http://www.chinkii.com/uploads/album/misc/security%20log.JPG



i get a new edition added to my security log like every hour or two, what does this mean? i opened it for the first time yesterday and there were probably 100 logs in there.
:unsure:

That is an indication that your firewall is doing it's job. I trust sygate pf pro and get alot of these, but you have not specified the kind of attack it is. Please click on the yellow and red shield to display the explanation and tell me what it is.

[181.1] Inbound DCE BIND to potentially vulnerable RPC DCOM interface attempt detected

all the ones with red and yellow sheilds are whats listed above




Traffic from IP address 24.222.28.11 is blocked from 02/01/2004 13:19:36 to 02/01/2004 13:29:36.

above is what just yellow sheilds say

since i posted a few mins ago i got more,


http://www.chinkii.com/uploads/album/misc/sl%202.JPG

Run Telnet (go to Start/Run, write telnet and press OK) and set the Remote System like this:

Host: localhost
Port: (port hes connecting to/from)
Term Type: leave it as vt100

Try to write 'GET /default.ida?' (Code Red standard) and hit the Enter key

I think I got that right...hmmmm
If this gets deleted then oh well

edited

Originally posted by Java Boy@1 February 2004 - 16:44
Run Telnet (go to Start/Run, write telnet and press OK) and set the Remote System like this:

Host: localhost
Port: (port hes connecting to)
Term Type: leave it as vt100

Try to write 'GET /default.ida?' (Code Red standard) and hit the Enter key

I think I got that right...hmmmm
If this gets deleted then oh well
its a dos like program right?

i tried typeing GET /default.ida, nothing happens. is that what i should type?

:wacko:
thanks for the help

Sorry mate...I shouldnt of posted that stuff...it will get you in to trouble i suspect.forget whAT I POSTED AND WAIT FOR SOMEONE WHO USES sYGATE TO COME BACK...THEYLL BE MORE KNOWLEDGEABLE ON THE TOPIC THAN i...
Sorry bout the caps..too lazy to correct it now

Originally posted by scottwile@2 February 2004 - 01:17
[181.1] Inbound DCE BIND to potentially vulnerable RPC DCOM interface attempt detected

all the ones with red and yellow sheilds are whats listed above




Traffic from IP address 24.222.28.11 is blocked from 02/01/2004 13:19:36 to 02/01/2004 13:29:36.

above is what just yellow sheilds say
Yeps that is what I thought, I got that attack many times.
solution:
get SafeXp (http://www.theorica.tk/) and disable dcom services for good.
block generic host process for win32 services (svhost.exe)(that will prevent them from even connecting and trying to attack) but it might affect some websites, so if you get any problems, unblock it. Usually i dun get any problems.
note: use the above @ ur own risk :P


You usually ge these when u scan other ips for proxies for example, but it is not nessesarily that this is the case.

nm didnt read last post :ph34r:

This place http://grc.com/default.htm will take care of all those services you dont need running such as DCOM,Un-Plug& Play,XPdite etc

Originally posted by Java Boy@1 February 2004 - 14:44
Run Telnet (go to Start/Run, write telnet and press OK) and set the Remote System like this:

Host: localhost
Port: (port hes connecting to/from)
Term Type: leave it as vt100

Try to write 'GET /default.ida?' (Code Red standard) and hit the Enter key

I think I got that right...hmmmm
If this gets deleted then oh well

edited
Lol, you actually think something like that would work.

Have you ever even used telnet? And what does GET /default.ida have to do with his problem. Where do you see anything web server related?

lol @ you...
I misreadthe post (i dont use that crap sygate) for something else on port 80 {replaced} (but it started with "F" and goes along the lines of GAY) and yes i have used telnet on noobs like you Shin..Your one of those K-lite wannabees who run round the forum proclaimimg to know everything
If you dont know what this can do (GET /default.ida ) then your just a noob pissing into the wind......


edit ...dont look now but your trouser pants are wet mate

Originally posted by Java Boy@1 February 2004 - 15:47
lol @ you...
I misreadthe post (i dont use that crap sygate) for something else on port 80 faggot and yes i have used telnet on noobs like you Shin..Your one of those K-lite wannabees who run round the forum proclaimimg to know everything
If you dont know what this can do (GET /default.ida ) then your just a noob pissing into the wind......


edit ...dont look now but your trouser pants are wet mate
That exploit is old news. Code red affected web servers. So like I said where do you see anything on this topic web server related. <_<

Originally posted by shn+1 February 2004 - 15:38--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (shn &#064; 1 February 2004 - 15:38)</td></tr><tr><td id='QUOTE'><!--QuoteBegin-Java Boy@1 February 2004 - 14:44
Run Telnet (go to Start/Run, write telnet and press OK) and set the Remote System like this:

Host: localhost
Port: (port hes connecting to/from)
Term Type: leave it&nbsp; as vt100

Try to write &#39;GET /default.ida?&#39; (Code Red standard) and hit the Enter key

I think I got that right...hmmmm
If this gets deleted then oh well

edited
Lol, you actually think something like that would work.

Have you ever even used telnet? And what does GET /default.ida have to do with his problem. Where do you see anything web server related?[/b][/quote]
http://www.elated.com/tutorials/management/unix/basic/
http://www2.rad.com/networks/1997/telnet/index.htm


http://www.mcbriens.net/liam/img/smilies/thmbup.gif

Originally posted by shn@1 February 2004 - 21:50
So like I said where do you see anything on this topic web server related.
Like I said Shin i misread it(as i was doing 20 things at once)...so call the internet police or ring the queen or do something, other than blow it out ya bumhole like u usually do.. B)
if he had a properly configured or even better yet aproper firewall then that shit wouldnt of happened, and if you disagree you must be thick
Ya trousers still wet or ya changed them now?..

I didnt get a chance to look at your links as most of my experience comes from real life events, not just reading up on whats happened to others like your knowledge seems to come from

You have a lot to learn. First of all I was not debating the exploit you posted. If I were I would have shut you down real quick by the fact that "GET /default.ida" by itself will not do anything to a vulnerable host. You have to add a 256 character or more string to the default.ida request in order to overflow the buffer and exploit the host.

But I guess you already knew that huh.

As for telnet. I have been beyond that. I only use ssh and rlogin connections. Telnet is not a secure protocol at all whatsoever and if you dont know that then I guess your just a n00b pissing in the wind.

End

Originally posted by Java Boy@1 February 2004 - 16:06
Ya trousers still wet or ya changed them now?..
:ph34r:

you need to take into account that before you arrived in this thread that there was a little more to my post but I edited it, then before I could post it, someone quoted me, so I had to re-edit and it all got fucked up..so in my next post i said to forget it, and didnt bother to explain in too much detail that id thought it was something to do with port80.then you arrived and put ya 10cents in that, actually didnt even add up to 2 cents...
so go change ya trousers and stop pissing in the wind cause youll just end up getting wet...
Im off to bed..its 1030am on monday morning and im tired ..catch you uphttp://www.thinkgeek.com/images/products/thumb/large/ledbadge.gif

Originally posted by supersonic+1 February 2004 - 16:57--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (supersonic @ 1 February 2004 - 16:57)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-scottwile@2 February 2004 - 01:17
[181.1] Inbound DCE BIND to potentially vulnerable RPC DCOM interface attempt detected

all the ones with red and yellow sheilds are whats listed above




Traffic from IP address 24.222.28.11 is blocked from 02/01/2004 13:19:36 to 02/01/2004 13:29:36.

above is what just yellow sheilds say
Yeps that is what I thought, I got that attack many times.
solution:
get SafeXp (http://www.theorica.tk/) and disable dcom services for good.
block generic host process for win32 services (svhost.exe)(that will prevent them from even connecting and trying to attack) but it might affect some websites, so if you get any problems, unblock it. Usually i dun get any problems.
note: use the above @ ur own risk :P


You usually ge these when u scan other ips for proxies for example, but it is not nessesarily that this is the case. [/b][/quote]
this sounds good, but the link i broken, could i get another? thank you guys for all the help
:-"

http://members.cox.net/my_web_pictures/10702hax0rs.jpg

by the way now, i have got this many logs since my last screenshot.



http://www.chinkii.com/uploads/album/misc/sl20.JPG

Originally posted by muchspl2@1 February 2004 - 18:58
http://members.cox.net/my_web_pictures/10702hax0rs.jpg
what is this supposed to mean?? :o

I think he was just posting the pic for a laugh...
Anyways I thought it was funny.
@muchspl2...great pic mate...lol

go here to DCOM-obulate ya self http://grc.com/dcom/

i liked it tooo, but i wasn&#39;t sure if he meant it to be funny or what&#33;
:D
so is this actual people trying to hack into my computer or just a another computer or website or something trying to get in?
:ghostface:

i disabled dcom, reset, then cleared my security log. if it keeps adding logs like it did before i&#39;ll be asking for more help. thanks alot boys

:D :D ;) :P :pirate:

Originally posted by scottwile@1 February 2004 - 17:09
i liked it tooo, but i wasn&#39;t sure if he meant it to be funny or what&#33;
:D
so is this actual people trying to hack into my computer or just a another computer or website or something trying to get in?
:ghostface:
Your box is on the "internet" You cant stop people from attempting to compromise your system. The main thing is to know that your box is protected and move on. Because most hacking issues occur by the use of automated scripts and tools, your pc is probably just one of tens of millions that get scanned everyday and there is nothing you can do about it. I suggest if your paranoid to just not use the internet.

its just one of the many flaws in Microsofts products..go demobulate ya self with that link I gave ya and see if that tames the alerts your getting from ya f/wall

Originally posted by shn@1 February 2004 - 23:21
I suggest if your paranoid to just not use the internet.
Get the hell outa here&#33;&#33;&#33;&#33; :P :P :P
thats good mate...lol :lol: :lol:

Originally posted by Java Boy@1 February 2004 - 19:23
its just one of the many flaws in Microsofts products..go demobulate ya self with that link I gave ya and see if that tames the alerts your getting from ya f/wall




i "demobulated" my self and i already got another critical log&#33;&#33; :ph34r: :blink:





http://www.chinkii.com/uploads/album/misc/sdfasdfsdf.JPG

I suggest that you ban these 2 ip wich keep repeting themself as "severe" and "critical" attacks. This way you can sleep on your 2 ears and have a laugh about it.
That way you will never ear about him again&#33;

Dont go hurry about banning ips but when you see the same ip repeating itself very often for critical or severe attacks, dont be shy and make sure he never see your computer online again&#33;

perfect, how do i ban the ip?

:01: :01:

i clicked on a critical one and backtraced it, and i got this


http://www.chinkii.com/uploads/album/misc/HALIFAX.JPG



I get my internet from Cross Country Cable, could this just be my internet? should i still ban it?

EDIT: i also live close to halifax

I scanned the punk ass and here are some interesting ports that came up open:

1025/tcp open NFS-or-IIS
5000/tcp open UPnP

I tried to connect to it on http since IIS was open but &#39;connection refuesed&#39;

this is also wierd

Interesting ports on dhcp-0-2-3f-8a-fb-4d.cpe.xcountry.tv (24.222.28.234):
(The 985 ports scanned but not shown below are in state: filtered)

huh...dhcp server?

go to http://www.xcountry.tv/ and the weather box says its in &#39;kentville, ns&#39;


:01:

Originally posted by LSA@1 February 2004 - 17:58
I scanned the punk ass and here are some interesting ports that came up open:

1025/tcp open NFS-or-IIS
5000/tcp open UPnP

I tried to connect to it on http since IIS was open but &#39;connection refuesed&#39;

this is also wierd

Interesting ports on dhcp-0-2-3f-8a-fb-4d.cpe.xcountry.tv (24.222.28.234):
(The 985 ports scanned but not shown below are in state: filtered)

huh...dhcp server?

go to http://www.xcountry.tv/ and the weather box says its in &#39;kentville, ns&#39;


:01:
I hope your spoofing your ip with thoose scans. With that many ports being filtered you could be scanning an isp box and they do report.

Originally posted by shn+1 February 2004 - 18:05--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (shn @ 1 February 2004 - 18:05)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-LSA@1 February 2004 - 17:58
I scanned the punk ass and here are some interesting ports that came up open:

1025/tcp&nbsp; open&nbsp; NFS-or-IIS
5000/tcp&nbsp; open&nbsp; UPnP

I tried to connect to it on http since IIS was open but &#39;connection refuesed&#39;

this is also wierd

Interesting ports on dhcp-0-2-3f-8a-fb-4d.cpe.xcountry.tv (24.222.28.234):
(The 985 ports scanned but not shown below are in state: filtered)

huh...dhcp server?

go to http://www.xcountry.tv/ and the weather box says its in &#39;kentville, ns&#39;&nbsp;


:01:
I hope your spoofing your ip with thoose scans. With that many ports being filtered you could be scanning an isp box and they do report. [/b][/quote]
no, not spoofing.... :lol: would if i knew how&#33;

:ph34r: :ph34r: :ph34r:

UDP Scan
IP: 24.222.28.234 Name: dhcp-0-2-3f-8a-fb-4d.cpe.xcountry.tv Ports detected: 1 (*)
Port #123 (NTP) .. Reply: DC 00 0A FA 00 00 00 00 00 01 02 90 00 00 00 00 00 00 00 00


Trace Results
Hop 16 IP 24.222.79.206 (vl153.hlfx-dr1.eastlink.ca | .CA | Canada)

Port Scan
Address : 24.222.28.234
Name : dhcp-0-2-3f-8a-fb-4d.cpe.xcountry.tv (.TV | Tuvalu)
Ping .... Ok
Port 80 ... Ok &#33;
1 (of 9) open port(s) detected

I too got connection refused with HTTP

EDIT..therew was more to this post but it didnt come through?????
Anyways..block the blooming IP address with ya wall...Cant see it having a legit reason to contact you

Originally posted by LSA+1 February 2004 - 18:09--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (LSA &#064; 1 February 2004 - 18:09)</td></tr><tr><td id='QUOTE'>
Originally posted by shn@1 February 2004 - 18:05
<!--QuoteBegin-LSA@1 February 2004 - 17:58
I scanned the punk ass and here are some interesting ports that came up open:

1025/tcp&nbsp; open&nbsp; NFS-or-IIS
5000/tcp&nbsp; open&nbsp; UPnP

I tried to connect to it on http since IIS was open but &#39;connection refuesed&#39;

this is also wierd

Interesting ports on dhcp-0-2-3f-8a-fb-4d.cpe.xcountry.tv (24.222.28.234):
(The 985 ports scanned but not shown below are in state: filtered)

huh...dhcp server?

go to http://www.xcountry.tv/ and the weather box says its in &#39;kentville, ns&#39;&nbsp;


:01:
I hope your spoofing your ip with thoose scans. With that many ports being filtered you could be scanning an isp box and they do report.
no, not spoofing.... :lol: would if i knew how&#33;

:ph34r: :ph34r: :ph34r:[/b][/quote]
Any linux version of nmap will practically do it for you if you specify the correct options like some of the ones below. ;)

[admin@london admin]&#036; nmap
Nmap 3.48 Usage: nmap [Scan Type(s)] [Options] <host or net list>
Some Common Scan Types (&#39;*&#39; options require root privileges)
* -sS TCP SYN stealth port scan (default if privileged (root))
-sT TCP connect() port scan (default for unprivileged users)
* -sU UDP port scan
-sP ping scan (Find any reachable machines)
* -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only)
-sV Version scan probes open ports determining service & app names/versions
-sR/-I RPC/Identd scan (use with other scan types)
Some Common Options (none are required, most can be combined):
* -O Use TCP/IP fingerprinting to guess remote operating system
-p <range> ports to scan. Example range: &#39;1-1024,1080,6666,31337&#39;
-F Only scans ports listed in nmap-services
-v Verbose. Its use is recommended. Use twice for greater effect.
-P0 Don&#39;t ping hosts (needed to scan www.microsoft.com and others)
* -Ddecoy_host1,decoy2[,...] Hide scan using many decoys
-6 scans via IPv6 rather than IPv4
-T <Paranoid|Sneaky|Polite|Normal|Aggressive|Insane> General timing policy
-n/-R Never do DNS resolution/Always resolve [default: sometimes resolve]
-oN/-oX/-oG <logfile> Output normal/XML/grepable scan logs to <logfile>
-iL <inputfile> Get targets from file; Use &#39;-&#39; for stdin
* -S <your_IP>/-e <devicename> Specify source address or network interface
--interactive Go into interactive mode (then press h for help)
Example: nmap -v -sS -O www.my.com 192.168.0.0/16 &#39;192.88-90.*.*&#39;
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES

Originally posted by shn@1 February 2004 - 18:28
Any linux version of nmap will practically do it for you if you specify the correct options like some of the ones below. ;)

[admin@london admin]&#036; nmap
Nmap 3.48 Usage: nmap [Scan Type(s)] [Options] <host or net list>
Some Common Scan Types (&#39;*&#39; options require root privileges)
* -sS TCP SYN stealth port scan (default if privileged (root))
-sT TCP connect() port scan (default for unprivileged users)
* -sU UDP port scan
-sP ping scan (Find any reachable machines)
* -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only)
-sV Version scan probes open ports determining service & app names/versions
-sR/-I RPC/Identd scan (use with other scan types)
Some Common Options (none are required, most can be combined):
* -O Use TCP/IP fingerprinting to guess remote operating system
-p <range> ports to scan. Example range: &#39;1-1024,1080,6666,31337&#39;
-F Only scans ports listed in nmap-services
-v Verbose. Its use is recommended. Use twice for greater effect.
-P0 Don&#39;t ping hosts (needed to scan www.microsoft.com and others)
* -Ddecoy_host1,decoy2[,...] Hide scan using many decoys
-6 scans via IPv6 rather than IPv4
-T <Paranoid|Sneaky|Polite|Normal|Aggressive|Insane> General timing policy
-n/-R Never do DNS resolution/Always resolve [default: sometimes resolve]
-oN/-oX/-oG <logfile> Output normal/XML/grepable scan logs to <logfile>
-iL <inputfile> Get targets from file; Use &#39;-&#39; for stdin
* -S <your_IP>/-e <devicename> Specify source address or network interface
--interactive Go into interactive mode (then press h for help)
Example: nmap -v -sS -O www.my.com 192.168.0.0/16 &#39;192.88-90.*.*&#39;
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES
Is it this one * -sS TCP SYN stealth port scan (default if privileged (root))

I should read my attachment&#33;

The Art of Port Scanning doc is already probably on your system.

file:///usr/share/doc/nmap-3.48/nmap_doc.html you can paste that into a browser and it will come up.

Your version might be different if so you can alter that.

And no its not the -sS. Its going to be more than just one option passed to it for an undetectable scan. The decoy option works as well.

Originally posted by shn@1 February 2004 - 18:52
The Art of Port Scanning doc is already probably on your system.

file:///usr/share/doc/nmap-3.48/nmap_doc.html you can paste that into a browser and it will come up.

Your version might be different if so you can alter that.

And no its not the -sS.&nbsp; Its going to be more than just one option passed to it for an undetectable scan.&nbsp; The decoy option works as well.
Thanks shn

http://www.mcbriens.net/liam/img/smilies/notworthy.gif

What happended here in my absence, holly like 1000 ppl posted :P
btw: go HERE (http://www.xelation.nl/theorica/download/SafeXP.zip) to download the program and disable any thing related to ur prob.
if u already disabled it, then try to block svhost.exe ( Generic Host Proccess for win32 services) in sygate personal firewall and it SHOULD stop, because it is the only way that M#### F#### harcker can make the attack work. You should not be SCARED at all, because ur firewall is doing it&#39;s job. I c that u could track the person and even know his/her name, so that means it is some inexperienced moron who is trying to launch the attack.

Originally posted by supersonic@1 February 2004 - 22:40
What happended here in my absence, holly like 1000 ppl posted :P
btw: go HERE (http://www.xelation.nl/theorica/download/SafeXP.zip) to download the program and disable any thing related to ur prob.
if u already disabled it, then try to block svhost.exe ( Generic Host Proccess for win32 services) in sygate personal firewall and it SHOULD stop, because it is the only way that M#### F#### harcker can make the attack work. You should not be SCARED at all, because ur firewall is doing it&#39;s job. I c that u could track the person and even know his/her name, so that means it is some inexperienced moron who is trying to launch the attack.
alright, sorry about the wait was out. can you get the guys name so i can go light his house on fire? j/k
i got safe xp did what i could... i don&#39;t know much about firewalls as you can tell.. how do i block svhost.exe?
thanks sooo much
:01: :smilie4:

Originally posted by LSA@1 February 2004 - 19:58
I scanned the punk ass and here are some interesting ports that came up open:

1025/tcp open NFS-or-IIS
5000/tcp open UPnP

I tried to connect to it on http since IIS was open but &#39;connection refuesed&#39;

this is also wierd

Interesting ports on dhcp-0-2-3f-8a-fb-4d.cpe.xcountry.tv (24.222.28.234):
(The 985 ports scanned but not shown below are in state: filtered)

huh...dhcp server?

go to http://www.xcountry.tv/ and the weather box says its in &#39;kentville, ns&#39;


:01:
you said "and the weather box says its in &#39;kentville, ns&#39;" does that mean i live in kentville or does the hacker? because i do live very near kentville, 5 min drive. it could be a friend?

Open the main window in the firewall>Under Running applications>you will see a list or icons or thumbnails whatsoever>choose "Generic host process for win32 services>right click and selct BLOCK
it is so easy u should identify the name so easily. If u can do that, then tell me so we try another way.
no problem :)

http://www.chinkii.com/uploads/album/misc/BLOCK%20THE%20HACKER.JPG



sorry about all the screen shots, but i want to make sure i&#39;m doing this right. is this right?
thanks again
:01:

Excelent&#33;&#33;
you could&#39;ve dont it in easier way, but u actually did it anyway.
Now the sucker can do his/her evil d33ds :clap:
the block might affect some sites where u recieve P cannot b display, but u can unblock the service whenever u like. The attacker is unprotected himself, not even with a firewall, because u could backtrace him and findout his name :P
u can report him to his ISP if u like.
no problemo.

so i&#39;m good and safe? i hope that f*ucker is having fun now
thanks alot boys don&#39;t know what i would do with out you&#33;&#33; :D :D

:smilie4:

Originally posted by scottwile+1 February 2004 - 20:54--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (scottwile @ 1 February 2004 - 20:54)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-LSA@1 February 2004 - 19:58
I scanned the punk ass and here are some interesting ports that came up open:

1025/tcp&nbsp; open&nbsp; NFS-or-IIS
5000/tcp&nbsp; open&nbsp; UPnP

I tried to connect to it on http since IIS was open but &#39;connection refuesed&#39;

this is also wierd

Interesting ports on dhcp-0-2-3f-8a-fb-4d.cpe.xcountry.tv (24.222.28.234):
(The 985 ports scanned but not shown below are in state: filtered)

huh...dhcp server?

go to http://www.xcountry.tv/ and the weather box says its in &#39;kentville, ns&#39;&nbsp;


:01:
you said "and the weather box says its in &#39;kentville, ns&#39;" does that mean i live in kentville or does the hacker? because i do live very near kentville, 5 min drive. it could be a friend? [/b][/quote]
no thats just something i saw from his isp&#39;s site...i dont know

and i see that you are blocking svchost.exe

http://www.blackviper.com/WinXP/servicecfg.htm

I don&#39;t think you should

supersonic, how would i report him or trace abck to his name? think have an idea who it is already, he brags about being a hacker but he don&#39;t know anything about computers&#33;&#33;&#33; :01:

Originally posted by scottwile@1 February 2004 - 21:18
supersonic, how would i report him or trace abck to his name? think have an idea who it is already, he brags about being a hacker but he don&#39;t know anything about computers&#33;&#33;&#33; :01:
report it to your isp

give them your firewall logs

Originally posted by scottwile@2 February 2004 - 08:48
supersonic, how would i report him or trace abck to his name? think have an idea who it is already, he brags about being a hacker but he don&#39;t know anything about computers&#33;&#33;&#33; :01:
His isp Cross Country Cable must have a website. All isps have abuse service, so u email abuse@XXXXX and u can report everything u found in the TRACE LOG, like his IP which is the most useful for his ISP. They can find him like this/ :sorcerer:
his/her IP:24.222.28.234
his/her name: michelle
:ooops: :fear2: I think that the name is for a gurl :o but it could be for a guy too.
I&#39;m going 2 sl33p, g-night everyone :mushy:

Originally posted by supersonic@1 February 2004 - 23:22
His isp Cross Country Cable must have a website. All isps have abuse service, so u email abuse@XXXXX and u can report everything u found in the TRACE LOG, like his IP which is the most useful for his ISP. They can find him like this/ :sorcerer:
his/her IP:24.222.28.234
his/her name: michelle
:ooops: :fear2: I think that the name is for a gurl :o but it could be for a guy too.
I&#39;m going 2 sl33p, g-night everyone :mushy:
if his or her name is michelle then i don&#39;t know who it is personally. i might report them, think i should bother? and by the way, my log is clean and clear and under contorl now thanks to your help&#33;
:01:

Remember Mechelle may not be their name, it is probably the name that the internet is charged to, such as their mother maybe?
find out his parents names :)

Its happening again,
i disabled DCOM, and blocked svhost.exe,i disabled messenger. and i am still getting the logs, any other ideas of what could stop it?




http://www.chinkii.com/uploads/album/misc/hacking%20again.JPG


:ghostface:

Switch to a better firewall. That one is obviously yeilding false and unecessary reports. Silly if you ask me <_<

Originally posted by shn@8 February 2004 - 16:14
Switch to a better firewall. That one is obviously yeilding false and unecessary reports. Silly if you ask me <_<
Sygate Pro is a very reliable firewall actually <_<
probably the most, or second most popular here on the board

Originally posted by kaiweiler+8 February 2004 - 14:36--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (kaiweiler &#064; 8 February 2004 - 14:36)</td></tr><tr><td id='QUOTE'><!--QuoteBegin-shn@8 February 2004 - 16:14
Switch to a better firewall.&nbsp; That one is obviously yeilding false and unecessary reports.&nbsp; Silly if you ask me&nbsp; <_<
Sygate Pro is a very reliable firewall actually <_<
probably the most, or second most popular here on the board[/b][/quote]
When your trying to secure a system the last thing that should be of any concern is popularity <_<

I could give DAMN how popular it is. I could be the only one in the world with it and as long as it works then that&#39;s fine with me.

And if it is so good then why can&#39;t you give him/her a solution simple enough to solve the problem rather than boasting on it&#39;s popularity.

Windows is popular................almost everyone uses it................even people here on the board.
Does that make it one of the best o.s. around...................hell no.

I suggest you stop following in other people&#39;s footsteps and pave the way for your own. :)

Originally posted by shn+8 February 2004 - 17:28--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (shn @ 8 February 2004 - 17:28)</td></tr><tr><td id='QUOTE'>
Originally posted by kaiweiler@8 February 2004 - 14:36
<!--QuoteBegin-shn@8 February 2004 - 16:14
Switch to a better firewall. That one is obviously yeilding false and unecessary reports. Silly if you ask me <_<
Sygate Pro is a very reliable firewall actually <_<
probably the most, or second most popular here on the board
When your trying to secure a system the last thing that should be of any concern is popularity <_<

I could give DAMN how popular it is. I could be the only one in the world with it and as long as it works then that&#39;s fine with me.

And if it is so good then why can&#39;t you give him/her a solution simple enough to solve the problem rather than boasting on it&#39;s popularity.

Windows is popular................almost everyone uses it................even people here on the board.
Does that make it one of the best o.s. around...................hell no.

I suggest you stop following in other people&#39;s footsteps and pave the way for your own. :) [/b][/quote]
I suggest you stop posting garbage and start thingking clearly, here on the forum are some of the smartest people I know, and if the majority are using a particular piece of software, that also has great reviews, something tells me it is a good piece of software...
why would I use a different piece of software that i have not heard anything good about, i would say it is better to "follow in other peoples footsteps" and be virus safe, then to just use other software for the hell of it and get a fuck load of viruses, doesnt sound to smart to me...
dont trash whatever anyone else says and start having some respect, especially when I am right

Originally posted by kaiweiler+8 February 2004 - 15:45--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (kaiweiler @ 8 February 2004 - 15:45)</td></tr><tr><td id='QUOTE'>
Originally posted by shn@8 February 2004 - 17:28

Originally posted by kaiweiler@8 February 2004 - 14:36
<!--QuoteBegin-shn@8 February 2004 - 16:14
Switch to a better firewall.&nbsp; That one is obviously yeilding false and unecessary reports.&nbsp; Silly if you ask me&nbsp; <_<
Sygate Pro is a very reliable firewall actually <_<
probably the most, or second most popular here on the board
When your trying to secure a system the last thing that should be of any concern is popularity <_<

I could give DAMN how popular it is. I could be the only one in the world with it and as long as it works then that&#39;s fine with me.

And if it is so good then why can&#39;t you give him/her a solution simple enough to solve the problem rather than boasting on it&#39;s popularity.

Windows is popular................almost everyone uses it................even people here on the board.
Does that make it one of the best o.s. around...................hell no.

I suggest you stop following in other people&#39;s footsteps and pave the way for your own. :)
I suggest you stop posting garbage and start thingking clearly, here on the forum are some of the smartest people I know, and if the majority are using a particular piece of software, that also has great reviews, something tells me it is a good piece of software...
why would I use a different piece of software that i have not heard anything good about, i would say it is better to "follow in other peoples footsteps" and be virus safe, then to just use other software for the hell of it and get a fuck load of viruses, doesnt sound to smart to me...
dont trash whatever anyone else says and start having some respect, especially when I am right [/b][/quote]
If everyone uses it there will be more exploits written for it, since more people use it.

There are good and bad sides to everything.

I agree with shn, use what works for you and not what works for everyone else.

scottwile is having a problem with sygate therefore should move on to something else if the problem can&#39;t be fixed. Who cares how popular it is?

i&#39;m not having a problem, its seems to be stopping the attacks, do these attack even mean anything?


when i start up my computer i get this sygate message about eber.exe. could this be a problem? should i delete it?

thanks for all the help everyone
:ph34r:



http://www.chinkii.com/uploads/album/misc/exbr.JPG

Originally posted by scottwile@8 February 2004 - 21:12
i&#39;m not having a problem, its seems to be stopping the attacks, do these attack even mean anything?


when i start up my computer i get this sygate message about eber.exe. could this be a problem? should i delete it?

thanks for all the help everyone
:ph34r:



Image Resized
Image Resized
[img]http://www.chinkii.com/uploads/album/misc/exbr.JPG' width='200' height='120' border='0' alt='click for full size view'> (http://www.chinkii.com/uploads/album/misc/exbr.JPG)
if its in docs and settings i doubt its a system file

I went to http://clickspring.net/ and it is a horoscope site

sounds safe to delete, but I don&#39;t think it is causing the problem.

alright, i will delete it just incase.

what do horoscopes have to do with this?


thanks for you help
:lol:



EDIT: any other ideas on how to stop these stupid logs?

Originally posted by Java Boy@1 February 2004 - 20:55
Sorry mate...I shouldnt of posted that stuff...it will get you in to trouble i suspect.
get him into trouble? how?

Originally posted by scottwile@9 February 2004 - 17:51
alright, i will delete it just incase.

what do horoscopes have to do with this?


thanks for you help
:lol:



EDIT: any other ideas on how to stop these stupid logs?
that prog is trying to contact a horoscope site

oh i get you, how did you find this? put the ip in the address bar?
:01:

Originally posted by scottwile@9 February 2004 - 21:00
oh i get you, how did you find this? put the ip in the address bar?
:01:
it said the url in the screenshot