do me a favor osk... run
nestat -a
from a command prompt and see what is established or listening, and let us know.
do me a favor osk... run
nestat -a
from a command prompt and see what is established or listening, and let us know.
Blue
>>Do you dissassemble all of the software your friends send you? Wow... I would rather run updated virus software.
well, yeah, but this is not an everyday process because I normally don't get any software from my friends. What friend send is documents, and I have antivirus for that, and I open the macros just to make sure there's no nasty stuff in there.
But, let me tell you how I got the virus that wiped out my pc 3 days ago: My brother was working on a 60 page document he had to turn in the next day. The computer ****ed up and he reset the computer. Unfortunately for us, the disk had a MBR virus, and it infected the hard drive. when the antivirus software I have told me that we had a virus, I told it to fix it (I first didn't, but Widows didn't start), and the Antivirus erased the MBR!, I can't beleive it, it also screwed up the file system and split the disk in 2!
but that's different because I wasn't the one who was responsible for it.
Oskilian
Oh man... that really sucks! Did you try to restore the MBR with fdisk?
Blue
Here's a good one....I think this applied to a version of OE...but I cant remember.....anyway... some guy realised that if you create a file name with>>>eg: nakedchick.jpg.shh will apear as nakedchick.jpg and shh is actually an executable file that can contain malicious code
Cool. You learn something new every day. You got to hand it to some people.... so many clever ones.
"Hello.doc ::loads of spaces here:: evilcode.exe"
The last bit would not be visible in the dialog box.... therefore they would see;
"Hello.doc"
Of course, it would often have the bog standard .exe icon in that state, but still.... many ran it....
>do me a favor osk... run
nestat -a <
what am I looking for? I have some TCP connections listening, I have 10 connections in ati.com, I have the messenger cennection, two at hotmail.two at cprog, some UDP's, all idle and another TCP which runs some software I made.
Oskilian
yeah, but no good, I finished recovering the data with a unix computer and saved all I needed. then I reinstalled Windows. no big harm done. as for my brother's work, I saved it and he was able to turn it in one day laterOriginally posted by Betazep
Oh man... that really sucks! Did you try to restore the MBR with fdisk?
Oskilian
You have 10 ESTABLISHED connections to ati.com? That is interesting.
Watch those listening ports. If any of them say established over the next week and you shouldn't be connected to anything. There you go...
I think that knowing your connections is part of the 'being careful' that you talk of.
I run netstat from time to time just to see what is up.
Blue
if you do
netstat -a 3
it will keep running over and over with a three second delay in between loops (until you hit CTRL C).
I have mine looping right now. I am on a cable modem. I have no listening ports and two connections to cprogramming.com.
Blue
10 connections to ati.com, I'm downloading my drivers with Mass Downloader (Very good software)
as for netstat, I run it every once in a while, but I dodn't know you could do netstat -a , I always get bored before it ends!
is there a more graphical version of netstat?
thnks for the advice
Oskilian
Last edited by oskilian; 11-24-2001 at 10:23 PM.
you could try a port monitor...
If you are familiar with lsof for nix, you might like this for windows... it is similar
http://www.ntsecurity.nu/toolbox/inzider/
You can find out what applications are holding your ports open in the listening state...
Blue
Just one thought for all those who rightly claim that firewalls are not good enough to protect from hackers:
I don't have anything on my PC you can't get by hacking my neighbour or connecting to me with a filesharing tool. There is no reason to hack me instead of the next guy. Know the story of the dragon and the halfling ? You and a halfling are out to kill a dragon. He's alot bigger and meaner than you thought. You run. Remember: You don't have to outrun the dragon. You just need to outrun the halfling.
hth
-nv
She was so Blonde, she spent 20 minutes looking at the orange juice can because it said "Concentrate."
When in doubt, read the FAQ.
Then ask a smart question.
>>>Remember: You don't have to outrun the dragon. You just need to outrun the halfling.
Exactly...
I am in the business of security. I design and impement physical electronic security systems for some pretty hefty organizations (government agencies, et al). The one thing that I have learned through the years is that the criminals don't go for the hardest target. They go for the weakest link.
Two convenience stores sitting on the same street. One is decked out with High grade Video Motion Detection Systems, balance magnetic sensors, remote recording, and an armed security guard. The other has nothing. Who gets robbed.
Security in the computer industry is the same... I know you guys have different opinions about that. I have heard the whole, "if you are a harder target, hackers will see you as a challenge." Well that theory is contrary to what I learned in my Unix classes, in my comp security classes, etc etc for which I have a degree in now.
Good system Admins try to secure their boxes to the fullest extent and hope that they will be passed over by the uber hacker for easier meat. That is a general consensus.
My unix teacher was and still is the Chief Computer Security Specialist for goverment agencies in the Pacific. Not once did he tell me that having some measure of security for my computer is a bad thing. On the contrary, he said to do all I can to the best of my ability to protect my computer.
Then again, my home computer isn't at fort knox.... so I really don't care that much at home, but just the same bouncing can cost a lot... especially, for example, with the SYN DOS proggy that attacked all those websites a while back.
My advice... take it or leave it... is to protect yourself where you can. Hopefully, you will do it all in vain and nobody will ever attack you. Just think of the the things you might learn from the experience tho...
Last edited by Betazep; 11-25-2001 at 04:02 AM.
Blue