Security issues
Robert L Bass
@Home subscriber. Black Ice firewall indicates this user is searching for
the SubSeven trojan horse program in order to do mischief with my or someone
else's PC.
IP: 65.6.115.81
DNS: cc694355-a.sandia1.nm.home.com
Kindly deal with this in the manner prescribed by the @Home AUP.
The courtesy of a reply will be appreciated.
Regards,
Robert L Bass
Dennis Heidner
the DSL connection into a small firewall box first, then to my server
running BlackIce Defender, then through a proxy server.... I use
BlackIce Defender as the intrusion alarm - and to collect evidence. Since
a hacker would have had to work their way past one firewall -- intent to do
harm is then easier to prove. I when the time comes that I must press
charges --- I will.
If you have the evidence/packet log from BlackIce defender, save and make
several identical, paper copy and electronic copy together inside a clear
bag, then place the originals inside a paper envelope -- seal it so you can
prove it hasn't been tampered with.
I would then contact local or state police to see if they have a cyber
crime branch. If the hacker did not sucessfully complete the intrusion,
then simply forward copy of the information on to @HOME. If the hacker
did break through on to your system... don't even talk to @HOME, go
straight to police. Let them contact @HOME with warrants.
More information on network security see: www.sans.org
Kevin
> My firewall reported an attack at 22:04:01 on May 8, 2001 from the following
> @Home subscriber. Black Ice firewall indicates this user is searching for
> the SubSeven trojan horse program in order to do mischief with my or someone
> else's PC.
> IP: 65.6.115.81
> DNS: cc694355-a.sandia1.nm.home.com
I guess my question is, is this an attack directed at *you*, or was this
some d00dz with a portscanner just trying to find someone to play with?
Not that one is better than the other, but one would certainly have more
implications.
--
Kevin
Brian Karas
[] [] "Robert L Bass" <rba...@home.com> arranged some electrons to say:
Dave Houston
only later releases, after they got all the great publicity, that took the
Chicken Little approach. I dumped a paid-for Black Ice in favor of a free
ZoneAlarm. However, I'm now leary that ZoneAlarm is heading in the same
direction.
But, I do continue to find it amusing that a self-proclaimed "security pro"
is so totally and completely clueless about Internet security issues.
s...@vnet.net (Si Ballenger) wrote:
>Be aware that Black Ice is some what "scareware". It probably
>reports simple port scans as "attacks", and scares persons into
>buying its "protection". When it was first put out it caused all
>kinds of panic in the DSL and cable modem usenet news groups.
>Everybody was under attack by hackers. I've got a friend that
>works for an ISP and they kind chuckle/groan when persons call to
>report black ice hack attacks. You might want to use zone alarm
>(free). It doesn't have the panic factor.
---
BX24-AHT All Housecode Transceiver is at:
http://www.laser.com/dhouston/
Dennis Heidner
and the packets were captured with BlackICE. Then after about three months
and several hundred others calling... they found the problem. They'd
upgraded the software in a router and the filters to block port 137 traffic
and broadcasts had been left off during the upgrade. After working with
them I got a call that finally said thanks... they hadn't figured the
pattern out until then.... because they previously had just been shaking
their head and saying... oh... another BlackIce customer.....
P.S. The only garbage I now see... truly are hack attacks.