republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   News
newer
You pinged me you dog
Internet Paranoia
(old news - 03:06PM Sunday May 18 2003)
tags: security
As any ISP abuse department could probably tell you, in detail, the customer is NOT always right - especially when they are someone elses customer. They can also tell you: there sure are a lot of idiots out there. As any website who is forwarded email to the webhost abuse department can tell you, some people on the internet need to chill out.


My router's access control log shows pings on ports 21122 and 21378 from
the IP address 209.123.205.211. Can you please explain to me why?

Thank you,

Joe User
VA


Dear Joe User. Wow, you are some major control freak. Do you really chase down EVERY packet that your router logs? how long have you done this? do you ever get a any replies ("Dear Joe, I'm really REALLY sorry. A programmer mis-typed an IP on a command line, when we mis-type IPs in future, we'll make sure it is never yours. Will you accept my apology? sincerely, CNN.com webmaster"). But, seriously - your IP is an address on a busy street, for your sanity, you will need to cope with background noise, including drunks banging on the door at 3am, and ignore it.


blocked Incoming 16/Feb/2003 17:25:29 TCP ack packet attack TCP
209.123.205.211 80 localhost 1156 no owner
:
:


Dear Mysterious User. A customer of few words. You expect to cut and paste parts of your firewall log, taken from what I am sure is a high quality piece of software engineering for personal computers, and have us divine with psychic powers your IP address, whether or not you visited our website, and what your complaint really is (sorry "ack packet attack" does not mean anything to me).


I have noticed in my router NAT mappings over the past few days what
appears to be an ongoing port scan of my Internet IP address. At 11:24
EST on 03/19/03 this was coming from 209.123.205.210 to ports 1781 and 1782. I noticed it yesterday at port 1720 and it has
been slowly incrementing since; The IP address does change
periodically, sometimes coming from an IP range owned by level3.net
(whom I am also contacting);
If there is a legitimate reason for this, I would like to know what it is; I suspect however, that there is no legitimate reason for an on-going port scan and want it stopped; Please contact me ASAP with any additional information, or action taken.


Dear Suspicious. Yep, you got us! We're so determined to ascertain which ports you have not blocked, that we've got a team of hackers working day and night on a super secret "stealth scan" that we predict will reach port 65535 and produce its report shortly before the next presidential election. We're not sure what we're going to do with that information yet, we hope to have decided by then. But now your superior router and detective skills have un-masked the dastardly plot! Shucks.
Well we're always interested in hiring bright security people such as your good self to join our elite group of hackers, so please contact our HR department at your convenience.
PS: the person allocated to scan port 1781 has been fired, he obviously was not stealthy enough.


Hi,
I would like to lodge a complaint against one of your users who tried to hack into my PC. My firewall has recorded the following activity:

Date: 31-Aug-02 Time: 0:12:27
Rule "Default Block Backdoor/SubSeven Trojan horse" blocked (pc10-i1(x.x.x.x),27374).

Details:
Inbound TCP connection
Local address,service is (pc10-i1(x.x.x.x),27374)
Remote address,service is (x.x.x.x,2060)
Process name is "N/A"

This is a serious crime using Backdoor/Subseven Trojan horse.
x.x.x.x has valid reverse DNS of xxx.hkcable.com.hk

Please take action against your user.
Thanks,


Dear Confused. It is fascinating that you have identified a "serious crime" of someone "using" a trojan, but since the "sender" appears to have been identified by your undoubtably expensive and high quality personal firewall as someone other than our good selves, it is a complete mystery why you would be sending us email. Can I have the 5 minutes of my life I wasted reading and replying to this, back now?


In my view, no "home" firewall software should log anything other than total statistics unless its for debugging (in which case, you know what you're doing, and you won't bother anyones abuse department with emails and logs). There is simply no point. Nobody wants to break into your PC, no matter how fancy your rent vs buy excel spreadsheet is, they are simply not interested. Automated software may look for this years exploits in order to rope your PC into some boring packet attack network, but you're only going to lose hair trying to play detective on that. Throw away your logs, get a router, shut down outside access to your PC, and get on with life ... or I'll ping you from random IPs!

PS: From a followup comment from an ISP employee, needs no further comment:
"Personally I love aggregated reporting such as »www.mynetwatchman.com - it does the reporting for the individual so they're not wasting their time and it helps abuse depts keep volume down and action reports instead of wading through them."

Related:
  1. Uh, Mom? The Air Force Just Attacked Our PC
  2. T-Mobile Systems Hacked?
  3. Cyber-Attack On U.S. Larger Than Previously Believed
  4. Japanese Computer Scientists Crack WPA
  5. No, Obama Isn't Taking Over The Internets
  6. Comcast Employs New Botnet Alert System
  7. Time Warner Cable Security Flaw Exposes 65,000
  8. Hackable Time Warner Cable Modems Still Hackable?

Comments not shown - There are: 153 - Read


Thursday, 26-Nov 06:44:08 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.