Put that firewall on now.

[luap]

Folks.

I just happend to rcon into my server at home, the first time in ages and I found a text file on my desktop called "Intruder Alert.txt"

In it was this:


Dear Sir or Madam,

I feel duty bound to inform you that your computers are fully accessible to anyone with a little know-how on the internet, that is potentially half the worlds population at any one time.

YOU ARE VULNERABLE ANYTIME YOU ARE CONNECTED TO THE ADSL LINK!

The consequences of this can be extremely dissatisfying!
In one easy move it is possible for errant individuals to eradicate all files on this machine, plant virii or trojan horses or format the hard disks. Any information that is kept on this machine is now public knowledge.

It is the duty (though not in thier opinion) of your
Internet Service provider, in this case Easynet, to inform you of the security risks involved with having an ADSL connection. No machines are safe. All versions of MS windows are penetrable with the correct tools! (unix too for that matter!).
There are two almost foolproof ways that illegal entry to your machines can be stopped.

1. Use a firewall that supports Network Address Translation. This is a hardware firewall not a software one.
2. Turn the machine off when not in use. (easy isnt it?)

The first option is best but trickier and more expensive (but better). There are some models around that cost as little as £300 and are virtually impossible to penetrate.

I have not read any of your files nor altered any operating system files. My intention is only to warn you of the problem you have. Many others with my knowledge are not so benign!

PLease heed this warning.

If I can be of any further assistance you can email me at

clandestine_threat@hotmail.com

Regards

x


I left the firewall software off because I was hosting a few UT matches etc but not now, it's on and staying on.

 

[ReActor]

The internet has always been unsafe, and always will be if it retains it's current form (which is unlikely, actually). I don't see why this information has shocked you. It was probably placed there by the company that makes these £300 firewalls.

 

[Embattle]

Most people will not have problems but then again you could end up being one of the few that does.....hence why I run Zonealarm.

 

[Testin da Cable]

m8, just to be sure I'd advise formatting and reinstalling your setup as soon as you can. or sooner.

-tdc

 

[Wij]

I fancy a firewal when I get ADSL. Which one do all recommend ?

 

[Perplex]

Depends. If you are very technically minded, get Signal9 ConSeal PC Firewall (this is a close to a 'proper' firewall as you will get on a PC). If you are not ofay with tcp/udp port assignments, and the IP stack etc, then go for something like zonealarm. This is basically much easier to use.

 

[Testin da Cable]

got an extra box around? like the p100 you were using as a foot-rest?

 

[Testin da Cable]

btw:

(*Please note that, at this time, ConSeal installed on Windows 2000 does NOT function when using a dial up connection or the ICS sharing component included in Windows
2000.)

 

[luap]

I do have fw running on my main PC. It was my server that was completely without because I was hosting and stuff. The fw on my main PC and now on my server is Blackice. It's passed every test I and others have thrown at it. My server would have been ignored if I had fw software on it, but it hadn't so it wasn't and it did. (?)

 

[Perplex]

Originally posted by testin_da_cable
btw:

(*Please note that, at this time, ConSeal installed on Windows 2000 does NOT function when using a dial up connection or the ICS sharing component included in Windows
2000.)

Yes, but who in their right mind uses win2gay?

 

[Testin da Cable]

^^ not me Perplex

Luap, you should be able to run a firewall regardless of your hosting activities. A good firewall would let you configure it to open specific ports. Example: zonealarm asks if you want to allow aplication X to run as a 'server'. Ie. if you want to allow outside connections to connect to the port app X has opened.
If the firewall app you use does not support such functionality, drop it and get a different one m8.

-tdc

 

[old.Luap2]

It does but it's previous edition didn't. Zone Alarm I found to be a pile of steaming, I couldn't host even when the 'allow to act as server' was turned on.

 

[Wij]

Hmm. Too much like hard thinking

I'll just copy someone else's setup around my neck of the woods. I have the spare bits to build an ickle box for it if need be

 

[Wij]

In fact. It might even be a Linux box for that job

 

[Testin da Cable]

it's not hard to do m8
help can be given, j00 just have to ask.

 

[old.Morpheus]

I never liked conseal or blackice.

Zone Alarm r0x0rs!

 

[Wij]

Originally posted by testin_da_cable
it's not hard to do m8
help can be given, j00 just have to ask.

I knew that would give u the horn

 

[luap]

lol

 

[luap]

*Update*

The hack0r has replied to me!

What do you think of this?

"Paul

I honestly cannot remember how I got in. I do so many of these 'good samaritan' type hacks they all seem to blend into one. Its not really charity work. I do it because i work as a network consultant for a number of large company's and specialise in protocols, security and network structure. I need a live 'test' bed for what I do, and the internet is obviously fair game. It is not strictly 'ethical business' so I have to refuse any offers of work that are generated from it but as a type of payment from me I do explain how I got in (if I can remember). For me to check your machine again to find out the original exploit leaves my identity open to possible detection (if you know how to do it) and I do not wish to compromise myself in this way. If you are using a firewall you can allow pass through services so you can access resources from the internet. Also Windows 2000 is much more 'securable' networkwise. I suggest you use this system. Also if you are using PC anywhere dont use NT security in it. Set seperate passwords than the NT ones. After I have recovered your user names and passwords in NT/2000 and started the PC anywhere service remotely I can take complete control. Often I find that other people have been in the machine before me. I find traces of trojans and other such access systems and these are ususally left open so that the attacker can re-enter at will. A good virus checker usually detects most trojans and there are (on http://www.tucows.com) a number of trojan removers. The tools that I use are expensive and most of the exploits are not mine they are collated by a team that works for me. I think the phrase is 'standing on the shoulders of giants'. We do this to allow us to keep ahead of current exploits and protect our customers. Go to Microsofts web site and spend time looking through thier 'bug-fixes'. You can plug most holes with these. If you send back to me your server ip address i may have another look for you. If I do I will send you all the security reports and the exploits I find. You will be shocked how much we can get. Unless you have a high level of networking experience you might find some of it hard going.

Regards

X "

 

[Wij]

http://www.tucows.com

nice url

Anyway, that all sounds very odd :/

 

[*Kornholio*]

Yeah, scary stuff... and this guy thinks he's a samaritan ??? He says that he hasn't done anything to your pc, do you trust / believe him ??

 

[Testin da Cable]

I dont trust him at all.
Reinstall that box and lock it down as fast as you can.

-tdc

 

[luap]

The box is toast. Reinstalling atm

Do I trust him? Not so far but I'll not distrust him because he's replied and the response is fairly well written. Not your usual zitty scripty kiddy stuff.

 

[Testin da Cable]

good man

 

[Wij]

Not spelling with numbers makes ppl more trustworthy

 

[Testin da Cable]

heh
j00 really think so?

 

[Wij]

y3s

 

[Testin da Cable]

l0l

 

[Wij]

h3h3

 

[old.TUG]

w00th3h4h0