Jump to content

Hack Attack


skippybangkok

Recommended Posts

hi,

In china for work for a few days, and the hotel I stay at has changed ISP. I get these messages alot. Can anyone advise:-

1. Should I worry ( seems like someone trying to hack in )

2. Am I protected with TRend, or should add more software. Some one once told me on TV no need for extra firewall, XP will handle it, not so sure though.

Thx.

post-25605-1163573513_thumb.jpg

Edited by skippybangkok
Link to comment
Share on other sites

As they are all port 80, which is the HTTP port, that would suggest that someone is looking at that IP address for a web server, which does not exist.

Maybe the person using that IP address had a server running at home, or still has the server running and the ISP has reallocated the address.

Link to comment
Share on other sites

hi,

In china for work for a few days, and the hotel I stay at has changed ISP. I get these messages alot. Can anyone advise:-

1. Should I worry ( seems like someone trying to hack in )

2. Am I protected with TRend, or should add more software. Some one once told me on TV no need for extra firewall, XP will handle it, not so sure though.

Thx.

post-25605-1163573513_thumb.jpg

The two hits in your screenshot comes from BBC News' web server. Is all traffic coming from that same IP? Maybe it used to belong to BBC (unusual to get http requests _from_ a web server otherwise)...

...unless the source IP if spoofed of course - in that case it is very likely a hack attack. You can always fire up IIS/PWS on your system (after applying all patches) and see what kind of traffic they are sending. There has been some IIS vulnerabilities that can be exploited over http on unpatched systems...

Edited by lingling
Link to comment
Share on other sites

......Some one once told me on TV no need for extra firewall, XP will handle it, not so sure though....
You are correct.....they were wrong. The firewall built into WindowsXP (when activated) only protects you against incoming malware, not outgoing. Should your system becomes infected, a virus, trojan, rootkit, keylogger, et-al, could collect information about you and your system, then transmit that information to a third party, all without your knowledge. A good two-way firewall, such as Zone Alarm, will warn you, should any "unauthorized" program attempt to exit the firewall, or as it is commonly referred to..."call home".
.... in BKK. No problem as I think the wireless router / modem (dlink) protects from most of that stuff.......
The "firewall" in most routers only blocks unauthorized incoming data, NOT outgoing. You still need a two-way firewall.
.....How do I setup it with password?(multi users)?.....
Why do you want to have "multi user" passwords for the firewall? If other users have the capability of "modifying" the firewall settings, then your whole system becomes vulnerable to attack, not just from the outside, but from within. Most firewalls, including Zone Alarm, have an "Administrative" password capability, which governs all users.

waldwolf

Link to comment
Share on other sites

......Some one once told me on TV no need for extra firewall, XP will handle it, not so sure though....
You are correct.....they were wrong. The firewall built into WindowsXP (when activated) only protects you against incoming malware, not outgoing. Should your system becomes infected, a virus, trojan, rootkit, keylogger, et-al, could collect information about you and your system, then transmit that information to a third party, all without your knowledge. A good two-way firewall, such as Zone Alarm, will warn you, should any "unauthorized" program attempt to exit the firewall, or as it is commonly referred to..."call home".
.... in BKK. No problem as I think the wireless router / modem (dlink) protects from most of that stuff.......
The "firewall" in most routers only blocks unauthorized incoming data, NOT outgoing. You still need a two-way firewall.
.....How do I setup it with password?(multi users)?.....
Why do you want to have "multi user" passwords for the firewall? If other users have the capability of "modifying" the firewall settings, then your whole system becomes vulnerable to attack, not just from the outside, but from within. Most firewalls, including Zone Alarm, have an "Administrative" password capability, which governs all users.

waldwolf

Thanks......

Link to comment
Share on other sites

......Some one once told me on TV no need for extra firewall, XP will handle it, not so sure though....
You are correct.....they were wrong. The firewall built into WindowsXP (when activated) only protects you against incoming malware, not outgoing. Should your system becomes infected, a virus, trojan, rootkit, keylogger, et-al, could collect information about you and your system, then transmit that information to a third party, all without your knowledge. A good two-way firewall, such as Zone Alarm, will warn you, should any "unauthorized" program attempt to exit the firewall, or as it is commonly referred to..."call home".
.... in BKK. No problem as I think the wireless router / modem (dlink) protects from most of that stuff.......
The "firewall" in most routers only blocks unauthorized incoming data, NOT outgoing. You still need a two-way firewall.
.....How do I setup it with password?(multi users)?.....
Why do you want to have "multi user" passwords for the firewall? If other users have the capability of "modifying" the firewall settings, then your whole system becomes vulnerable to attack, not just from the outside, but from within. Most firewalls, including Zone Alarm, have an "Administrative" password capability, which governs all users.

waldwolf

my 2c: I think this is Bull*, and it's perpetrated by the very companies that want to sell us their AV software/firewalls. ZoneAlarm in particular is almost a virus in itself, it installs itself at the lowest level of the system and cannot be disabled. You need to uninstall it to get rid of it. I am not comfortable with such software, it invites system instability like nothing else. Norton isn't much different, actually.

From a security perspective, the windows firewall is just fine. You must protect yourself from incoming malware, but once malware is already on your system, it's too late, nothing can help you. Modern malware will disable all your fancy security software before doing anything else. ZoneAlarm, Norton, they are all well known and any trojan worth its salt will disable them upon arrival.

The attack vector is as follows:

- User goes to website that has been hacked or is otherwise set up to distribute malware - porn and warez sites mostly fall into this category

- User is using IE, website exploits one of the many unplugged bugs in IE

- Trojan therefore gets executed on the client system through these holes in IE

- Trojan disables / circumvents ZoneAlarm, Norton, McAfee, first thing. Game over, you have lost, you are infected, and nothing current security software can do can help you.

Security software will prevent you from opening an email attachment titled AngelinaJolieNaked.exe, but that's about it. Windows Firewall is enough to act as firewall. Use Firefox so you don't fall under the IE attack vector. Disable JavaScript and ActiveX in IE and don't use Outlook.

As for the message the OP gets: This could be anything. Most likely, it's a false warning. It's a message of the security software telling you how important it is, so you keep buying updates. Of course it could be that a real threat has been detected, but 99% of all cases this is just useless (and scary!) noise.

I recommend security software to other people because most of them cannot be trusted to follow three simple steps:

- Use Firefox

- Don't use Outlook, use anything else, best gmail or yahoo mail or even hotmail, because the webmail programs check for viruses.

- Don't click on any document anyone sends you unless you have it checked for viruses first. Even if its your brother Joe. Most people fall for that last one, they think they get something from a trusted source and automatically trust it, not realizing that the trusted source may have been compromised.

Link to comment
Share on other sites

Sound advice above: Firefox solves alot of problems I have hardly had any malware since switching to the Fox and it has even more functionality than IE.

If you must pay for a firewall AVG Professional Antivirus has an excellant firewall built in too.

However, if you want a free solution, there are plenty of good alternatives to Zone Alarm (which I find too intrusive).

Check out the site below it has a huge selection of free/shareware applications. This is not a warez site BTW.

http://www.majorgeeks.com/downloads34.html

Edited by quiksilva
Link to comment
Share on other sites

skippybangkok, I am using kaspersky internet security for long time and up to now my computer has never had any virus or problem relating to hack/spy/virus/spam...

I recommend you to use it.

It is a really great protector with hourly updates.

By the way according to statistics in 2006, after Bitdefender Internet security, kaspersky is top internet security program.

I have enough experience about AVG/AVANT/McAfee/Norton/Nod32...all of them have their own problems such as slowing down computer,weak virus detection....

moreover, have a look at below:

http://www.kaspersky.com/news?id=192826984

http://www.kaspersky.com/news?id=207451660

Link to comment
Share on other sites

From a security perspective, the windows firewall is just fine. You must protect yourself from incoming malware, but once malware is already on your system, it's too late, nothing can help you. Modern malware will disable all your fancy security software before doing anything else. ZoneAlarm, Norton, they are all well known and any trojan worth its salt will disable them upon arrival.

The attack vector is as follows:

- User goes to website that has been hacked or is otherwise set up to distribute malware - porn and warez sites mostly fall into this category

- User is using IE, website exploits one of the many unplugged bugs in IE

- Trojan therefore gets executed on the client system through these holes in IE

- Trojan disables / circumvents ZoneAlarm, Norton, McAfee, first thing. Game over, you have lost, you are infected, and nothing current security software can do can help you.

Security software will prevent you from opening an email attachment titled AngelinaJolieNaked.exe, but that's about it. Windows Firewall is enough to act as firewall. Use Firefox so you don't fall under the IE attack vector. Disable JavaScript and ActiveX in IE and don't use Outlook.

As for the message the OP gets: This could be anything. Most likely, it's a false warning. It's a message of the security software telling you how important it is, so you keep buying updates. Of course it could be that a real threat has been detected, but 99% of all cases this is just useless (and scary!) noise.

I recommend security software to other people because most of them cannot be trusted to follow three simple steps:

- Use Firefox

- Don't use Outlook, use anything else, best gmail or yahoo mail or even hotmail, because the webmail programs check for viruses.

- Don't click on any document anyone sends you unless you have it checked for viruses first. Even if its your brother Joe. Most people fall for that last one, they think they get something from a trusted source and automatically trust it, not realizing that the trusted source may have been compromised.

Sounds logical, and if i were a hacker, would take this route (if i knew how ).

So as a summary, there is no real protection out outbound ?

Edited by skippybangkok
Link to comment
Share on other sites

  • 4 weeks later...

One thing that I like with firewalls that has a "rules wizard" is it usually tells you what program is asking for the outgoing connection.

That can help alot finding out if there's an unwanted culprit on your system.

If the threat is incoming, your firewall is just doing it's job.

Any security software that doesn't provide good information (and insted just a pop-up

like "warning, there's a threat") is crap.

Edited by friend2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...