Hi all,im new to this board and i have a major problem.For some reason im getting alot of hacking attempts,these are normally subseven,netbus and hack a tack & occur everyday at least 10 times a day!!Recently had a few DOS attacks and alot of invalid TCP flag attempts.I'm running norton firewall and antivirus,i do a full system scan every day and even scan with trojan remover...all with up to date definitions and havnt got anything.
Have visual route installed and alot of these attacks come from Reston California...i know a bit about hacking,so i know there is no point reporting these attacks.
Even when i reboot and get another IP i still get attacked,how is this if i dont have any trojans running on my comp?and any ideas as to why im getting attacked so much and from all over the world?When i do surf any dodgy sites,i do so through an anon proxy,im very careful.Have all the attacks logged if anyone wants to view them,didnt think it was a good idea to put up aload of IP's up.
Any help would be gratefully recieved. B)

my friend you are para.
are you repeatedly scanned or just once. it is quite normal to occasionally get packets denied by your firewall.

Unsuccessful attempts is the key. Be happy. :)

Well ok 1. Multiple Firewall's at least 2. Intrution Detection and antivirus is good. 2 you have to be getting subseven and netbus from files you have downloaded. KaZaA is full of them of course. Do you watch and verify which files you download? Also your antivirus and firewall could be disabled by new viruses going around. Do you use any email programs like incredimail and outlook express. If you do those download attachments without even asking you. Get rid of those. and dont open any email that your not sure what it is. DoS attacks come all the time. But if your repeatedly being attack then someone just don't like you. IRC is also a way to get viruses. Be sure to turn on the option to verify if you want a download if you use irc. If you use irc maybe you've pissed someone off there. Norton is good but you need another that tells you more. BlackIce is a good one thats not hard to understand. My friend if you get hacked and your taking all these precautions then i dont know what to tell you.

Oh yeah. about the viruses that disable firewall and antivirus. Check the Yaha virus versions and the campurf. These are spreading very quickly and i must have gotten about 10 sent to me so far. http://securityresponse.symantec.com/avcen...tml#threat_list (http://securityresponse.symantec.com/avcenter/vinfodb.html#threat_list)

recently....in the last two days ive had a couple of flags from zone alarm with unfamiliar access permission names.....I monitor my connection as much as i can do, and scan regularly with a trojan remover again with completely updated definitions.....and i scan for active trojans.....guess im being paranoid to......

yes, you could already have been infected by subseven, or a similar thing. and your firewall will always report alot of blocked connection attempts. this is normal. as long as your firewall reports that an intrusion attempt has been blocked, you're safe. i would worry the day my firewall reports nothing at all.

uh..oh, had a strange component on my firewall list, calling itself along the lines of t..0008909000...t, sounds awfually suspicious to me, i permited acces earlier....as i have installed a new ftp server client "bullet" and though this component was linked, i have now removed it from the list, i assume if the component refers to any of my program it will ask for permision as they need it.....this is pretty worrying, im currently reading about the influx of backdoor viruses out there on symantec......however my machine is fine zonealarm is not showing irregular activity levels and since the removal of the suspect component it has not since seeked permission, im running a full system trojan scan as we speak....all *.exe files are still executable, anti-virus software is still running....being paranoid?

WOW!!!Thanks guys for all your help and info,i was well surprised when i checked to see if anyone had replied.Will try to answer all of you now...
Have installed multiple firewalls theses include zone alarm,outpost,sygate and black ice,even used black ice pc protection and was amazed at how many times i was being scanned from multiple IP's from over the world,it was mad!!
I dont use any email programs and have all email auto scanned.I have had many virus's in the past and dealt with these,but havnt had any for over 6 weeks.I watch and mostly download verified sig2dat movies all of which i scan as even though norton anti virus on auto detect i have had it not auto detect a couple of virus's in the past so i advise all norton users to scan their files before opening them!!
Funninly enuff TC,ive just installed an FTP server,its a good free one called TYPsoft FTP server get it here (http://www.typesoft.com)
I've had another atempted attack writing this....maybe the paranoia is getting the better of me...i just feel as though someone has it in for me,maybe its the RIAA???Thanks for your feedback... :rolleyes:

you can help keep out, or at least monitor some of the RIAA via peergaurdian, explain the dos attacks you mention.....im interested..

Remember new viruses can disable antiviruses and firewall. Antiviruses may seem to run fine but arent. Check some of the viruses with levels 2 and up and some of the viruses like campurf edit registry keys. Accually what i would do is boot up in safe mode then do a virus scan. If nothing comes up you should be ok. Do you use IRC any? I know people on there who can infect you with a virus without out you even knowing they send you anything.

I use peer guardian too PC,good proggy!!
Well on Sunday afternoon i decided to try out black ice pc protection,have used it before,and as i had been having alot of attacks recently i thought id give it another go.It was set up as default ie informing me of minor scans...this was happening every couple of seconds from address with wannadoo in them(this is a french ISP i believe)..so i changed it to inform me of more threatening scans and after a while it started popping up with attacks from multiple IP's that the 'hacker'was changing the last 3 digits of the IP address...to try varying the attacks...then i got BLASTED off the net,my browser just shut down and dissappeared and norton&black ice both did their jobs!!After the attack..black ice wouldn't function properly so i uninstalled it,dont know if the attack just f**ked it up or what!!??Norton firewall was fine and logged the attack.
When i first got my comp, over 2 years ago now,i went to alot of hacking sites and IRC channels and gained alot of knowledge(and software) so im well aware of security vulnerablilities and have had 1000's of attacks blocked.Was totally pickled when i first had my comp,didnt know s**t about security....god knows how many hackers had been having fun!!Scarry shit going on then too,but thats another story!!
Going to install black ice,maybe...anyone know of a good program that does the same job??ie tell me when im being scanned.... :ph34r:

i dont use irc, but thats a disturbing thought, my virus scanner is fine...it will still scan my hdd for infection on command..

Dont go on IRC much,only to chat to m8t's...did an online scan yesterday and it was fine.
Have had virus's in the past that knocked out norton anti virus,it wasnt fuctioning properly so i tried panda anti virus and scanned my comp,it picked up 7 diff trojans that norton had missed...

You say your virus scanner is fine TC,but norton anti virus has let me down in the past and i update my definitions the day they r released...im going to try panda again and scan to see what it comes up with...might be interesting :unsure:

i hate norton. had some serious problems with it. i use panda titanium. i like it. i recommend it! (in fact i liked it so much that i bought it)
black ice is bad. i can't recommend it. i use za pro myself.

Thats the one i have ugluk,i used it as back up in the past...am just trying to dig it out from my moutain of disc's!!!!Will let you know what it comes up with...black ice is s**t,your right...the PC protection is ok though as it allows you to set a level of notification for port scans and constantly monitors all ports for scans(i like that!!)but the black ice firewall is poo.... ;)

why not use both. panda and norton should play nicely.

have you done a search on www.ripe.net (http://www.ripe.net) to see where the scans are coming from. and then report any abuse to the appropriate people.
keep logs from your firewalls as evidence to show them.

reset the list of apps you allow to connect to the internet and set it up again. only allow stuff you really need or want to use.

someone is dosing you and you are on a dial up. reconnect everytime this happens.

try to block the source ip. since this changes im assuming it is spoofed so this probably will do no good.

report it to your service provider with the logs. they will chase down the source of your problems. :lol: can't believe i said that they will pass the chore on to the next person and nothing will happen.
still worth a try.

to remove all trojans only a format and reinstall will work. there are allways some that people have hand made and anti virus software will not find.

good luck

with a good trojan remover you can rid of trojans....

I wouldn never rely on norton's system works 100% ever. I don't know of any other firewalls like that. that are as good as blackice. I also used irc to gather a lot of my information but irc now sucks because dalnet has too many problems. irc can be a big computer book if you know the right people.

with a good trojan remover you can get rid of most trojans not all of them though.

norton uses the definition files to look for strings in your files. if one matches it flags it as a virus/ trojan/ worm/ hacker tool.
if you can program and make your own. chances are that the definitions will not contain any string found in your program. so your anti virus is only as good as your definition file. thats why you must keep this up to date.

I have also seen a article on placing a copy of the kernal in the root directory. windows will use this kernal instead of the proper windows one.

anything you place in there will not be questioned by any application. it is the kernal after all.

thats why windows security sucks and a format is the only way to rid yourself of all trojans.

Doesn't running more than one anti-virus cause conflicts? Would like to know, maybe I trust Nortons too much( especially after reading some of your posts) :unsure:

give in to the voices in your head the paranoia is getting to you.

security is not just about getting a nice shiny piece of software it comes through good user practices and good use of these tools.

people like kevin mitnick preyed on the less tech savy to get info they really wanted. social engineering can be very powerful. the i love you virus was very clever because people will open attachments like that straight away without thinking.

you can tell i just downloaded hackers 2 from the verifed section ;)

I have never tried two anti virus's but i know plenty of people that do. i know for a fact that mcafee and norton do not play well together but other combos do.
panda and norton being one.

Running more than one antivirus does create problems. running more than one firewall doesn't thought. symantec comes out with more up to date virus definitions than anyone and faster and with the newest viruses. i'd pick norton over any other but i still dont trust it 100%.

I do use trojan remover and adaware and neither has detected anything for weeks.......Just installed panda anti virus titanium and while it installs it does a full scan.While scanning,up pops norton anti virus telling me its detected a virus on my comp!!Thats madness as norton is always on auto detect on my comp yet it only informs me its found a trojan WHEN im installing&scanning with panda :( Thats twice now that norton has let me down so im done with it,cant even do what its supposed to do.I urge ALL norton anti virus users to install another anti virus scanner and scan their systems.
The strange thing is that panda didnt notify me it found a trojan...im guessing norton found it&deleted it b4 panda got there,but it needed panda to direct it to where it was(i cant figure that one out <_< ).Wasnt in my shared folder either,will check my log(if there is one on anti virus) to see exactly what it was.

how often do you do a full system scan with norton.

it is possible that a virus slipped past norton. then the definitions where updates to detect this virus. when you scanned it with panda norton found it as well.

auto-protect is good but like i said you anti virus is only as good as the definitions.

so you have panda and norton running on your system. it is possible to run two av then.

I scan once a day every day and get definitions the day they are out.panda and norton are running fine on my system,they did for me in the past when ran together...also have run On-Tracks System Suite(has virus scanner&firewall combo) with norton in the past,so you can run 2 anti virus 2gether.. :ph34r:

I also have On Track installed, just isn't on auto start because of the warning from Nortons about using another anti-virus, I guess its time for me to give running two a try and see what happens.

damn you scan your system once a day run two av,s and two firewalls.

are the pills to stop the voices in your head working or not ;)

that is real paraniod behaviour.

why not just back everything up and do a reinstall. will mean you will have no viri or trojan's on your system at all and if these dos attacks don't stop after that then your firewall setting are just way to high.

if you do set it too high it will block plenty of connections making it look like a dos attack.

interesting reading.

scan yourself with this (http://security.symantec.com/ssc/home.asp?j=1&langid=ie&venid=sym&plfid=23&pkj=DYWHPWFYJOKMFIDPMSV)
article on ddos (http://grc.com/dos/drdos.htm)
trace the source of that ip (http://samspade.org/t/)
all about ip spoofing (http://neworder.box.sk/newsread.php?newsid=3825)

that should keep you busy for a while. :lol:

if i was you i would set a password for both norton antivirus and you firewall and i would stick with norton for they are the best!! and get norton internet security 2003 and norton antivirus 2003 and keep them updated very often the new antivirus from norton will do a auto update in the background!!!!!!!!! i get alot of attemps to but nothing to worrie bout i just laugh at them!!!!!!!
but stay with norton !!!! i got all norton 2003 and im pretty well protected no one i mean no fagget hacker will every get on my pc again!!!! never!! for i got NORTON hahahahahahahahahah and if sum one reading this thinks he can hack me then go ahead give it a try bet ya cant and if you get feed up and want my ip address just ask i will post it!!!!! lol lol lol no problem!!!!! lol lol

He's right nothing will beat norton.

killa you are very confident that you are unhackable. nothing is unhackable.

unless it is switched off :lol:

norton i admit is very good but you can easliy slip trojans and viri past it.

i can't find the article right now but basicly it was about someone who was paid to try to hack into a companies network. he tried using sub7 for the first test and norton found it right away.
he then opened up w32dsm and disassembled the sub7 server file. he edited a few lines of text in there that said sub7 to something else. he saved it and retried it. guess what? norton did not find it. becuase he had changed the string in sub7 that the norton definitions look for. :(

here (http://neworder.box.sk/newsread.php?newsid=6245) i think this is it but i can't be arsed to read it all again just to check it.

here is the part if you are interested

Most antivirus products work by matching byte streams of known viruses and other malware to the programs and files your computer uses. If a match is found, then the file is most probably of dangerous nature, and the antivirus prevents the user from opening it. Ploymorphic viruses uses a flaw in this strategy by modifying themselves every time, making it difficult to identify a reliable byte stream in the virus code that can be used to clearly identify it. Can I also use this flaw to my advantadge? Of course. Actually, that day, I have lost a lot of respect towards antivirus products seeing how easily it was to circumvent it.

Using a hex editor (I don't remember which one, but ther all do pretty much the same), I opened hk.exe. What I now see is all the binary code of the executable, shown in an hexadecimal representation. On the right hand side, we see an ASCII representation of each byte of code. Since this is compiled code, it is pretty hard to modify anything in there without screwing up the program and making it useless. Especially since we don't know what bit pattern the antivirus software looks for, and that I know nothing in reverse-engineering. The only thing editable in the program is a small section where we can actually read the message displayed by hk.exe when it successfully executes (something like "Your wish is my command, master"). What the heck, let's change that and see what happens. So I replace the string with XXXX XXXX XX XX XXXXXXXX XXXXXX, and rename the file hk2.exe (which is why I don't remember the exact string, now I only care to use hk2.exe). A quick FTP download later, and I make a dir command to see if it's detected. The file is waiting there where I put it, undetected from the antivirus product. I was ashamed of that antivirus company, that will remain nameless. In the marketing hype, they all state that they scan for streams of bytes in the files it scanned, but it turns out that they actually scan for streams of TEXT. That was a big desilusion for me. I think I can write a better virus scanner in Perl than the big behemoths of software antivirus are these days.

not the same one as i was talking about but the same principle

i was a lil harsh but i hate hackers!!!! and i still stick by my post im unhackable!!!! if you can prove me wrong then hack away!!!!! i keep it updated and i always get the newest verisions so im fine!!!!!!!

is that an invitation. i wonder does that make cracking your pc legal :D

and im not really interested in cracking your pc. I can get all your porn from your my shared folder easy. :lol:

is that an invitation. yes it is but i will still report!!! but rember its still a cyber crime to hack sumone's pc!!!!!! and i dont share porn i just surf all the free porn galarieslol lol lol

Im not to sure on that one but i think if you invite me to hack your pc then it is leagal.
even if you reported it.

i know you can port scan if you have been given permission to . Otherwise the security testing sites would be violating the law.

if you believe yourself to be total inpenitrable scan yourself at nortons site. lets see what they say.
norton (http://security.symantec.com/ssc/home.asp?j=1&langid=ie&venid=sym&plfid=23&pkj=BYDIESLHFEPGEVVSDUX) just click on scan for security risks. i bet it finds something. ;)

my guess is that it finds port 5000 open and it believes you are infected with the de trios trojan. :lol:

Originally posted by Shaggy@8 January 2003 - 22:36
Hi all,im new to this board and i have a major problem.For some reason im getting alot of hacking attempts,these are normally subseven,netbus and hack a tack & occur everyday at least 10 times a day!!Recently had a few DOS attacks and alot of invalid TCP flag attempts.I'm running norton firewall and antivirus,i do a full system scan every day and even scan with trojan remover...all with up to date definitions and havnt got anything.
Have visual route installed and alot of these attacks come from Reston California...i know a bit about hacking,so i know there is no point reporting these attacks.
Even when i reboot and get another IP i still get attacked,how is this if i dont have any trojans running on my comp?and any ideas as to why im getting attacked so much and from all over the world?When i do surf any dodgy sites,i do so through an anon proxy,im very careful.Have all the attacks logged if anyone wants to view them,didnt think it was a good idea to put up aload of IP's up.
Any help would be gratefully recieved. B)
no one will hack u unlit u r involven in some thing

I was just reading everyones comments on Norton's antivirus.I have to say it is the biggest load of crap and just because it looks good doesn't mean to say it is.I have had to format my computer twice because it was causing loads of problems and the number of viruses it misses is unbelievable.I have used Panda titanium for the last year without any problems and would recommend it to anyone.

the things that say you have hacked attempts are little "bugs" that look for a PC without a firewall or a computer that can be hacked easily (older ones). so the software that tells you that you have been attempted to be hacked, isn't very useful, considering how there are probably another million out there who have detected the same "Bug"

it isn't a personal hack attempt. the hacker isn't sitting there trying to crack your computer, its a program looking for easy-crack computers.

lol... get zone alarm pro... thats all i got to say.... errr who cares bout firewals?