
Please read and understand the TOS before posting.

 



Subject: Had to put up a Firewall


DarkMatter_ ( ) posted Thu, 15 January 2004 at 11:54 PM · edited Wed, 13 November 2024 at 8:31 PM

Got my new computer christmass, then I had problems with it resetting itself for no reason, took it to get fixed, ok? Before I tok it to get fixed I had a message that said......there is another user logged on quitting now will cause that user to lose all unsaved information...got that so far? Ok so I got ZONE ALARM, Now here's the interesting part..... 950 intusions have been blocked since install, 40 of those have been high-rated. I installed this only a week agoe, and there is hardly anything on my drive worth stealing and nothing for a hacker to to waist his time on, So why so many hack attacks?


millman ( ) posted Thu, 15 January 2004 at 11:56 PM

Spoofed Spam. Someone using your computer to send spam out, with a phoney addy, seemingly traceable to you.


DarkMatter_ ( ) posted Fri, 16 January 2004 at 12:00 AM

Attached Link: http://market.renderosity.com/~carrara/emoticons/stressed.gif

file_93518.jpg

So anyway, I talked a friend who tels me that hackers like to get access to computers with huge hard drives so they can convert yhour computer into a server....My computer has 120 gigs of harddrive space, I needed to extra space learned my lesson with poser eating up so much space. Seems hackers make unsuspecting computers that they can gain access to a server for warez and other things. I never knew they could do that....


elizabyte ( ) posted Fri, 16 January 2004 at 12:02 AM

I don't even bother to read my Zone Alarm logs. I have it running silently and I never look at any logs at all. A lot of the "intrusions" are false alarms or more-or-less normal network traffic that just trip the sensors. I DO recommend using a firewall, of course. I've used Zone Alarm for years and I really like it. I just don't pay any attention to the "blocked" stuff. It was blocked. Who cares what it was? ;) As for hacking attempts, an awful lot of those are entirely automatic. Would-be hackers send out spiders and probes that just poke around the ports of any IP they find with activity on it. If they find a vulnerability, they'll report back to the originator. bonni

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis


DreamstoGo ( ) posted Fri, 16 January 2004 at 12:10 AM

I use to get hit 10 to 20 times a day. Norton's internet security informed me.. I got a D-Link router between me and roadrunner and I haven't had one hit since...


DarkMatter_ ( ) posted Fri, 16 January 2004 at 12:12 AM

1.I think they should make a 10 year mandatory prison sentence for anyone caught hacking or pirating on the internet,No early parole no access to a computer while in prison. Put those mothas in jail! 2.I think were entering a cyber age where e commerce is emmerging as a huge part of the econmy, and should be protected by cyber police, Police who work on the web that can be contacted to report cyber-crimes. 3.Anyone caught engineering a virus should be put in jail 10 years mandatory sentence for cyber terrorism, No early parole no access to a computer while in prison. Anyone here agree with this?


igohigh ( ) posted Fri, 16 January 2004 at 12:21 AM

Attached Link: http://www.norton.com

Norton will now do a free online test for security holes for you. Of course they want you to buy their product but they do give fair reports, I use PC-cillin2004 and they gave me an 'All Green' thumbs up (just installed W2Kpro last night and just finished all my OS upgrades): **Port Check** ICMP Ping Ping. Ping is a network troubleshooting utility. It asks your computer to acknowledge its existence. If your computer responds positively to a ping, hackers are more likely to target your computer. "STEALTH" 21 FTP (File Transfer Protocol). FTP is used to transfer files between your computer and other computers. Port 21 should be open only if you're running an FTP server. "STEALTH" 22 SSH. TCP connections to this port might indicate a search for SSH, which has a few exploitable features. SSH is a secure replacement for Telnet. The most common uses of SSH are to securely login and copy files from a server. "STEALTH" 23 Telnet. Telnet can be used to log into your computer from a terminal anywhere in the world. This port should be open only if you're running a Telnet server. "STEALTH" 25 SMTP (Simple Mail Transfer Protocol). A protocol for host-to-host mail transport. This port should be open only if you're running a mail server. "STEALTH" 79 Finger. Finger is an Internet utility that allows someone to obtain information about you, including your full name, logon status, and other profile information. "STEALTH" 80 HTTP (Hypertext Transfer Protocol). HTTP is used to transfer Web pages over the Internet. Port 80 should be open only if you're running a Web server. "STEALTH" 110 POP3 (Post Office Protocol). Internet mail servers and mail filter applications use this port. This port should be open only if you're running a mail server. "STEALTH" 113 Ident / Authentication. This service is required by some mail, news, or relay chat servers to allow access. A stealth result on this port could cause performance problems. "STEALTH" 119 NNTP (Network News Transfer Protocol). A service used by News servers to distribute Usenet articles to newsreader applications and between other servers. "STEALTH" 135 Location service (loc-srv). This port is used to direct RPC (Remove Procedure Calls) services to the appropriate dynamically mapped ports. Hackers can use this to determine which port is used by several Windows services. This port should not be visible from the Internet. "STEALTH" 139 NetBIOS. NetBIOS is used for Windows File & Print sharing. If port 139 is open, your computer is open to sharing files over the Internet. Other components of NetBIOS can expose your computer name, workgroup, user name, and other information. To learn more about preventing connections to your NetBIOS ports, see: NetBIOS Information and Configuration Instructions "STEALTH" 143 IMAP (Internet Message Access Protocol). IMAP is a sophisticated protocol for electronic mail delivery. This port should be open only if you're running an IMAP server. "STEALTH" 443 HTTP over TLS/SSL. A protocol for providing secure HTTP communication. It should be open only if you're running a Web server. "STEALTH" 445 Windows NT / 2000 SMB. A standard used to exchange Server Message Blocks, and can be exploited in multiple ways, including gaining your passwords. "STEALTH" 1080 SOCKS. This protocol allows computers access to the Internet through a firewall. It is used when one IP address is shared among several computers. Generally this protocol only allows access out to the Internet. However, it is frequently configured incorrectly to allow hackers to pass traffic inwards through the firewall. "STEALTH" 1723 PPTP (Point-to-Point Tunneling Protocol). This service is used for virtual private networking connections. "STEALTH" 5000 UPnP (Universal Plug and Play). This service is used to communicate with any UPnP devices attached to your network. "STEALTH" 5631 pcAnywhere. This port is used by Symantec pcAnywhere when in host mode. "STEALTH" ---------------- **Windows Vulnerability Check** Description: Tests whether basic information, including your PC's network identity, can be seen by hackers. Analysis: Your computer's identity is secure. However, this does not mean you are completely safe from all Internet security threats. -------------- **Trojan Horse Check** Description: Attempts to test for access to your computer through methods commonly used by Trojan horses. Analysis: Your computer and data are not vulnerable to Trojan horse attacks. However, Trojan horse threats are constantly evolving, and unless you have a personal firewall and current virus protection, you're not completely safe. To learn more about threats you are protected against, view a detailed analysis of your test results. --------------------------- **Antivirus Product Check** Description: Checks for a current version of a commonly-used virus protection product. Analysis: Your computer is running virus protection software and you are at low risk to virus attacks. However, viruses are constantly evolving and you need to keep your virus protection current to stay safe. ------------------------


ookami ( ) posted Fri, 16 January 2004 at 1:28 AM

10 years in prison for hacking or pirating? Hmmm... so you put hacking up there with armed robbery, assault & battery and vehicular manslaughter... and WORSE than drunk driving? Sure... it's bad... but let's put it in perspective... I'd much rather have a hacker using my hard drive as a server than have some drunk cross the yellow line and hit me head one... which HAS happened! Save the prisons for those who people who destroy people's lives... destroy the computers of hackers and court order them to stay away from computers for 10 years. That will save room in our prisons, money for taxpayers and hit the hackers where it will hurt most!


igohigh ( ) posted Fri, 16 January 2004 at 1:41 AM

I always thought the name said it all: Hack the Hacker's hands off!


Puntomaus ( ) posted Fri, 16 January 2004 at 2:14 AM

Attached Link: http://grc.com/default.htm

If you have Zone Alarm running your computer is in stealth mode - means it is not visible anymore to anyone trying to get access to your PC. Some firewalls (Norton included) will response to the port scanner but Zone Alarm will not. For more info or probing your ports I recomment Steve Gibson's site.

https://grc.com/x/ne.dll?bh0bkyd2 <- to probe your ports

http://grc.com/lt/leaktest.htm <- Leak test for your firewall (Zone Alarm is the only firewall that passes this test without problems)

Every organisation rests upon a mountain of secrets ~ Julian Assange


FishNose ( ) posted Fri, 16 January 2004 at 4:52 AM

I have D-Link Router with built-in firewall for the first stage of security. Closes of some critical ports etc. It has hanged and had to be reset a couple of times this year after heavy attacks. Obviously doing it's job :o) Then I have PC-cillin with realtime virus check on all activity and all incoming data. I have on occasion CONSCIOUSLY DL'ed viruses to test the checker, it gets 'em every time! And then I have the PC-cillin Firewall up as well, gets hits many times a day. A lot is non-critical, but about 25% is true hits. Why I use PC-cillin? Because it takes NO overhead off my PC. I can run all my heavyweight apps as usual, PC-Cillin is transparent in all cases but one - when I run Partition Magic and reformat drives, copy partitions etc, I disable PC-cillin temporarily. Also when defragging drives. :] Fish


nukem ( ) posted Fri, 16 January 2004 at 4:59 AM

Along with the good advice already given, I'd also make sure to turn off Universal Plug and Play if you're running Windows XP.

Universal plug and play allows software to automatically discover and use network-based devices, which means that software can open ports in your router's firewall if your router supports UPnP functionality. UPnP is enabled by default when Windows is installed and should really be turned off unless you absolutely need it. Make sure UPnP is turned off for your router as well.

grc.com has a utility that makes turning off UPnP easy.

http://www.grc.com/unpnp/unpnp.htm

nukem



RealDeal ( ) posted Fri, 16 January 2004 at 5:26 AM

Ahem. (I usually preface long winded speeches that way) How do you think hackers get caught? Do you think universities take a average person off the street, immerse them in computer knowledge for 4-5 years, examine them on what they have been taught, then give them a shiny CompSci diploma, at which time they are more than qualified and capable to catch some 17 year old kid in his basement trying to find open ports on DSL lines? Nope. the CompSci guy is generally pretty much clueless. The 17 year old kid screwing around is occasionally very, very, very smart, and sometimes obsessed. He does this because he LOVES IT. the CompSci guy does it because he wants a fat paycheck. I've worked in the computer industry since 1990; I'm a MCSE, have lots of little pieces of paper saying how much I know about computers and networks. I've done security for major banks, and was Wide Area Administrator for the U.S. Army recruiting command. I still frequently do security consulting. I have NEVER taken a computer class, aside from a free one week class from microsoft. Take a wild guess how I learned about networks. SO. don't label all hackers with the same label. There has been a tendency to do this quite a bit lately, and one of the outcomes is we are intentionally destroying our pool of people capable of actually catching bad guy hackers (instead of writing position papers and holding strategy meetings on how to stop them). As to Virus writers, kill 'em. or better yet, set them on fire, and use the fire to roast the spammers. Thank you, thank you, I'm here all week, try the veal.


dontbotherme ( ) posted Fri, 16 January 2004 at 6:44 AM

Get yourself a router. D-Link, Linksys, whatever, womething with a NAT firewall, brand doesn't much matter. You'll find that most probes and such never make it past the NAT firewall. Also, of highest importance, DON'T USE OUTLOOK OR INTERNET EXPLORER. If you take some time and research this, you'll find that Outlook and IE are most responsible virus problems. Also, a hacker is someone who takes pride in learning something from scratch, the hard way. Who comes up with an elegant solution to optimize some code or solve the apparently insoluable problem with the tools at hand. A cracker is a vandal who f**ks things up. There's a big difference.


soulhuntre ( ) posted Fri, 16 January 2004 at 9:34 AM

"Also, of highest importance, DON'T USE OUTLOOK OR INTERNET EXPLORER." I get a little tired of this. It's a sort of "sky is falling" thing. In all the tiem I have been using them (since they came out) not me or any of my clients has ever had a attack come through those two programs. Why? BECAUSE WE PAY ATTENTION. Currently IE and Explorer ship locked down pretty tight... unless yous pecifically say "Yes" to a dialog box asking you to install something - they are extremely secure. This isn't complex, and there is nothing about them that is any more vulnerable than Mozilla, Opera or anyhting else. The simple reality is that if you run attachemnts you don't know he origin of, or if you don;t use anti-virus, if you aren't running a firewall then you will be vulnerable. The real cause thing "most responsible virus problems" is user ignorance and apathy. Switchign away from IE and then assumign you are "safe" isn't going to help.


Bobbie_Boucher ( ) posted Fri, 16 January 2004 at 9:45 AM

I had Zone Alarm years ago, and got rid of it. For some reason Zone Alarm thought my ISP's email server was an invader. I got tired of getting 150 intrusion alerts every night. Then when I uninstalled Zone Alarm, I lost my Internet connection. I had to use Norton Utilities to fix that problem. You can keep Zone Alarm. I'll use Norton Personal Firewall.


geoegress ( ) posted Fri, 16 January 2004 at 11:02 AM

there is an even better security system then firewalls- turn you computer off at least once a day!!! resets your dns number.


DarkElegance ( ) posted Fri, 16 January 2004 at 11:58 AM

AHHHHHHHHHHHHHHHHH I use to get that message about another user being logged in all the time >.< but my hard drive isnt huge....AHHHH and my zone alarm didnt help it much as even with it installed I still got the error. AHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH God that just gives me the heebeejeebbeees thinking someone else is taping into my puter while I am on it>.< ... though...I havent had it much since I been using the cleaner evaluation...hmmmmm

https://www.darkelegance.co.uk/



Commission Closed till 2025



dontbotherme ( ) posted Fri, 16 January 2004 at 12:55 PM

Soulhuntre, Yes, it does sound like the sky is falling, doesn't it. But it's still true, isn't it.


xoconostle ( ) posted Fri, 16 January 2004 at 1:41 PM

Many false alarms are being sounded in this thread, that's no help to DarkMatter at all. The "intrustions" that DarkMatter is seeing are probably mostly port scans that were blocked by ZoneAlarm, not successful intrusions. It's possible if not probable that such "who's vulnerable out there?" scans are unrelated to which browser DarkMatter is using. It's unfortunate that when issues of hacking and virii come up, hysteria accompanies actually useful information in these forums. I'd strongly suggest that DarkMatter simply read the ZoneAlarm documentation, and furthermore, info at their website. It's good stuff, and will probably set your mind at ease about what you're seeing. The most important thing is that you're using firewall software. ZoneAlarm is excellent. "I installed this only a week agoe, and there is hardly anything on my drive worth stealing and nothing for a hacker to to waist his time on, So why so many hack attacks?" They almost certainly aren't targeting you personally, they don't know what's on your hard drive. You did the right thing by installing a firewall.


daverj ( ) posted Fri, 16 January 2004 at 3:38 PM

there is an even better security system then firewalls- turn you computer off at least once a day!!! resets your dns number. <<<< Not true. Different connection types get IP addresses in different ways. If you are on a dialup with an ISP like AOL then simply disconnecting and reconnecting will probably give you a new IP address. If you are on DSL or cable then turning off the computer does nothing. The IP is assigned to the modem. In some cases resetting the modem might change your IP, but in many cases it does not. Cable tends to use assigned IPs, but resetting the modem often results in the same IP coming right back. Some DSL connections have a fixed IP, so nothing you do short of contacting the ISP will change it. But none of that really matters except to slow somebody that is targeting you personally. The block scan attacks happen to blocks of IP addresses, so 1 second after you have a new IP address you are just as vulnerable to being attacked. A firewall is a blockade. Changing your IP does little or nothing to stop attacks.


JohnRender ( ) posted Fri, 16 January 2004 at 4:07 PM

And this related to Poser how? Why is this in the Poser Forum? I thought this site had an "OT Forum" for posts not realting to Poser. I thought this site had technical and web forums for these kinds of posts. And to think that people complain about "commercial" postings... these personal posts are almost as frequent. That's fine... I really enjoy wading through messages that have no bearing on the forum topic to get to valid information about Poser.


xoconostle ( ) posted Fri, 16 January 2004 at 4:24 PM

Precisely, unless of course you DO have a static IP address, and someone who knows it is specifically trying to get past your firewall, which unfortunately, some are skilled enough to do. Sometimes. Most DSL subscribers who have a static IP address know it, since you have to pay considerably more to have one. In my case, simply disconnecting (via the modem software) from the 'net, then reconnecting results in a new IP assignment. I don't mean to pick on anyone but post #2 in this thread doesn't make sense. There's nothing in DarkMatter's description that would indicate the scenario asserted in that post. SPAM spoofing is a real problem these days, but there wasn't enough relevant info provided to draw that conclusion, here. C'mon, folks, if you don't really know for sure what you're talking about in threads like this, don't speak with seeming authority. It causes confusion and spreads misinformation. ...and of course, JohnRender is correct :-)


soulhuntre ( ) posted Fri, 16 January 2004 at 4:54 PM

"turn you computer off at least once a day!!!" To add to this, the probability is that your intrusion attempts are COMPLETELY unrelated to anyone targeting you specifically... as such changing your IP wont make any difference. Many folks just continually scan hundreds and thousands of IP addresses looking for open machines, changing your IP address won't keep them from "finding" you.


millman ( ) posted Fri, 16 January 2004 at 4:58 PM

Read the last line of post #1 then my reply, only one of many possible answers.


soulhuntre ( ) posted Fri, 16 January 2004 at 5:00 PM

"I really enjoy wading through messages that have no bearing on the forum topic to get to valid information about Poser." Cause the subject line didn;t give you ANY kind of a clue right?


xoconostle ( ) posted Fri, 16 January 2004 at 5:22 PM

millman, cool, but it seemed like you were saying this was the one possible answer. No biggie. :-)


millman ( ) posted Fri, 16 January 2004 at 8:03 PM

I assume most people can deduce that it's not my computer, and all I offer is a suggestion.


DarkMatter_ ( ) posted Sat, 17 January 2004 at 3:00 AM

I put hacking up there with breaking and entering, pirating and commerce terrorism, the only way to stop it is to make the penalty so severe that the the hacker does not want to take the risk......


elizabyte ( ) posted Sat, 17 January 2004 at 3:52 AM

"there is an even better security system then firewalls- turn you computer off at least once a day!!! resets your dns number." Only in some systems. In fact, I have a static IP address, and I did with the previous system I was on, as well. bonni

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis


pakled ( ) posted Sat, 17 January 2004 at 2:45 PM

Why is this in Poser? Actually, I've been informed that Poser itself will try to go out over a network to find duplicated copies of itself, and if found, disable Poser..I've heard of people getting a lot of hits against Zone Alarm.
Dang, someone's been in PC's almost as long as me (1985), but at least ya got your MCSE..;)
Zone Alarm works ok for static IP's, which is what most of your broadband stuff uses, it can get flakey under NT 4..;) but it's better than nothing.

I wish I'd said that.. The Staircase Wit

anahl nathrak uth vas betude doth yel dyenvey..;)


millman ( ) posted Sat, 17 January 2004 at 7:10 PM

Sygate Personal Firewall installed here. Another freebie, works.


kawecki ( ) posted Sun, 18 January 2004 at 9:13 AM

The best solution: Two computers. One computer fast with lot of RAM and disk for your work and application programs, with no internet, no network, no antivirus, no firewall, no physical conection, you can remove the modem and network hardware from it, if you want you can kill IE too. The other, can be an old computer, with nothing except internet stuff, you don't need to worry too much about the hackers, there's nothing inside this computer. You can transfer downloaded stuff between the computers using RW Cdroms after scaned with some antivirus.

Stupidity also evolves!


pakled ( ) posted Sun, 18 January 2004 at 11:27 AM

kawecki..you've been snooping in my bedroom again..my exact setup..;)

I wish I'd said that.. The Staircase Wit

anahl nathrak uth vas betude doth yel dyenvey..;)


RealDeal ( ) posted Mon, 19 January 2004 at 1:36 AM

pakled said:"Dang, someone's been in PC's almost as long as me (1985), but at least ya got your MCSE..;)" Actually, I've been playing with computers since the first apple II, in '78. I Just changed careers from Microwave Electronics in 1990-92; not a lot of call for radar guided weapons techs at the time. My preferred free firewall is tiny personal firewall. If you want to actually do something about the problem, install blackice and sign up securityfocus; they'll take your intrusion results, add them with others, and report the person nailing you to their ISP.


EricofSD ( ) posted Mon, 19 January 2004 at 1:54 AM

I have zone alarm, but its not all that great. Use Black Ice which is really great. I finally got around to putting my puter on a router with a built in firewall. Yeah, disconnect from the broadband when you're not using the internet. Get that IP changed, or reset/renew if you don't want to disconnect. It is good to learn about different types of intrusions and what they are. I'm getting good at it. The other day, some jerk was running a port scan on my system looking for open ports. Black ice was going off every second. I did a dns lookup and figured out who it was, then a 411.com and gave the guy a call and asked him if he had anything else to do. That shook him up like crazy.


Privacy Notice

This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.