Your Ad Here Your Ad Here
Page 1 of 7 1234 ... LastLast
Results 1 to 10 of 68

Thread: Am I Being Hacked?

  1. #1




    i get a new edition added to my security log like every hour or two, what does this mean? i opened it for the first time yesterday and there were probably 100 logs in there.

  2. Software & Hardware   -   #2
    Poster
    Join Date
    Aug 2003
    Location
    Burmoda triangle, right behind you!
    Posts
    571
    That is an indication that your firewall is doing it's job. I trust sygate pf pro and get alot of these, but you have not specified the kind of attack it is. Please click on the yellow and red shield to display the explanation and tell me what it is.
    Click the longhorn icon to visit my website.
    <span style='color:blue'><span style='font-size:8pt;line-height:100%'> You try Everything in my/our post(s) at YOUR own risk. I/we do not take responsibily for damages, caused by the post(s). Clicking on/or modifying anything in here is not permitted. Whoever edits my sig is a pussy.</span></span>

    ::::::::::::::::::::::::::::::::::::::::

  3. Software & Hardware   -   #3
    [181.1] Inbound DCE BIND to potentially vulnerable RPC DCOM interface attempt detected

    all the ones with red and yellow sheilds are whats listed above




    Traffic from IP address 24.222.28.11 is blocked from 02/01/2004 13:19:36 to 02/01/2004 13:29:36.

    above is what just yellow sheilds say

  4. Software & Hardware   -   #4
    since i posted a few mins ago i got more,



  5. Software & Hardware   -   #5
    Run Telnet (go to Start/Run, write telnet and press OK) and set the Remote System like this:

    Host: localhost
    Port: (port hes connecting to/from)
    Term Type: leave it as vt100

    Try to write &#39;GET /default.ida?&#39; (Code Red standard) and hit the Enter key

    I think I got that right...hmmmm
    If this gets deleted then oh well

    edited

  6. Software & Hardware   -   #6
    Originally posted by Java Boy@1 February 2004 - 16:44
    Run Telnet (go to Start/Run, write telnet and press OK) and set the Remote System like this:

    Host: localhost
    Port: (port hes connecting to)
    Term Type: leave it as vt100

    Try to write &#39;GET /default.ida?&#39; (Code Red standard) and hit the Enter key

    I think I got that right...hmmmm
    If this gets deleted then oh well
    its a dos like program right?

    i tried typeing GET /default.ida, nothing happens. is that what i should type?


    thanks for the help

  7. Software & Hardware   -   #7
    Sorry mate...I shouldnt of posted that stuff...it will get you in to trouble i suspect.forget whAT I POSTED AND WAIT FOR SOMEONE WHO USES sYGATE TO COME BACK...THEYLL BE MORE KNOWLEDGEABLE ON THE TOPIC THAN i...
    Sorry bout the caps..too lazy to correct it now

  8. Software & Hardware   -   #8
    Poster
    Join Date
    Aug 2003
    Location
    Burmoda triangle, right behind you!
    Posts
    571
    Originally posted by scottwile@2 February 2004 - 01:17
    [181.1] Inbound DCE BIND to potentially vulnerable RPC DCOM interface attempt detected

    all the ones with red and yellow sheilds are whats listed above




    Traffic from IP address 24.222.28.11 is blocked from 02/01/2004 13:19:36 to 02/01/2004 13:29:36.

    above is what just yellow sheilds say
    Yeps that is what I thought, I got that attack many times.
    solution:
    get SafeXp and disable dcom services for good.
    block generic host process for win32 services (svhost.exe)(that will prevent them from even connecting and trying to attack) but it might affect some websites, so if you get any problems, unblock it. Usually i dun get any problems.
    note: use the above @ ur own risk


    You usually ge these when u scan other ips for proxies for example, but it is not nessesarily that this is the case.
    Click the longhorn icon to visit my website.
    <span style='color:blue'><span style='font-size:8pt;line-height:100%'> You try Everything in my/our post(s) at YOUR own risk. I/we do not take responsibily for damages, caused by the post(s). Clicking on/or modifying anything in here is not permitted. Whoever edits my sig is a pussy.</span></span>

    ::::::::::::::::::::::::::::::::::::::::

  9. Software & Hardware   -   #9
    Poster
    Join Date
    May 2003
    Location
    North-east england UK
    Posts
    2,661
    nm didnt read last post

  10. Software & Hardware   -   #10
    This place http://grc.com/default.htm will take care of all those services you dont need running such as DCOM,Un-Plug& Play,XPdite etc

Page 1 of 7 1234 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •