[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Fw: Attempted hacking by your users

Subject: [cobalt-users] Fw: Attempted hacking by your users
From: "Carrie Bartkowiak" <ravencarrie@xxxxxxxx>
Date: Mon Apr 30 17:31:14 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
So far no sign of the Chinese hackers, although I have had some Taiwan
and Japan (as usual) prowling around my ports.
I've finally started seeing Australian pokes at the wall too...
dangit.
Anyhow I had 3 different tries today from @Home users - all in
different places. I sent off a letter and in response, got the biggest
bunch of bullshit I've ever seen (at least as a response to the
'someone tried to hack me' letter I sent). Don't you just love form
letters? It's copied below. 'Twould be nice if they included more than
3 sentences dealing with Linux... and even better if this thing had
some sort of commentary in it aimed at actual sysadmins rather than
windoze ZoneAlarm users.

How is everyone doing? Systems holding up okay? Any sign of the
horrible onslaught?  (Got my FTP turned off just in case.)

CarrieB

> > Thank you for your report of system probes.  The @Home Network
Policy
> > Management Team receives a high volume of complaints on this
issue, and we
> > are sending this message to you with some basic information that
may be
> > helpful in understanding what is occurring, and how you can
proactively
> > manage your personal computer's security.
> >
> > @Home's extensive investigation into this issue has shown us that
the vast
> > majority of these system probes are originating from computers
that have
> > been compromised by various means, usually Trojan viruses. We are
taking
> > steps to control hacking attempts by increasing the security
awareness of
> > our customers and enforcement designed to detect and eliminate
> > those hacking
> > attempts that actually originate on the @Home network.
> >
> > Please note, if you are complaining about an actual system breach,
i.e.,
> > your computer has actually been penetrated by an @Home subscriber
without
> > your permission, please resend your complaint to us with the email
subject
> > line, SYSTEM BREACH.  If you are not sure if your computer has
> > been breached
> > or not, please continue to read this message.
> >
> > I'm being hacked!!!
> >
> > It can be worrisome when your firewall software reports a system
> > probe, but
> > there are several things to be aware of when your firewall sounds
> > the alarm.
> > They relate to how the Internet works, and are explained below.
> >
> > How does all this work anyways?
> >
> > What is actually happening when your firewall reports a system
> > probe?  Your
> > computer has just received traffic over the Internet.  What that
> > traffic was
> > actually trying to do is more difficult to determine.  Your
firewall tries
> > to interpret the traffic according to how it is programmed.
> > Since firewall
> > programs are designed to report attacks, it will usually report
any
> > unexpected traffic as an attack, even if it is not.  In fact, if
firewall
> > software is set to a 'high' security level, it may report normal
traffic
> > from servers that are a part of the network that you are
> > connected to as an
> > attack.  Note, changing the 'security' level of firewall software
does not
> > really change the level of protection it affords, it changes the
level at
> > which it reports network traffic.
> >
> > How does that traffic get to your computer?  In order for
computers to
> > communicate over the Internet, they are assigned an IP address (IP
stands
> > for Internet Protocol).  Every person's computer that is connected
to the
> > Internet, every website, every server, switch and router that is
connected
> > to the Internet in the world has to have a unique IP address.
When you go
> > to a website, you type in the URL (Uniform Resource Locator) into
your
> > browser, say, www.excite.com, and a server in the network takes
that URL,
> > translates it into the corresponding IP address, and your
> > computer connects
> > to that website's IP address.
> >
> > Say you go to check your email.  Your computer sends traffic on
> > the Internet
> > to your mail server, and it responds back to you by sending you
> > your email.
> > How does your computer, and the servers you are accessing, know
what the
> > traffic you are sending is for?  This is accomplished because the
traffic
> > not only has a source and a destination IP address, but a source
and
> > destination port also.  Port numbers are assigned and registered
> > to Internet
> > functions and software that uses them.  In the above example, you
go to
> > check your email.  Your computer sends traffic to the mail
> > server, asking to
> > check if you have any email.  You are sending traffic to the mail
server's
> > IP address, with a destination port 110.  Port 110 is registered
> > as the port
> > with which you (or anyone else on the Internet) use to check your
email.
> >
> > Simply put, a system probe is someone sending traffic directed to
your
> > computer's IP address, with a destination port.
> >
> > Trojan Viruses
> >
> > As stated before, other programs are registered to use different
ports.
> > This includes so-called Trojan viruses.  Most viruses that you
hear about
> > are designed to disrupt your computer in some way, from
interfering with
> > your Operating System to destroying files on your hard drive.
Trojan
> > viruses, on the other hand, are designed to hide on your hard
drive.  They
> > do not want to be discovered because, as opposed to harming your
software,
> > they allow other people access to your computer.  Once your
computer has
> > been compromised with a Trojan virus, it can be "remote
> > controlled" by other
> > people on the Internet.  Trojans also have to use a port number to
work
> > correctly.  For example, the Sub Seven Trojan, which is in common
usage at
> > this time, runs on port 27374.  So, in order, this is what
> > happens when you
> > get probed for a Trojan virus.  We are still using the Sub Seven
Trojan as
> > our example:
> >
> > 1) Another computer on the Internet sends traffic to your
> > computer's IP address, directed at port 27374.
> >
> > 2) Your computer receives the traffic.
> >
> > 3) Your firewall software is programmed to understand that
> > traffic to port 27374 is probably a probe to detect if the Sub
> > Seven Trojan
> > is present on your computer.
> >
> > 4) The firewall blocks the traffic and reports to you that you
> > were just probed for the Sub Seven Trojan.
> >
> > There are two significant things that happened here.  First, note
that the
> > firewall reported the traffic as being blocked.  That means that
the
> > firewall did its job and did not allow the traffic through to
> > your computer.
> > Secondly, and this is not as well known, if your computer has not
been
> > compromised by that particular Trojan virus, that probe is
harmless.  It
> > wouldn't have affected your computer if the firewall were there
> > or not.  If
> > you are worried that your system was breached, you can be assured
that, as
> > long as your system has not been infected with that virus, and
> > your firewall
> > reported (blocked) the traffic, your computer is still secure.
> >
> > What does this mean to me?
> >
> > Now that we have defined how the Internet works, and what happens
> > when your
> > firewall reports a probe, you are probably interested in how this
affects
> > you and your personal computer.  A typical Windows user needs
> > three tools to
> > secure their system against the majority of security problems you
may
> > encounter on the Internet:  a properly-configured Operating
> > System, a strong
> > anti-virus program with frequently-updated virus definitions, and
some
> > knowledge and discretion.
> >
> > 1) A properly-configured Operating System - The easiest thing
> > you can do to secure your computer from unauthorized access is
> > make sure you
> > are not opening any holes that are easily exploitable.  The most
common of
> > these is File and Print Sharing.  If you have File and Print
> > Sharing turned
> > on in your Network Control Panel, other computers on the @Home
Network in
> > your area can see and access your hard drive and/or printer.  If
> > you want to
> > share hard drives or printers in a home network, you should
configure a
> > different network protocol, such as NETBEUI, to do so.
> >
> > The second Operating System-related issue is with Windows NT
> > and 2000.  If you are not running these operating systems, you may
skip to
> > the next item.  These operating systems, if you do a default
install, will
> > open several services, such as FTP (File Transfer Protocol),
Email, and
> > HTTP.  The running of such services can allow others access to
your
> > computer, as well as being a violation of the @Home Acceptable Use
Policy
> > (http://www.home.com/aup/).  You should re-configure NT or 2000
> > to not have
> > any services running.
> >
> > 2) A strong anti-virus program - Most computers come with an
> > anti-virus program these days.  They are effective in protecting
your
> > computer from Trojan and other types of viruses, but only if the
virus
> > definitions are up to date.  An anti-virus program has two
components, the
> > program itself, and the virus definitions.  The virus definitions
are what
> > tell the program how to look for viruses.  Since there are new
> > viruses that
> > come out on an almost-daily basis, if your definitions are not
updated,
> > eventually your anti-virus software will become useless.  You can
> > configure
> > your anti-virus software to update the virus definitions as
frequently as
> > you wish (we recommend monthly, if not more frequently) and
automatically.
> > Check the help file or web site for your particular anti-virus
> > program.  It
> > should be free to update your virus definitions as long as the
program is
> > current.  If you are not running any anti-virus software at all,
we highly
> > recommend that you obtain and install some as soon as possible.
There are
> > too many such viruses out there to seriously consider being on
> > the Internet
> > without one for very long.
> >
> > 3) Knowledge - As the old saying goes, "Forewarned is
> > forearmed."  Now that you have some idea of what's actually
occurring, and
> > security issues as they relate to you, you can make some choices
about how
> > you want to protect your computer and what you should protect it
> > from.  The
> > easiest way to protect yourself from Trojan viruses, however, is
to use
> > extreme caution in opening files that are sent to your computer,
including
> > attachments to email, or files sent through an instant messaging
> > service, or
> > IRC.  Even if a file is being sent to you by someone that you
> > know, they may
> > themselves be infected with a virus and not know it.
> >
> > Do I need a firewall?
> >
> > As stated above, taking the precautions we outlined will secure
your
> > computer from most, if not all, of the security issues it may
encounter
> > while using the Internet.  You may have noted that we did not
> > recommend that
> > you run any firewall software.  Is a firewall really needed in
> > the Internet
> > environment?  On first thought, it may appear so, but consider
> > these points.
> > You may have heard that you need a firewall if you have an
"always-on",
> > broadband connection.  Does having such a connection equal an
> > enhanced risk
> > to your computer?  No, you do not have any significantly higher
> > risk than a
> > dial-up customer.  As we stated before, if your computer is
> > secured against
> > Trojan viruses, a probe on a Trojan port cannot compromise your
computer.
> > The firewall is not affording you any protection to these types of
probes
> > because there is none needed.  All it is doing is reporting to you
that
> > other computers on the Internet are sending traffic to your IP
> > address.  The
> > only potentially-higher risk you have is that if you leave your
computer
> > connected to the Internet 24 hours a day, you will receive more
> > scans simply
> > because your computer is on the Internet longer than other
people's
> > computers would be.  Again, however, if your computer is secured
as we
> > recommended, these probes cannot penetrate your computer.  If you
are
> > concerned about this, you can simply disconnect the modem from
> > your computer
> > until you are ready to use it again, or turn your computer off.
You may
> > have heard that you need a firewall because of the prevalence of
Trojan
> > viruses.  While it is true that these Trojans are out there and
> > they can be
> > very malicious, a strong anti-virus program can actually detect
> > and, if your
> > hard drive has such a virus, remove the Trojan.  A firewall can't
do this.
> > That is why we stress running anti-virus software; a firewall is
your
> > personal choice to run, but is not critical to a computer's
security.
> >
> > Are you running Linux?
> >
> > Linux is a UNIX-based Operating System that is an alternative to
the MS
> > Windows family of Operating Systems.  There are some very common
exploits
> > for Linux (WU-ftpd, SunRPC) that will allow others access to your
> > Linux-based computer.  If you are not familiar with Linux and know
how to
> > secure it from these and other security issues, we would
> > recommend that you
> > use an Operating System that you are more familiar with.
> >
> > @Home Network Policy Management Team
> >
>
Follow-Ups:
- [cobalt-users] global cgi-bin for all domains
  - From: Clayton Winter
Prev by Date: Re: [cobalt-users] ram in a raq3
Next by Date: [cobalt-users] Anyone using the UK2 kit?
Previous by thread: Re: [cobalt-users] ram in a raq3
Next by thread: [cobalt-users] global cgi-bin for all domains
Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index