Home
Monday, November 20, 2017
6:21:34 PM
Users online: 0   You are here >> Home > Security

Forums | Security Forums search
Forum FAQ
   
  1  
'Imma bein hacked!'
Master_Scythe 
21/4/08 3:42:16 PM
Titan

Question: has anyone here (on their home system, i know businesses can be targeted) been actually hacked?

Ive been probed, had to bounce back some packets, gotten the SQL virus that fits in one packet (genious whoever wrote that, but i dont run SQL server lol). But has anyones machine ever been cmopromised?

I know people who have upwards of 20 trojans active whos systems and passwords never seem to have been misused. I just dont get it.

MORE IMPORTANTLY!

Im setting up a server which will run no-ip and an FTP server (i'll clearly run it on some odd port). How would people go about 'haxing me'

wouldnt they need to: know my IP, scan the correct port, know what traffic it wants, crack\guess the password?

In simplest terms. If i set up a server, and make a few services (ftp, IRC etc) available to friends (passwords of course), is it possible (anythings possible, is it LIKELY) that another person will find it to connect to\try to connect to?

If so, what method do they use? because without knowing my specific IP and knowing in running an FTP server, wouldnt it be guess work (or if its a scanner... which one? *puppy dog eyes*)

-----
4200+X2 939, ASUS A8N-SLI-D, Ati HD3850, 1gb,1tb total HDD, 109 DVD, LG DVD-rom.
Quote by Girvo
I've got a wicked tiny one that is ridiculously sensitive.



wilsontc 
21/4/08 11:44:19 PM
Guru

Quote by Master_Scythe
Question: has anyone here (on their home system, i know businesses can be targeted) been actually hacked?

Ive been probed, had to bounce back some packets, gotten the SQL virus that fits in one packet (genious whoever wrote that, but i dont run SQL server lol). But has anyones machine ever been cmopromised?

I know people who have upwards of 20 trojans active whos systems and passwords never seem to have been misused. I just dont get it.

MORE IMPORTANTLY!

Im setting up a server which will run no-ip and an FTP server (i'll clearly run it on some odd port). How would people go about 'haxing me'

wouldnt they need to: know my IP, scan the correct port, know what traffic it wants, crack\guess the password?

In simplest terms. If i set up a server, and make a few services (ftp, IRC etc) available to friends (passwords of course), is it possible (anythings possible, is it LIKELY) that another person will find it to connect to\try to connect to?

If so, what method do they use? because without knowing my specific IP and knowing in running an FTP server, wouldnt it be guess work (or if its a scanner... which one? *puppy dog eyes*)



Just make sure you chroot the ftp server, and restrict the logins. If this makes no sense to you, it might not be such a great idea for you to be running ftp, and running an sftp server might be a better idea.

If you're running on a Windows platform (I think I've seen some of your other posts)...I can't really help you with ftp. Hah. But if you install cygwin and the version of OpenSSH that it comes with, you can just create accounts for your friends to use sftp. This is more secure as traffic and logins are encrypted, unlike the plaintext ftp.

-----
Quote by hill60606
$4-5 Billion should go a fair way towards it, especially if we get it from somewhere cheap like MSY.



Master_Scythe 
22/4/08 9:22:59 AM
Titan

yeah It was likely gonna be SFTP or SCP anyway, thanks for the concern :)

Im a GUI whore yes, but that doesnt mean im a windows fanboi, this server will be running DamnSmallLinux. possibly ubuntu now.

I truly appreciate the tip, however it didnt really answer my questions...

my main one being:
If i had a server visible online (my router is port forwarding) how do unauthorised people find the server?

Is it a process of random Ip scanning, then random port scanning the IP's, then hoping it replies to something so you know what type of data the port wants?

For the sake of security i'll be using port triggering, not forwarding, but theres hardly a difference if they're sending data anyway :P


Edited by Master_Scythe: 22/4/2008 1:38:42 PM

-----
4200+X2 939, ASUS A8N-SLI-D, Ati HD3850, 1gb,1tb total HDD, 109 DVD, LG DVD-rom.
Quote by Girvo
I've got a wicked tiny one that is ridiculously sensitive.



iamthemaxx 
22/4/08 1:45:21 PM
Mod
SuperHero

Immortal


Quote by Master_Scythe

If i had a server visible online (my router is port forwarding) how do unauthorised people find the server?

Is it a process of random Ip scanning, then random port scanning the IP's, then hoping it replies to something so you know what type of data the port wants?



AFAIK yes.


For the sake of security i'll be using port triggering, not forwarding, but theres hardly a difference if they're sending data anyway :P


Not true.

-----

Master_Scythe 
22/4/08 4:36:53 PM
Titan

Quote by iamthemaxx
Quote by Master_Scythe

If i had a server visible online (my router is port forwarding) how do unauthorised people find the server?

Is it a process of random Ip scanning, then random port scanning the IP's, then hoping it replies to something so you know what type of data the port wants?



AFAIK yes.


For the sake of security i'll be using port triggering, not forwarding, but theres hardly a difference if they're sending data anyway :P


Not true.



do go on.....

-----
4200+X2 939, ASUS A8N-SLI-D, Ati HD3850, 1gb,1tb total HDD, 109 DVD, LG DVD-rom.
Quote by Girvo
I've got a wicked tiny one that is ridiculously sensitive.



linke 
24/4/08 1:10:06 AM
Guru

Doesn't port triggering require a computer behind your router to make an outbound request, which then opens up an inbound port?

It's a dynamic thing, yes?

-----
If you're not part of the solution, you're part of the precipitate.

Master_Scythe 
24/4/08 9:48:34 AM
Titan

yeah after a search, that is the case.

hence why my PC hosting Warcraft3 works with trigering, but a server wouldnt.

forwarding it is. (or knocking... but fuck that lol)

-----
4200+X2 939, ASUS A8N-SLI-D, Ati HD3850, 1gb,1tb total HDD, 109 DVD, LG DVD-rom.
Quote by Girvo
I've got a wicked tiny one that is ridiculously sensitive.



SquallStrife 
24/4/08 1:42:20 PM
Titan

"then hoping it replies to something so you know what type of data the port wants?"

Most protocols will reply with something useful for a bit of garbage...

HTTP/1.1 400 Bad Request
Content-Type: text/html
Date: Thu, 24 Apr 2008 03:35:33 GMT
Connection: close
Content-Length: 35

220 *******ftp Microsoft FTP Service (Version 5.0).
500 'ASDASD': command not understood

220 ***s0023.apac.********.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1
830 ready at Thu, 24 Apr 2008 13:39:29 +1000
500 5.3.3 Unrecognized command

SSH-2.0-OpenSSH_3.8.1p1
Protocol mismatch.

And so on. All you have to do is hit an open port and send a few random bytes to see what lives there.

-----
Q6600 | 965P-DS3P | 8800GTS | XP x64 | Vista HP | OSX 10.5.2 QE/CI/Sound

http://retro.squallstrife.net

ShiroKage 
27/4/08 10:06:47 PM
Journeyman

back when i was a bit of a noob i had a hacker friend who was being a dick to me, he sent me over 1000 emails to me somehow in under a minute. my msn notifications were going mental and it actually crashed my computer.

interestingly, when the number of unread emails is over 999, it displays it as ":)".

-----

Master_Scythe 
15/5/08 11:38:28 AM
Titan

well thats easy to do.

just put a fuckload of commas in the send to field, or a flood-bot, or god there's a lot of ways.

well atm I just have my ports wide open. no PC's stay on except the server, which holds data I dont want lost, but isnt the end of the world if it is.

suppose that'll do.

I had to use windows too for the tuner card. and the chipset. MS won out in the end.

Im uncomfortable running it like that, but atm thats how it is.

-----
4200+X2 939, ASUS A8N-SLI-D, Ati HD3850, 1gb,1tb total HDD, 109 DVD, LG DVD-rom.
Quote by Girvo
I've got a wicked tiny one that is ridiculously sensitive.



bobbobson 
25/5/08 5:44:35 AM
Banned

My Linux teacher, and one of the head admins at my TAFE had a bit of fun with his computer, and leaving ports open.

Ends up a hacker got in there, and left him a bit of a challenge. They didn't do any damage, just had a bit of a look around, and then left a partition in front /boot so as his computer wouldn't boot

-----
Silverstone Sugo SG01, Asus P5KPL-VM, Q6600 @ 3.085ghz, 3870 HD 512mb 880mhz GPU clock 1050mhz RAM, DVB-T200A, 2x2GB PQI DDR2 800mhz @ 840mhz, Samsung 200gb 7200rpm SATA HD, Seagate 120gb 7200rpm HD, LG DVD-RW, Antec Neo Power 430w modular PSU. WANT: 4870

SquallStrife 
30/5/08 11:02:11 PM
Titan

I think you're getting to the stage where you just need to bite the bullet and build/buy a dedicated gateway box. Let your tuner be a tuner.

Sempron64 LE-1150 $37
Gigabyte GA-M61PME-S2 $59 <-- Realtek onboard NIC, usable in Linux
1GB Kingston DDR2-667 $26
10/100 PCI NIC $16 <-- Since you need 2 interfaces
2GB ADATA Compactflash $45 <-- Quiet!
CF to IDE adaptor $10

$193 if you BYO case and PSU. Under $200 for a more than capable router system!

All from Umart Milton except the CF-IDE adaptor, which is from ebay.


Edited by SquallStrife: 30/5/2008 11:07:00 PM

-----
Q6600 @ 3.6GHz | 8800GTS | XP x64 | Vista HP x64 | OSX 10.5.2

Quote by tantryl
Uwe Boll is to film as index680i is to anything technical or social.



Master_Scythe 
31/5/08 11:19:22 PM
Titan

Id love a gateway box, but its not needed. I only have 4 PC's my parents only have 1, and we have common blackouts.

just something else to worry about.

also man, this thread was made WELL before i built my littler server here.

Which is almost done configing.
:D

-----
4200+X2 939, ASUS A8N-SLI-D, Ati HD3850, 1gb,1tb total HDD, 109 DVD, LG DVD-rom.
Quote by Girvo
I've got a wicked tiny one that is ridiculously sensitive.



SquallStrife 
2/6/08 1:11:40 PM
Titan

I have a gateway box, and there's only my PC, wife's PC, and my SBS box. If I didn't already have a spare AthlonXP box, I'd have gone with the above rig.

Server? Did you make a thread on it? What's your layout now?

-----
Q6600 @ 3.6GHz | 8800GTS | XP x64 | Vista HP x64 | OSX 10.5.2

Quote by tantryl
Uwe Boll is to film as index680i is to anything technical or social.



segger 
15/6/08 10:29:35 PM
Champion

Quote by Master_Scythe
Question: has anyone here (on their home system, i know businesses can be targeted) been actually hacked?



If you define 'hacked' as 'compromised' or 'infected' (not necessarily through the targeted actions of an individual or group) then I'm sure the answer is yes. I haven't, that I'm aware of.

Im setting up a server which will run no-ip and an FTP server (i'll clearly run it on some odd port). How would people go about 'haxing me'


Scan a range of IP addresses on a range of ports.
Listen for responses on those ports.
Identify the likely service running on that port.
If possible, identify the software providing that service.
Attack known weaknesses in that software to gain access to the system.

Unless you're a high-profile individual or organisation or for some other reason attract the ire of technological miscreants, the likelihood of you being specifically targeted by any one cracker is fairly low.

What is more likely is you'll be one of endless hosts scanned, probed and sodomised by countless zombie machines at the will of their Chinese, Korean and Russian botnet masters.

Manually scanning and attempting to exploit a machine might seem like a big task for one person - just remember that the Internet is bigger than you are.

-----
Random spam subject #5:
Update your Penis

segger 
15/6/08 10:30:30 PM
Champion

Damn bumped threads. Damn slow moving forums and people (me) ignoring post dates.

-----
Random spam subject #5:
Update your Penis

mandalore 
24/6/08 5:24:54 PM
Banned
Quote by Master_Scythe
Question: has anyone here (on their home system, i know businesses can be targeted) been actually hacked?

Ive been probed, had to bounce back some packets, gotten the SQL virus that fits in one packet (genious whoever wrote that, but i dont run SQL server lol). But has anyones machine ever been cmopromised?

I know people who have upwards of 20 trojans active whos systems and passwords never seem to have been misused. I just dont get it.

MORE IMPORTANTLY!

Im setting up a server which will run no-ip and an FTP server (i'll clearly run it on some odd port). How would people go about 'haxing me'

wouldnt they need to: know my IP, scan the correct port, know what traffic it wants, crack\guess the password?




I've been hacked at school a couple of times. But I've shutdown the domain on which my school (and all other schools accross the state) operate. Never got caught for that.

They could quite easily find out your ip, (ie ping you) and run a port scanner to look for vulnerabilities. Establish a telnet connection (or something fancier if they wanted) to a vulnerable port and get in and start destroying stuff. Or they could overload your server with request so that you can't use it (a DoS aka Denial Of Service attack). That just scratches the surface of what can be done.

-----

  1  
Forums | Security