Trojan Horses Popular To The Malicious Hackers
thetrac...@yahoo.com
TROJAN HORSES:
Here is a list of the main Trojan Horses some malicious hackers use to
get into your computers.
The port number they are mainly used on is also listed. So if you
want to learn more about how malicious hackers get into your computer,
you might want to do some reading on these Trojan Horses.
30100=NetSphere
23456=EvilFtp
21544=GirlFriend
555=Phase Zero
54320=Back_Orifice_2000
6969=Gatecrasher
12345=NetBus
20034=NetBus_2
1243=Sub_7
27374=Sub_7_2
31789=Hack'a'Tack
54321=Back Orifice 2000
27444=Trinoo Master
3149=Masters Paradise
10067=Portal of Doom
2140=DeepThroat
31335=Trinoo Daemon
30100=<NetSphere
23456=200- Welcome To EvilFTP
21544=GirlFriend
555=phAse Zero
6969=GateCrasher
Me
(thetrac...@yahoo.com) wrote:
Oh fer Gods sakes... no real hacker uses any of those toys. They code
their own when the need arises. Why? Too many reasons to list.
![S. Pidgorny [MVP]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjXxAi8EkKpsvBVCX43LUotqQQ7J-XwXioERlUixRM5IA0J5ux4=s40-c)
S. Pidgorny [MVP]
below, isn't it?
--
Svyatoslav Pidgorny, MS MVP, MCSE
-= F1 is the key =-
"Me" <no_address_for_stink...@x-ray.gs> wrote in message
news:hbfjtu8dvihv84g4t...@4ax.com...
Ned Flanders
crap, now you have to come *here* and bother us too?
<thetrac...@yahoo.com> wrote in message
news:c8e17f38.02111...@posting.google.com...
> This is copyright information.
<SNIP Drooling Idiot Post>
Barry Margolin
Me <no_address_for_...@x-ray.gs> wrote:
>Oh fer Gods sakes... no real hacker uses any of those toys. They code
>their own when the need arises. Why? Too many reasons to list.
Are most crackers "real hackers"? I suspect that list will be useful
protection against the script kiddiez, which are probably the majority.
--
Barry Margolin, bar...@genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
x y
<thetrac...@yahoo.com> wrote in message
news:c8e17f38.02111...@posting.google.com...
> This is copyright information.
Hmm... If you can copy this information off of the internet and "copyright"
it, what is preventing me from taking your post and copyrighting it?
I'm glad copyrighting doesn't really work this way.
Greg Hennessy
[Snip ignorant drivel]
This is getting rather tiresome, twice now in as many days.
Back in my killfile you ignorant mare.
Ker-PLONK.
greg
--
$ReplyAddress =~ s#\@.*$##; # Delete everything after the '@'
Ich will dass ihr mir vertraut
Ich will dass ihr mir glaubt
Me
wrote:
>In article <hbfjtu8dvihv84g4t...@4ax.com>,
>Me <no_address_for_...@x-ray.gs> wrote:
>>Oh fer Gods sakes... no real hacker uses any of those toys. They code
>>their own when the need arises. Why? Too many reasons to list.
>
>Are most crackers "real hackers"? I suspect that list will be useful
>protection
Pretty much *any* AV software will take out *any* of the toys listed.
That's *one* of the reasons no real hacker would bother with them.
>against the script kiddiez, which are probably the majority.
Agreed... vast majority.
Me
<slav...@yahoo.com> wrote:
>...and personal firewall offers reasonable protection against all of the
>below, isn't it?
Yes, against those listed, but a properly coded custom bug will waltz
right past a software firewall without a hiccup.
Bill Sanderson
bit more? It is always tempting to recommend a "simple" solution. A
software firewall seems a reasonable protection against malware targeting
open ports.
You are saying that it ISN'T protection against a sophisticated trojan,
correct?
Can you say enough about why that is to help convince folks not to run code
from dubious sources?
"Me" <no_address_for_stink...@x-ray.gs> wrote in message
news:ibqktugr41pe1nd9m...@4ax.com...
miner.-
>
> TROJAN HORSES:
>
> Here is a list of the main Trojan Horses some malicious hackers use to
> get into your computers.
> The port number they are mainly used on is also listed. So if you
> want to learn more about how malicious hackers get into your computer,
> you might want to do some reading on these Trojan Horses.
>
> 30100=NetSphere
> 23456=EvilFtp
<snip pile of cack>
a few points tracker
1) most *newer* Trojan_RATS can run on any port
2) they usually don't get in with a RAT, a user has to run it first, this is
not paul daniels magic hacking school
3) hackers don't generally use pre scripted RATs that are gonna be flagged
by any old AVS
4) you are stupid
5) you are pointless
6) set up your own usenet group alt.trackers.is.crackers then you can post
your crap all in the one place
miner.-
Karl Levinson [x y] mvp
software while making it appear to continue working.
For firewalls like Zone Alarm and Sygate which can block certain .EXE file
names from accessing the network, there are known trojans and methods which
can make the communication appear to come from a generally trusted
executable such as IEXPLORE.EXE Other firewalls don't watch the name of
the file generating the traffic, so as long as the trojan is not using a
restricted port, these firewalls would let the trojan right out.
None of these issues apply to external firewall devices like firewall
hardware. However, your hardware firewall is almost certain to have key
common ports open outbound, such as TCP 80, and [except for proxy servers]
have no ability to know which .EXE file is generating the traffic or whether
the content of that data is really appropriate for TCP 80. Adding an
external intrusion detection device to your network [in addition to
antivirus, host-based firewall, network firewall and/or proxy server] is one
way to attempt to eliminate some of these theoretical holes.
For example, if your firewall permits outbound ICMP like ping / traceroute
traffic, there are some old known trojan tools that can open a covert
channel outbound that is disguised as ICMP or HTTP web traffic.
And, as you may already know, neither hardware nor software firewall are
very effective today against incoming trojan / virus infections that are
delivered through email, through a vulnerable chat client like IRC or AIM
which can be exploited for remote control, etc.
These tools and methods are not terribly common today, but a hacker could
use them, and they could become more common in the future.
On the other hand, using one or more properly configured firewalls in
addition to antivirus and other third party tools still remains pretty
effective at blocking most intrusions and remaining pretty safe. Most
hackers out there target "low hanging fruit," so that as long as your home
computer or network is harder to hack than someone else's network, you're
probably pretty safe. [If you're a well-known public entity like Microsoft
that attracts targeted attacks, this statement is no longer true.]
"Bill Sanderson" <Bill_Sa...@msn.com.plugh.org> wrote in message
news:OWRq2K$jCHA.2216@tkmsftngp12...
Alun Jones
>There are some known trojan tools which can disable your personal firewall
>software while making it appear to continue working.
>None of these issues apply to external firewall devices like firewall
>hardware. However, your hardware firewall is almost certain to have key
>common ports open outbound, such as TCP 80, and [except for proxy servers]
>have no ability to know which .EXE file is generating the traffic or whether
>the content of that data is really appropriate for TCP 80. Adding an
>external intrusion detection device to your network [in addition to
>antivirus, host-based firewall, network firewall and/or proxy server] is one
>way to attempt to eliminate some of these theoretical holes.
At the risk of sounding too conciliatory, the truth is somewhere in between.
First, yes, a hardware-based firewall is likely to be better protected than a
software-based firewall, from the basic perspective that it has less work to
do, therefore is written in less code that needs quality assurance.
However, the term "hardware-based" is somewhat of a misnomer. We're not
talking about just resistors, transistors and capacitors - we're not even
talking die-stamped chips. The hardware-based firewalls are actually made up
of a few components that include a processor and a piece of persistent - but
programmable - memory. This is where the "firmware" goes. "Firmware" is just
another term for software. It's firmware because it's installed in mostly
read-only memory. It's still programmable, so it can still be subverted by a
hacker that can persuade it to execute his own code, and it's still software,
so it has all the usual possibilities for flaws.
A hardware firewall, then, is likely to provide stronger protection than a
software firewall, but even a software firewall is likely to protect you
against most of the random attacks that come in from outside. Hardware
firewalls are so cheap these days that rarely should anyone be without one.
Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place | http://www.wftpd.com or email al...@texis.com
Cedar Park TX 78613-1419 | VISA/MC accepted. NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for XP/2000/NT.
Lars M. Hansen
Only if you're dumb enough to install it ...
Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'lars' in e-mail address)
Bill Sanderson
I do use a locking bar on the steering wheel of my car, even though I know
the technology is defeatable with the aid of a CO/2 fire extinguisher!
"Karl Levinson [x y] mvp" <levin...@excite.com> wrote in message
news:ephLBCAkCHA.2848@tkmsftngp10...
Bill Sanderson
statement? Linksys has one which adds firewall features for a somewhat
higher price, but otherwise, are we talking about $500 or so?
"Alun Jones" <al...@texis.com> wrote in message
news:yDxC9.71$Co1.74...@newssvr11.news.prodigy.com...
Me
<levin...@excite.com> wrote:
>There are some known trojan tools which can disable your personal firewall
>software while making it appear to continue working.
>
>For firewalls like Zone Alarm and Sygate which can block certain .EXE file
>names from accessing the network, there are known trojans and methods which
>can make the communication appear to come from a generally trusted
>executable such as IEXPLORE.EXE Other firewalls don't watch the name of
>the file generating the traffic, so as long as the trojan is not using a
>restricted port, these firewalls would let the trojan right out.
Excellent. There's one more trick that can be useful. Ever notice how
Zone Alarm request permission to allow an un-approved process to
access the WAN? You just write the bug to activate the "OK" button
before the alert window ever has a chance to pop up, LOL. Oldami
posted a proof of concept on it a while back.
<repost of achived oldami post>
Message-ID:
<b2xkYW1p.f844da76d77...@1026002686.cotse.net>
Date: Sat, 6 Jul 2002 20:44:46 -0400 (EDT)
Newsgroups: alt.hackers.malicious
Subject: how to bypass zone alarm
From: "oldami" <oldami-no-s...@cotse.org>
Probably nobody cares, but here it is anyway
ZAdodge.c Zone Alarm Dodge by oldami
Proof of concept to demonstrate one of the weaknesses of
host based firewalls.
This is for educational purposes only.
I will not be responsible for any mis-use of this information.
Concept: Zone alarm will prompt the user before allowing an unknown
program to make an outgoing connection to the internet. All a
program
needs to do is make the zone alarm program think the user has
pressed
some keys to respond to the prompt.
note: The SendInput function only works in Win98 and later.
This was developed and tested on WinNT 4.0 SP6a but should
work on anything later than Win98.
Author: old...@cotse.net
complete source at
http://www.cotse.net/users/oldami/zadodge.c
-oldami
</repost of achived oldami post>
mhicaoidh
|
| Excellent. There's one more trick that can be useful. Ever notice how
| Zone Alarm request permission to allow an un-approved process to
| access the WAN? You just write the bug to activate the "OK" button
| before the alert window ever has a chance to pop up, LOL. Oldami
| posted a proof of concept on it a while back.
Bit of a difference between theoretical vulnerability and actual
vulnerability. It's a bit like the firehole test. It points out a
potential vulnerability, but we still haven't seen it actually exploited.
Me
<mhic_aoidh@hotmail.NïX.com.SPäM> wrote:
> Bit of a difference between theoretical vulnerability and actual
>vulnerability. It's a bit like the firehole test. It points out a
>potential vulnerability, but we still haven't seen it actually exploited.
You missed the link in the post? I believe that *is* the exploit.
Whatcha want?... somebody to actually send you a bug? :-)
Walter Roberson
Teemu <te...@suomi.fi> wrote:
:On 18 Nov 2002 20:03:15 -0800, thetrac...@yahoo.com
:(thetrac...@yahoo.com) wrote:
:>This is copyright information.
:You should find out what copyright means.
The information provided was not itself "copyright information"
(i.e., information about copyrights), but it is true that
thetrackers111's posting was copyrighted -- and would have been
whether or not s/he said anything about copyrights.
Some countries don't allow "collections of facts" to be copyrighted;
others do. It doesn't matter in this case, as the little introductory
paragraph constituted "original expression of any idea", so that part
was automatically copyrighted in any Berne Convention country.
It isn't exactly clear what copyright *means* with regards to
a Usenet post, considering posting on Usenet implies consent for
wide distribution. I think it's fairly safe to say, though, that
the [automatic] copyright would be powerful enough that thetrackers111
would likely be successful if s/he were ever to seek an injunction
against the publication of that introductory paragraph in
traditional print form (unless it were in the context of an
analysis of thetrackers111's work that was being put out for
the public good and which s/he could reasonably be assumed to
be opposed to -- e.g., the hypothetical case of someone publishing
a warning against trusting thetrackers111 which included a
deconstruction of that particular paragraph as part of the analysis.)
--
'ignorandus (Latin): "deserving not to be known"'
-- Journal of Self-Referentialism
Bill Sanderson
"Eye of the Storm" <noe...@noemail.net> wrote in message
news:d3gltu03ah72th589...@4ax.com...
> On Tue, 19 Nov 2002 16:55:34 -0500, "Bill Sanderson"
> <Bill_Sa...@msn.com.plugh.org> wrote:
>
> >Thanks--that's helpful.
> >
> >I do use a locking bar on the steering wheel of my car, even though I
> >know
> >the technology is defeatable with the aid of a CO/2 fire extinguisher!
>
> A fire extinguisher? How about a simple hacksaw? It's far eaiser to
> cut the steering wheel than to mess with the bar.
Karl Levinson [x y] mvp
"Alun Jones" <al...@texis.com> wrote in message
news:yDxC9.71$Co1.74...@newssvr11.news.prodigy.com...
> At the risk of sounding too conciliatory, the truth is somewhere in
I agree completely.
In the context of this person's original post, I was addressing only the
vulnerability of a personal firewall vs. an external firewall device to
being disabled or bypassed by trojan or malware code. I was thinking more
about the fact that any firewall software process running locally in memory
can be stopped or disabled by another software process. When I say
"hardware firewall," I mean external firewall device, whether OpenBSD on an
Intel computer, Netscreen ASIC chip, etc.
mhicaoidh
|
| Whatcha want?... somebody to actually send you a bug? :-)
In that case, it's old news. Send me a bug? I don't think they can ...
at least not through that method. ;-)
Lars M. Hansen
>
>I agree completely.
>
>In the context of this person's original post, I was addressing only the
>vulnerability of a personal firewall vs. an external firewall device to
>being disabled or bypassed by trojan or malware code. I was thinking more
>about the fact that any firewall software process running locally in memory
>can be stopped or disabled by another software process. When I say
>"hardware firewall," I mean external firewall device, whether OpenBSD on an
>Intel computer, Netscreen ASIC chip, etc.
>
In that case, that would be a network firewall rather than a host
firewall.
ThePsyko
<levin...@excite.com> made his/her contribution to mankind by stating
in news:ephLBCAkCHA.2848@tkmsftngp10:
> And, as you may already know, neither hardware nor software firewall
> are very effective today against incoming trojan / virus infections
> that are delivered through email, through a vulnerable chat client
> like IRC or AIM which can be exploited for remote control, etc.
>
> These tools and methods are not terribly common today, but a hacker
> could use them, and they could become more common in the future.
I would beg to differ on this one point... while I agree that there's
very little out there available to the script kiddies, I've seen some
very creative coders kicking around this very idea - the primary
difference being that it's used as more of a backdoor than a trojan (IOW
it's placed without user intervention)
--
ThePsyko
Public Enemy #7
"God told me to skin you alive"
Lord Shaolin
news:qlfptug1p77r1duin...@news.clara.net...
> Karl Levinson [x y] mvp, wrote...
>
>
> Ok? So we have a relatively clean OS connected to the net 24/7.
>
> However, there's *no* firewall...
>
> Can a hacker compromise that system and if so, how?
>
> --
> Mike
This is where the next level comes in..
Social engineering, get you to run something which appears normal..
But contains a custom crafted trojan that works on the vxd level..thus under
your firewall and av products which and rendered useless in such a
situation..
Just remember, 1 immutable rule of security is, if someone else can get you
to run an .exe on your machine, the machine is no longer yours :)
And if you think you are immune to social engineering...you are wrong :)
--
Shaolin - IT Systems
WB Ltd.
.: http://www.security-forums.com :.
Michel Gallant (MVP)
>
> Just remember, 1 immutable rule of security is, if someone else can get you
> to run an .exe on your machine, the machine is no longer yours :)
>
> And if you think you are immune to social engineering...you are wrong :)
>
and of course, machines have "no longer been yours" since folks dnld'd via
ftp without any questions many years ago.
Probably the best example of social engineering is those windows infections
that propogate via recipient-list forwarding. Who can resist opening an email
from their buddy down the haul, or your naive infected boss :-)
There is no technology solution for this. There is only *SIMPLE* user education.
- Michel Gallant
MVP Security
http://pages.istar.ca/~neutron
Me
>Question...
>Say the target is running an clean OS like Win2k or XP Pro and
>has a decent AV program running. Also, the mark has disabled
>browser JS, ActiveX, etc., only accepts emails from trusted
>sources (the rest being deleted at the server) and *never* runs
>any 'cute' little .exe files. Our mark has also taken the time to
>disable any and all unnecessary NT "services" and doesn't even
>have the likes of IIS installed.
>
>Ok? So we have a relatively clean OS connected to the net 24/7.
>
>However, there's *no* firewall...
>
>Can a hacker compromise that system and if so, how?
More than one way.
See Earlier Thread:
Auto-Execute *with parameters* through IE anyone? <new, unpatched>
Ned Flanders
exactly this way for over a year now. No hacks, no cracks, no backdoors or
trojans. Of course, they also does not have an email or news client, or a
functional browser for that matter. The only person that runs stuff on them
is *me* and I do verify my EXE sources first :-)
Mike <du@b> said (and I quote):
> Karl Levinson [x y] mvp, wrote...
ThePsyko
<ab...@127.0.0.1> made his/her contribution to mankind by stating in
news:3ddcc...@lon-news.intensive.net:
doesn't necessarily have to be an SE job either, depending on the OS and
the knowledge of the attacker
Art Kopp
>Question...
>Say the target is running an clean OS like Win2k or XP Pro and
>has a decent AV program running. Also, the mark has disabled
>browser JS, ActiveX, etc., only accepts emails from trusted
>sources (the rest being deleted at the server) and *never* runs
>any 'cute' little .exe files. Our mark has also taken the time to
>disable any and all unnecessary NT "services" and doesn't even
>have the likes of IIS installed.
>
>Ok? So we have a relatively clean OS connected to the net 24/7.
>
>However, there's *no* firewall...
>
>Can a hacker compromise that system and if so, how?
I have a similar question except I use Win 98 original. I'd like to
know if there is any way a hacker can get root access. I'll outline my
situation:
I've unbound NetBios per Steve Gibson's procedure for '98 here:
http://grc.com/su-rebinding9x.htm
I've checked through the use of both programs and web sites that all
64K of my ports are normally closed.
I use no firewall and I'm not on a LAN of any kind. Nobody else has
access to my PC.
I have DSL service with dynamic IP. It is connected usually
continuously all day long. The PC is normally just powered down at
night.
I use Pegasus for email and Free Agent for newsgroups. I've eradicated
both IE and Outbreak. I use Moz based browsers, mostly K-MELEON since
it is quite fast on my aging PC. I sometimes use Mozilla. I leave
scripting enabled while browsing since I know of no vulnerabilities.
I d/l av updates using homemade programs based on the internet file
fetcher WGET.EXE I use only DOS av scanners but I find that I hardly
ever really use them any more since my habits and "safe hex"
discipline are such that av scanning is practically unnecessary. I
sometimes scan email attachments out of curiosity just to identify the
names of the latest crud in circulation :)
Is there some known vulnerability somewhere here that I'm not aware
of? Is there a _real_ possibility of a buffer overrun type of attack,
assuming someone wanted to bother trying? Again, my question is
limited soley to hacking and the possibility of root access.
ThePsyko
made his/her contribution to mankind by stating in news:3ddcfa02.24098962
@news.epix.net:
Don't take my word as gospel but I'd say you're pretty safe - there are
only a few ways into a 98 system
1) NetBIOS (which you've taken care of)
2) Auto injection via IE or any HTML capable nntp or email client
(including Eudora)
3) User stupidity
You don't strike me as particularly stupid :)
Jem Berkes
> know if there is any way a hacker can get root access. I'll outline my
> situation:
I just wanted to point out that there's no such thing as user level
(privilege based). If anyone manages to execute any code on your system,
they can really do anything they want and aren't limited to the rights of
just that one user.
--
Jem Berkes
http://www.pc-tools.net/
Windows, Linux & UNIX software
Lord Shaolin
news:Xns92CD4AA4F...@marashouse.org...
And the knowledge of the defendee obviously..
If you have total priveledge seperation on the system, every application
runs as a different user, each of the users (applications) only has access
to the parts of the filesystem they need to function an no more..
What can a trojan/virus do exactly?
I'll tell you what, diddly squat :P
And yeh automated execution via browser/e-mail etc, still involved social
engineering to a degree..
All depends on what you are trying to achieve I suppose, there are 100
different ways to stir fry a rat :)
Walter Roberson
Michel Gallant (MVP) <neu...@istar.ca> wrote:
:Probably the best example of social engineering is those windows infections
:that propogate via recipient-list forwarding. Who can resist opening an email
:from their buddy down the haul, or your naive infected boss :-)
:There is no technology solution for this. There is only *SIMPLE* user education.
I must disagree to some extent about there being "no technology
solution" for this. The text-only mail client that I use (BSD Mail)
is completely immune to all such attacks, as is the MIME message
processor I use when someone sends me a document. Furthermore,
when I do read email via a browser, I am completely immune to any
of the MS Windows infection vectors: I'm not running Windows, and
I'm not even running on an Intel architecture.
The fact that my system is immune from those types of Windows
infections implies that Windows could be changed in such a way as
to also be immune from such things. Doing so might perhaps require
that the coders turn off a lot of the *conveniences*. Those
conveniences are, to be sure, -characteristic- of Windows in the
past, but they do not -define- Windows.
--
The physics of compact flash cards is such that it is much more likely
for a cell to deteriorate from a 0 into a 1 than from a 1 into a 0.
Some wag expressed this by pointing out that,
"Bit-rot affects the naughty-bits first!"
ThePsyko
<ab...@127.0.0.1> made his/her contribution to mankind by stating in
True... however maybe I'm branching this thread off more than I should
be... when I think of intrusion, I see a whole world out there beyond
trojans/virus' :)
The Count of Ramalane
>
> > I have a similar question except I use Win 98 original. I'd like to
> > know if there is any way a hacker can get root access. I'll outline my
> > situation:
>
> I just wanted to point out that there's no such thing as user level
> (privilege based). If anyone manages to execute any code on your system,
> they can really do anything they want and aren't limited to the rights of
> just that one user.
That walks and talks like somebody's new .sig, lol!
/ramalane
--
+++alt.hackers.malicious Survival Guide+++
http://www.ramalane.com
"Go Gamecocks!" - Homer Simpson
Lord Shaolin
> On 21 Nov 2002 in alt.hackers.malicious, "Lord Shaolin"
> <ab...@127.0.0.1> made his/her contribution to mankind by stating in
> news:3ddcf...@lon-news.intensive.net:
> > All depends on what you are trying to achieve I suppose, there are 100
> > different ways to stir fry a rat :)
> >
>
> True... however maybe I'm branching this thread off more than I should
> be... when I think of intrusion, I see a whole world out there beyond
> trojans/virus' :)
>
> --
> ThePsyko
> Public Enemy #7
> "God told me to skin you alive"
>
> http://prozac.iscool.net
That's true too, I was just trying to stick the basis of this great thread
Tracker *ahem* instigated.
Damian Menscher
> I doubt it, you're describing my server systems, which have been running
> exactly this way for over a year now. No hacks, no cracks, no backdoors or
> trojans.
How do you know? ;)
Damian Menscher
--
-=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| <mens...@uiuc.edu> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
Ned Flanders
Damian Menscher
Obviously not, my top-posting friend.
/dpm
Damian Menscher
Bill Sanderson
"Me" <no_address_for_stink...@x-ray.gs> wrote in message
news:36sptu07mklj25v9p...@4ax.com...
Ned Flanders
> In comp.security.misc Ned Flanders <ned...@hotmail.com> wrote:
>> Because I have a clue.
>> :-)
>
> Obviously not, my top-posting friend.
>
> /dpm
OHMIGOD I'VE BEEN H4X0Red(or however the *** the script kiddies spell it
these days)
Is that better, my bottom-feeding^Wposting friend?
;-p
Alun Jones
>I must disagree to some extent about there being "no technology
>solution" for this. The text-only mail client that I use (BSD Mail)
>is completely immune to all such attacks, as is the MIME message
>processor I use when someone sends me a document.
You are _certain_ that there is zero possibility of buffer overflow or other
data-driven attack in both of those programs? Have you analysed every source
line to be certain of this? If not, then you cannot say that your software is
"completely immune".
>Furthermore,
>when I do read email via a browser, I am completely immune to any
>of the MS Windows infection vectors: I'm not running Windows, and
>I'm not even running on an Intel architecture.
So you're capable of being infected by malware that target your processor,
your OS, and your applications, but immune to attacks against other
processors, other OSs, and other applications? Isn't that just another form
of "security through obscurity"? "I'm safe because I use a less popular OS /
application / processor" seems to assume that the only possible attack is a
random one based on popularity. Let's assume someone wants to target you, and
anyone who chose the same processor / OS / application as you. How safe are
you?
You've saved yourself from most of the more random style of attack. Bully for
you. Do not confuse yourself into thinking that this makes you completely
safe.
>The fact that my system is immune from those types of Windows
>infections implies that Windows could be changed in such a way as
>to also be immune from such things.
Yes, by the simple fact of being _not_ Windows. Your point completely escapes
me. You say that your system is safe because it isn't Windows, and if Windows
was made to be not Windows, then it would be safe. What you really mean is
"if the world switched to my operating system, then they'd all be as safe as
me from Windows-based attacks". Well, duh. Of course, then, with the whole
world using platform X, the new target for random attacks would be platform X.
Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place | http://www.wftpd.com or email al...@texis.com
Cedar Park TX 78613-1419 | VISA/MC accepted. NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for XP/2000/NT.
p...@icke-reklam.ipsec.nu
> In article <arj3ho$omn$1...@canopus.cc.umanitoba.ca>, robe...@ibd.nrc.ca (Walter
> Roberson) wrote:
>>I must disagree to some extent about there being "no technology
%% stuff removed %%%
> Yes, by the simple fact of being _not_ Windows. Your point completely escapes
> me. You say that your system is safe because it isn't Windows, and if Windows
> was made to be not Windows, then it would be safe. What you really mean is
> "if the world switched to my operating system, then they'd all be as safe as
> me from Windows-based attacks". Well, duh. Of course, then, with the whole
> world using platform X, the new target for random attacks would be platform X.
> Alun.
> ~~~~
The fact that WR uses a better security architecture will increase his safety.
Using a non-windows platform will furter increase since most (all?) the
nasty vises floating around attacks windows ( cause they are easy targets)
That said, there is no absolute security, the chances of succesful
attacks seems very low for WR.
Whats the point in denying that ?
And of couse, if everyone and his uncle shoudl start using platform X
the virus makers should at least try to follow. Their chances of
success would (in my opinion) be restricted to misconfigured systems.
With windows targets, any non-hardened machine is vulnerable.
> [Please don't email posters, if a Usenet response is appropriate.]
> --
> Texas Imperial Software | Try WFTPD, the Windows FTP Server. Find us at
> 1602 Harvest Moon Place | http://www.wftpd.com or email al...@texis.com
> Cedar Park TX 78613-1419 | VISA/MC accepted. NT-based sites, be sure to
> Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for XP/2000/NT.
--
Peter HÃ¥kanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
Damian Menscher
> Damian Menscher <menscher...@uiuc.edu> said (and I quote):
>> In comp.security.misc Ned Flanders <ned...@hotmail.com> wrote:
>>> Because I have a clue.
>>> :-)
>>
>> Obviously not, my top-posting friend.
> OHMIGOD I'VE BEEN H4X0Red(or however the *** the script kiddies spell it
> these days)
Again, how do you know?
Just trying to point out that the average computer user isn't
qualified to say whether they've been hacked. I once had a really
hard time convincing a website they'd been hacked. They looked at
their system, saw normal activity, didn't see any obvious evidence
of a compromise, and told me I must be mistaken. I had to walk
them through the various changes the intruder had made, and show
them logs (on their machine) of his activities. Eventually they
believed me.
Now before you start saying you're "above average", perhaps you
should recognize that you're making a fool of yourself. I doubt
many of the clueful people in here would claim to be certain they
haven't been hacked. About the best would be to say that the
hacker would have had to circumvent tripwire, etc.
Ned Flanders
to get you to shut up.
sms admin (real name david manor)
-=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=-
i don't know what you were thinking.
"Ned Flanders" <ned...@hotmail.com> wrote in message
news:jnxD9.62948$ka.18...@news1.calgary.shaw.ca...
Ned Flanders
;-)
sms admin (real name david manor) <notl...@you.com> said (and I quote):
Tracker
Damian Menscher wrote:
> In comp.security.misc Ned Flanders <ned...@hotmail.com> wrote:
> > Damian Menscher <menscher...@uiuc.edu> said (and I quote):
> >> In comp.security.misc Ned Flanders <ned...@hotmail.com> wrote:
> >>> Because I have a clue.
> >>> :-)
> >>
> >> Obviously not, my top-posting friend.
>
> > OHMIGOD I'VE BEEN H4X0Red(or however the *** the script kiddies spell it
> > these days)
>
> Again, how do you know?
>
> Just trying to point out that the average computer user isn't
> qualified to say whether they've been hacked. I once had a really
> hard time convincing a website they'd been hacked. They looked at
> their system, saw normal activity, didn't see any obvious evidence
> of a compromise, and told me I must be mistaken. I had to walk
> them through the various changes the intruder had made, and show
> them logs (on their machine) of his activities. Eventually they
> believed me.
>
> Damian Menscher
Amen man. Your totally right on, thanks for the post.
Tracker
Lars M. Hansen
You're not qualified to say if a computer is hacked either, Debbie, so
get of your high horse ...
Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'lars' in e-mail address)
Me
wrote:
You aren't qualified to say whether or not your comuter it *turned
on*.
ThePsyko
<no_address_for_stink...@x-ray.gs> made his/her
contribution to mankind by stating in
sometimes I wonder if she's even qualified to wipe her own ass...
Lars M. Hansen
>
>You aren't qualified to say whether or not your comuter it *turned
>on*.
Nice comeback. I'm shattered.
Mimic
news:3g0vtushscoc9n5aq...@4ax.com...
lol. well said
--
Mimic
"Without knowledge you have fear, With fear you create your own nightmares"
Mimic
i thought the care bears did that ?
Me
>You aren't qualified to say whether or not your comuter it *turned
>on*.
Sigh... I'm giving up for the day. I can't FORCE these fingers to hit
the correct keys.
comuter it = computer is
LIVEBYTHEWORDDDIEBYTHE SWORD
Me wrote:
> On Tue, 19 Nov 2002 21:10:05 +1100, "S. Pidgorny [MVP]"
> <slav...@yahoo.com> wrote:
>
> >...and personal firewall offers reasonable protection against all of the
> >below, isn't it?
>
> Yes, against those listed, but a properly coded custom bug will waltz
> right past a software firewall without a hiccup.
Sure you know about them hiccup and won't share what you know. What a loser
with low self esteem.
Tracker A Butt
LIVEBYTHEWORDDDIEBYTHE SWORD
> Zone Alarm request permission to allow an un-approved process to
> access the WAN?
Never heard Zone Alarm wanting access to a WAN in four years.
Did you ever catch any fish on this post?
> Author: old...@cotse.net
>
> complete source at
> http://www.cotse.net/users/oldami/zadodge.c
>
> -oldami
>
> </repost of achived oldami post>
Tracker
LIVEBYTHEWORDDDIEBYTHE SWORD
Me wrote:>You aren't qualified to say whether or not your comuter it
*turned
> >on*.
>
Nor are you qualified
Tracker_#1
Me
<0...@NETSCAPE.NET> wrote:
>> Excellent. There's one more trick that can be useful. Ever notice how
>> Zone Alarm request permission to allow an un-approved process to
>> access the WAN?
>Never heard Zone Alarm wanting access to a WAN in four years.
That would be because you're completely cluless and can't comprehend
the written language Debbie. :-)
>Did you ever catch any fish on this post?
Just you. ;-)
Me
<grin/smirk>
Mimic
news:3E0B7423...@NETSCAPE.NET...
> > Excellent. There's one more trick that can be useful. Ever notice how
> > Zone Alarm request permission to allow an un-approved process to
> > access the WAN?
>
> Never heard Zone Alarm wanting access to a WAN in four years.
> Did you ever catch any fish on this post?
>
>
USENET POST WARNING
====================
The User by the name "Tracker" aka Debbie, VPNSISHACKERSSECRET, regulary
posts incorrect, misleading and damaging information, to rely on the advice
of this person could result in irrepairable damage to your system. It is my
personal advice not to listen to anything that this person posts and
certainly to not attempt or believe anything this person advises. the
following text may contain additional information in the form of corrections
and/or warnings to this person post.
====================
A WAN stands for a Wide Area Network, WAN network as those that strecth over
distance, such as a large national company network, or even... the internet.
Trackers statement is misleading in that she doesnt seem to understand what
a WAN is and therefore providing misleading and potentially damaging
information, also the only time Zone Alarm itself would access the WAN (in
this case the internet) would be for updates. Tracker didnt seem able to
grasp what the original post was about. The previous poster was refering to
the fact that Zone Alarm will alert you when any program on the system tries
to access the internet(WAN) such as internet explorer, outlook etc, and thus
giving you the oppotunity to not allow it to do so, ie in the case of a
trojan.
--
Mimic
"Without Knowledge You Have Fear, With Fear You Create Your Own Nightmares"
Mimic
USENET POST WARNING
====================
The User by the name "Tracker" aka Debbie, VPNSISHACKERSSECRET, regulary
posts incorrect, misleading and damaging information, to rely on the advice
of this person could result in irrepairable damage to your system. It is my
personal advice not to listen to anything that this person posts and
certainly to not attempt or believe anything this person advises. the
following text may contain additional information in the form of corrections
and/or warnings to this person post.
====================
--
Mimic
USENET POST WARNING
====================
The User by the name "Tracker" aka Debbie, VPNSISHACKERSSECRET, regulary
posts incorrect, misleading and damaging information, to rely on the advice
of this person could result in irrepairable damage to your system. It is my
personal advice not to listen to anything that this person posts and
certainly to not attempt or believe anything this person advises. the
following text may contain additional information in the form of corrections
and/or warnings to this person post.
====================
(i missed the OP but) surely she doesnt think his name is hiccup ?
x y
"Mimic" <gn0...@gn0rties.ville> wrote in message
news:aul1hr$vdr$1...@news6.svr.pol.co.uk...
> USENET POST WARNING
> ====================
> The User by the name "Tracker" aka Debbie, VPNSISHACKERSSECRET, regulary
> posts incorrect, misleading and damaging information, to rely on the
advice
> of this person could result in irrepairable damage to your system. It is
my
> personal advice not to listen to anything that this person posts and
Maybe I should add this to the FAQ?
Bill Sanderson
"x y" <levin...@excite.com> wrote in message
news:uDlKSVtrCHA.1776@TK2MSFTNGP10...
DaveK
news:3E0B737B...@NETSCAPE.NET...
>
Fuck off Debbie. I want to talk to Me.
> Me wrote:
>
> > On Tue, 19 Nov 2002 21:10:05 +1100, "S. Pidgorny [MVP]"
> > <slav...@yahoo.com> wrote:
> >
> > >...and personal firewall offers reasonable protection against all of
the
> > >below, isn't it?
> >
> > Yes, against those listed, but a properly coded custom bug will waltz
> > right past a software firewall without a hiccup.
Among the techniques I know (or have grounds to think might work but
haven't tried) are:
1) inject the code that makes an outgoing connection into a process that
already has rights to access the net.
2) bung a keypress into the 'let this exe connect?' window a la zadodge
3) at least some fwalls don't seem to properly monitor/intercept when
additional ndis protocol drivers are added.
4) kill the fwall process (although IIUIC, ZA for one will fail-close when
this happens)
5) perhaps some clever api hooking on the ndis.sys and lower level drivers
might work too.
6) add an ndis filter driver at a lower level than the firewall (if
possible) that could replace the occasional IP packet that the fwall has
already approved and passed down to the lower network drivers with a packet
of its own.
Most of these will require admin or system privs, and although M$ have
patched quite a few local-priv-elevation bugs lately, more must surely
remain (all suggestions gratefully accepted for investigation, btw).... and
of course, most XP users are going to be running as admin most of the time
anyway.....
Has anyone got any other ideas they could add to that list? I'm pretty sure
that no fwall worth considering is fooled by the 'rename your exe to match a
permitted one' trick anymore, although of course if any of them are dumb
enough to use CRCs to check the identity of exes instead of crypto hashes,
spoofing a known CRC is an easy problem, so a self modifying exe that alters
a few garbage bytes in its data section until it has the correct CRC ought
to work for them....
DaveK
--
moderator of
alt.talk.rec.soc.biz.news.comp.humanities.meow.misc.moderated.meow
Burn your ID card! http://www.optional-identity.org.uk/
Help support the campaign, copy this into your .sig!
Proud Member of the Exclusive "I have been plonked by Davee because he
thinks I'm interesting" List Member #<insert number here>
Master of Many Meowing Minions
Holder of the exhalted PF Chang's Crab Wonton Award for kook spankage above
and beyond the call of hilarity.
PGP Key-ID: 0x0FB504D1 Fingerprint 04B7 2E8C 0245 680E 6484 C441 CEC7 D2BD