Spooky Experience

[FUNKED1]

I was looking through my Radmin logs and I saw some attempted logins from a strange IP.  I use the built in IP filter so it was of no consquence, but I thought "YOU BASTARD" and decided to send him a login attempt just for kicks.  To my shock I got in on the first try without a password, full control.  Some poor schmuck's desktop full of his personal financial data etc.  Apparently a trojan or something had planted r_server.exe on his computer without leaving any other trace of an Radmin install.  I left him a note on his desktop explaining this to him, and how to stop it.  I considered opening his Outlook to get his email but I didn't want to intrude any further.  Did I do the right thing?

[Tumor]

I'd have gone ahead and got his email and let him know the problem from that direction too.  Hey, you were already in right? No telling what he'll think if/when he finds the desktop note.

Tumor

[FUNKED1]

Well I went back to get his email and I couldn't login.  Hopefully he got the note and took action.

[Skuzzy]

Cable connections...the worst.  This is why most people should not have a cable connection as they have no clue how exposed thier computer is to their neighbor.

It can happen on a DSL connection, but only if the ISP has no clue how to setup a router.

[Tumor]

Originally posted by Skuzzy
Cable connections...the worst.  This is why most people should not have a cable connection as they have no clue how exposed thier computer is to their neighbor.

This is why I keep nothing-at all-ever on my computer I wouldn't want anyone else to see or know.

[slimm50]

Originally posted by Skuzzy
Cable connections...the worst.  This is why most people should not have a cable connection as they have no clue how exposed thier computer is to their neighbor.

It can happen on a DSL connection, but only if the ISP has no clue how to setup a router.

You mean cable, as in RoadRunner? I was thinking of going to that, since I'll never be able to get DSL where I live.

[DAVENRINO]

Originally posted by slimm50
You mean cable, as in RoadRunner? I was thinking of going to that, since I'll never be able to get DSL where I live.

I think Skuzzy said "most" people cause they aren't smart nuff to take precautions.  If you are on cable, a good hardware firewall is a must to keep others out and a software  firewall for backup and to catch things trying to leave your puter.

DJ229 - AIR MAFIA

[mars01]

What are the problems with just a software firewall.  What benifits does the hardware firewall add?

[Skuzzy]

What Davenrino said.

Hardware firewalls have the benefit of running external to your computer, which means your CPU is free to do other things more important, like play AH.

Of course, when I think 'hardware firewall', I am not thinking about those cheap consumer routers.  But, my solution is not for everyone.

[mars01]

I'm more concerned about the actual protection benefit.  So other than clock cycles a software firewall is as good as a hardware firewall (Both having same feature set)?

[FUNKED1]

Skuzzy, Radmin uses port 4899 by default.  I don't think it matters whether you are on cable or DSL.

[Skuzzy]

Cable is easier as local nodes are all on the same subnet.  There is no concept of 'local nodes' in a DSL network.

Broadcasts of NetBIOS make it trivial to track down local cable node users.  Won't work on DSL.

I was just noting that the inherent risks are significantly higher in a cable connection versus a DSL connection as most users have no clue how to stop NetBIOS propagation within a subnet.

Of course, this all assumes the ISP actually knows how to setup a router for its DSL clients.  Whereas the local nodes of a cable network are completely out of the control of the ISP and very visible to each other.

[LePaul]

When my ISP was first rolling out DSL years ago, I innocently checked the Network Neighborhood and noted the ISP name there.  Double clicked.  Saw a share named billing.  Hmm.  ...saw a shared HP4 laserjet and printed YOUR NETWORK ISNT SECURE

Couldn't get there the following night  

[Skuzzy]

And therein is why I usually add that disclaimer.  What I take for granted, that should be done, is not neccessarily what is actually done.
It amazes me how many ISP's still have very poor security for their clients and local networks.

[Reschke]

At the computer shop I used to work in we were on a cable node with several other business and residential customers. During the day when I had nothing to do I would browse the network neighborhood and see who was on and try to get in just to check them out. 99% of them were customers and knew me personally (even still know me today 4-5 years later) and that we were helping them out. One guy we would print to all day long telling him his office network wasn't secure. After about 2 weeks of that the guy finally walked over and asked us to stop since it was the local OSHA office and we were using all their paper in the printer. From then on we left .doc's on all the desktops in the office and about two more weeks went by and we couldn't get into the network anymore. I guess they finally got the message.

Since I have moved over to a cable modem on the 31st of December I have had no less than 3 port scans with attempts to run files called "Backdoor/SubSeven Trojan horse", "Block Silencer Trojan horse" or some other crap program each day. The crazy thing is then I get to see where the program is directly attacking from. Half of them have been from the US but then the other half has come from either China or Korea.