Am I Being Hacked?

[shn]

Originally posted by Java Boy@1 February 2004 - 14:44
Run Telnet (go to Start/Run, write telnet and press OK) and set the Remote System like this:

Host: localhost
Port: (port hes connecting to/from)
Term Type: leave it as vt100

Try to write 'GET /default.ida?' (Code Red standard) and hit the Enter key

I think I got that right...hmmmm
If this gets deleted then oh well

edited

Lol, you actually think something like that would work.

Have you ever even used telnet? And what does GET /default.ida have to do with his problem. Where do you see anything web server related?

[Java Boy]

lol @ you...
I misreadthe post (i dont use that crap sygate) for something else on port 80 {replaced} (but it started with "F" and goes along the lines of GAY) and yes i have used telnet on noobs like you Shin..Your one of those K-lite wannabees who run round the forum proclaimimg to know everything
If you dont know what this can do (GET /default.ida ) then your just a noob pissing into the wind......


edit ...dont look now but your trouser pants are wet mate

[shn]

Originally posted by Java Boy@1 February 2004 - 15:47
lol @ you...
I misreadthe post (i dont use that crap sygate) for something else on port 80 faggot and yes i have used telnet on noobs like you Shin..Your one of those K-lite wannabees who run round the forum proclaimimg to know everything
If you dont know what this can do (GET /default.ida ) then your just a noob pissing into the wind......


edit ...dont look now but your trouser pants are wet mate

That exploit is old news. Code red affected web servers. So like I said where do you see anything on this topic web server related.

[LSA]

Originally posted by shn+1 February 2004 - 15:38--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (shn &#064; 1 February 2004 - 15:38)</td></tr><tr><td id='QUOTE'><!--QuoteBegin-Java Boy@1 February 2004 - 14:44
Run Telnet (go to Start/Run, write telnet and press OK) and set the Remote System like this:

Host: localhost
Port: (port hes connecting to/from)
Term Type: leave it&nbsp; as vt100

Try to write &#39;GET /default.ida?&#39; (Code Red standard) and hit the Enter key

I think I got that right...hmmmm
If this gets deleted then oh well

edited

Lol, you actually think something like that would work.

Have you ever even used telnet? And what does GET /default.ida have to do with his problem. Where do you see anything web server related?[/b][/quote]
http://www.elated.com/tutorials/management/unix/basic/
http://www2.rad.com/networks/1997/telnet/index.htm

[Java Boy]

Originally posted by shn@1 February 2004 - 21:50
So like I said where do you see anything on this topic web server related.

Like I said Shin i misread it(as i was doing 20 things at once)...so call the internet police or ring the queen or do something, other than blow it out ya bumhole like u usually do.. B)
if he had a properly configured or even better yet aproper firewall then that shit wouldnt of happened, and if you disagree you must be thick
Ya trousers still wet or ya changed them now?..

I didnt get a chance to look at your links as most of my experience comes from real life events, not just reading up on whats happened to others like your knowledge seems to come from

[shn]

You have a lot to learn. First of all I was not debating the exploit you posted. If I were I would have shut you down real quick by the fact that "GET /default.ida" by itself will not do anything to a vulnerable host. You have to add a 256 character or more string to the default.ida request in order to overflow the buffer and exploit the host.

But I guess you already knew that huh.

As for telnet. I have been beyond that. I only use ssh and rlogin connections. Telnet is not a secure protocol at all whatsoever and if you dont know that then I guess your just a n00b pissing in the wind.

End

[LSA]

Originally posted by Java Boy@1 February 2004 - 16:06
Ya trousers still wet or ya changed them now?..

[Java Boy]

you need to take into account that before you arrived in this thread that there was a little more to my post but I edited it, then before I could post it, someone quoted me, so I had to re-edit and it all got fucked up..so in my next post i said to forget it, and didnt bother to explain in too much detail that id thought it was something to do with port80.then you arrived and put ya 10cents in that, actually didnt even add up to 2 cents...
so go change ya trousers and stop pissing in the wind cause youll just end up getting wet...
Im off to bed..its 1030am on monday morning and im tired ..catch you up

[scottwile]

Originally posted by supersonic+1 February 2004 - 16:57--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (supersonic @ 1 February 2004 - 16:57)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-scottwile@2 February 2004 - 01:17
[181.1] Inbound DCE BIND to potentially vulnerable RPC DCOM interface attempt detected

all the ones with red and yellow sheilds are whats listed above




Traffic from IP address 24.222.28.11 is blocked from 02/01/2004 13:19:36 to 02/01/2004 13:29:36.

above is what just yellow sheilds say

Yeps that is what I thought, I got that attack many times.
solution:
get SafeXp and disable dcom services for good.
block generic host process for win32 services (svhost.exe)(that will prevent them from even connecting and trying to attack) but it might affect some websites, so if you get any problems, unblock it. Usually i dun get any problems.
note: use the above @ ur own risk


You usually ge these when u scan other ips for proxies for example, but it is not nessesarily that this is the case. [/b][/quote]
this sounds good, but the link i broken, could i get another? thank you guys for all the help
:-"

[muchspl2]