Aces High Bulletin Board
General Forums => Hardware and Software => Topic started by: FUNKED1 on January 08, 2004, 03:04:25 AM
-
I was looking through my Radmin logs and I saw some attempted logins from a strange IP. I use the built in IP filter so it was of no consquence, but I thought "YOU BASTARD" and decided to send him a login attempt just for kicks. To my shock I got in on the first try without a password, full control. Some poor schmuck's desktop full of his personal financial data etc. Apparently a trojan or something had planted r_server.exe on his computer without leaving any other trace of an Radmin install. I left him a note on his desktop explaining this to him, and how to stop it. I considered opening his Outlook to get his email but I didn't want to intrude any further. Did I do the right thing?
-
I'd have gone ahead and got his email and let him know the problem from that direction too. Hey, you were already in right? No telling what he'll think if/when he finds the desktop note.
Tumor
-
Well I went back to get his email and I couldn't login. Hopefully he got the note and took action.
-
Cable connections...the worst. This is why most people should not have a cable connection as they have no clue how exposed thier computer is to their neighbor.
It can happen on a DSL connection, but only if the ISP has no clue how to setup a router.
-
Originally posted by Skuzzy
Cable connections...the worst. This is why most people should not have a cable connection as they have no clue how exposed thier computer is to their neighbor.
This is why I keep nothing-at all-ever on my computer I wouldn't want anyone else to see or know.
-
Originally posted by Skuzzy
Cable connections...the worst. This is why most people should not have a cable connection as they have no clue how exposed thier computer is to their neighbor.
It can happen on a DSL connection, but only if the ISP has no clue how to setup a router.
You mean cable, as in RoadRunner? I was thinking of going to that, since I'll never be able to get DSL where I live.
-
Originally posted by slimm50
You mean cable, as in RoadRunner? I was thinking of going to that, since I'll never be able to get DSL where I live.
I think Skuzzy said "most" people cause they aren't smart nuff to take precautions. If you are on cable, a good hardware firewall is a must to keep others out and a software firewall for backup and to catch things trying to leave your puter.
DJ229 - AIR MAFIA
-
What are the problems with just a software firewall. What benifits does the hardware firewall add?
-
What Davenrino said.
Hardware firewalls have the benefit of running external to your computer, which means your CPU is free to do other things more important, like play AH. :D
Of course, when I think 'hardware firewall', I am not thinking about those cheap consumer routers. But, my solution is not for everyone.
-
I'm more concerned about the actual protection benefit. So other than clock cycles a software firewall is as good as a hardware firewall (Both having same feature set)?
-
Skuzzy, Radmin uses port 4899 by default. I don't think it matters whether you are on cable or DSL.
-
Cable is easier as local nodes are all on the same subnet. There is no concept of 'local nodes' in a DSL network.
Broadcasts of NetBIOS make it trivial to track down local cable node users. Won't work on DSL.
I was just noting that the inherent risks are significantly higher in a cable connection versus a DSL connection as most users have no clue how to stop NetBIOS propagation within a subnet.
Of course, this all assumes the ISP actually knows how to setup a router for its DSL clients. Whereas the local nodes of a cable network are completely out of the control of the ISP and very visible to each other.
-
When my ISP was first rolling out DSL years ago, I innocently checked the Network Neighborhood and noted the ISP name there. Double clicked. Saw a share named billing. Hmm. ...saw a shared HP4 laserjet and printed YOUR NETWORK ISNT SECURE
Couldn't get there the following night :p
-
And therein is why I usually add that disclaimer. What I take for granted, that should be done, is not neccessarily what is actually done.
It amazes me how many ISP's still have very poor security for their clients and local networks.
-
At the computer shop I used to work in we were on a cable node with several other business and residential customers. During the day when I had nothing to do I would browse the network neighborhood and see who was on and try to get in just to check them out. 99% of them were customers and knew me personally (even still know me today 4-5 years later) and that we were helping them out. One guy we would print to all day long telling him his office network wasn't secure. After about 2 weeks of that the guy finally walked over and asked us to stop since it was the local OSHA office and we were using all their paper in the printer. From then on we left .doc's on all the desktops in the office and about two more weeks went by and we couldn't get into the network anymore. I guess they finally got the message.
Since I have moved over to a cable modem on the 31st of December I have had no less than 3 port scans with attempts to run files called "Backdoor/SubSeven Trojan horse", "Block Silencer Trojan horse" or some other crap program each day. The crazy thing is then I get to see where the program is directly attacking from. Half of them have been from the US but then the other half has come from either China or Korea.
-
One of my friends has his laptop over, he has a wireless network card for his house, then he has a regular ethernet which is what i use in the house.
Anyway, we booted it up, and noticed that the wireless lan picked up a signal, it was really low signal but it connected, was like 1.5 mbps I think.
Some poor guy/gal in the neighborhood didn't set it up right and I was able to get a connect of them. :) and of course, he didn't have his router configured so you could just type in the default, admin password and get in.
-
Estes, I see that every time I set up WiFi for a friend. There's always some twit in the neighborhood with everything wide open.
-
Man Funked, you ruin my day. I thought I was special. :p
-
Great thread. I was actually thinking of getting a cable connection until seeing this discussion. Now, I will only consider such a connection with a hardware firewall.
My question: What are the best sources for configuring such a firewall?
Thanks,
MiG
-
My friends and I used to cruise the on campus housing network when we were in school. Occasionally we'd find a resident who's computer was wide open or had their printer on the network what not. Well my friend also worked for the housing dept. So one day he decided to drive the point home that people should protect their computers on a network. He found a open system got the guys name off his email and then went to work and pulled the guys record then one night late at night he had the poor guys printer just spit out a little note saying "Hello Mr. so-and-so... SS# 123-45-6789... who lives in room blah-blah-blah of this building... you really shouldn't leave your computer open on the network who knows what people can find out about you."
The printer and computer soon disappeared. :)
-
ZoneAlarm is one of the best firewalls out there for protecting a single PC. You can gain a lot of protection simply by using NAT. For protecting a network, you can dig out an old PC and install Smoothwall. Agnitum Outpost is also good.
I'm a firm believer in layered defence.
-
Originally posted by Estes
Man Funked, you ruin my day. I thought I was special. :p
Well it's not always as bad as the case you describe, but there's always something open.
-
Originally posted by CMC Airboss
Great thread. I was actually thinking of getting a cable connection until seeing this discussion. Now, I will only consider such a connection with a hardware firewall.
My question: What are the best sources for configuring such a firewall?
Thanks,
MiG
FWIW the problem we are discussing (Radmin being wide open) would be just as bad on DSL as with cable.
-
So many options for hardware type firewalls...
Pick up an old cisco 25xx or 26xx router off ebay for pocket change, configure NAT and/or access lists. Several people have mentioned having a PC front end for the network. Late versions of Redhat are great for setting up something like that. Literally walks you through configuring DCHP and IPChains.