FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Hacker attack





mathiaus
Well I was happy, minding my own business when the internet stopped working. I wasnt happy so started troubleshooting but everything was fine. I'll explain my setup. I have a router with modem, firewall, wap and switch. I'm connected to the switch and 2 other computers connected via wireless.
All the settign for the router are good. The SSID isn't broadcast, only 3 computers can connect to it at one time and the mac's have to be those of our 3 computers and use wep of course. This meant I was pretty sure nobody was hacking/cracking from our end. I checked the logs for the router and it was picking up a LOT of activity from the firewall

Quote:
2006-03-07T22:05:24+00:00 Hacker Attack TCP: From: 4.79.142.206:57747 To: <<MY IP>>:973

The range of ports he tried though was enormous and nearly every port was checked every second.

What I wanted to ask then ...
What is port 57747? Is it a common hacking port, a port used by a virus/software etc?
Another thing I wanted to ask was what I could do to stop this. Can I block certain IP's from the router or does that depend on the router? (WAG354G)

Thanks
Animal
If the router has a firewall, by default it will block access to the network from any internet sources unless you have specifically opened the port using port-forwarding etc.

Port 57747 is the port the hacker accessed your IP address from, it looks like it was going to port 973 at your end. After a quick Google on it, it looks as though port 973 is to do with Apache - do you host your own website on your network? If so, this is maybe something to be concerned about. If no, there is no need to worry.

I'm not sure if you can use the router to block certain IP addresses, but if you host a website or files on your network then you can use software to automatically reject any incoming comms from this IP address. That would be pretty pointless though, since any hacker who knows what he is doing would not use the same IP constantly - they would be more likely to use an anonymizing proxy.

I wouldn't worry about it too much - if it happens again, switch off the router or simply unplug it from the net connection for a minute or two. If it becomes a common occurrence, you might want to get onto your ISP and ask them to reassign your IP address.
mathiaus
I checked all my ports on grc and their all in stealth mode.

Yes I do have apache but only to test, it's not open to the public at all. He (possibly she?) was also trying other ports though. I have pages from the log file, that was just an example.

I'm not really worried. He clearly couldn't get through it's just I could barely connect to the internet for a good while when I needed to. More annoyed I think!
mwm
Port scans are so common. I am surprised you dont see this all the time. They pick and ip range and a port range and start sniffing. If they find a hole they may exploit it then or log it for use at another time.

Keep the firewall locked up tight. If you have no servers or services on the inside that need to be accessed from the outside, keep al lports closed. Allow only services you have asked for to come through your firewall.

-mwm
aleksandarp
You can install some firewall program like WebrootDesktop firewall, Zone alarm. Also you can find firewall programs on Kaspersky official website or Symantec. I think that installing anti virus program will not help you.
SoftStag
aleksandarp wrote:
You can install some firewall program like WebrootDesktop firewall, Zone alarm. Also you can find firewall programs on Kaspersky official website or Symantec. I think that installing anti virus program will not help you.

There is no need to install a personal firewall. The router's hardware firewall is doing it's job. The problem is this is effectively a DoS attack and preventing the internet connection functioning as normal during these port scans. Unfortunately there is little you can do about it.
hack_man_
I have the same wireless router!

I get that from time to time from my ISP (Etisalat), their stupid proxy is paranoid not only about websites with "dubious" content, but about anyone hosting their own hosting server, e-mail, Skype, etc. basically anything that competes with them. They are a govt owned company and curently the biggest telco/isp in the UAE apart from a couple of minor telco/isp companies for some of the big developments out here.

Sometimes ISP's scan every IP in their database for people trying to compete against them; if they find anyone, they block them! Their internet, wireless, phone, mobile, etc.

If you go against them, they don't just leave you to it and see it as not any competion, instead they take out your knees! STOP THE MONOPOLY! Very Happy
Clash
Sometimes what you can do is reverse the attack, start pinging their ip address and doing whois and tracert. They usually disappear when they get pinged a few times Very Happy
hack_man_
Yeah, ping them and do a whois search!

mathiaus wrote:
4.79.142.206:57747


So when something gets pinged, their firewall sees it as a TCP Hacking Attack?

Oh dear... I ping people, lots!
Clash
hack_man_ wrote:
Yeah, ping them and do a whois search!

mathiaus wrote:
4.79.142.206:57747


So when something gets pinged, their firewall sees it as a TCP Hacking Attack?

Oh dear... I ping people, lots!
Well it is a hacking attack. Ping a load of IP's and see which ones are up, then start probing ports until you find one open. The essence of hacking Razz
hack_man_
Clash wrote:
Well it is a hacking attack. Ping a load of IP's and see which ones are up, then start probing ports until you find one open. The essence of hacking Razz


I ping things like websites because i get asked to do "hacking" to find out the owners of servers and websites. But once you have found an open port, what use is it?
rex123
hack_man_ wrote:
Clash wrote:
Well it is a hacking attack. Ping a load of IP's and see which ones are up, then start probing ports until you find one open. The essence of hacking :P


I ping things like websites because i get asked to do "hacking" to find out the owners of servers and websites. But once you have found an open port, what use is it?


ping isn't exactly a hacking tool. It's a tool to discover whether a particular host is on the network, in the simplest way possible.

But if you wanted to break into a random machine on the web, you would probably ping it first. Then probe ports, which is a different thing, and much more likely to raise firewall alarms. Then, once you've found the open port(s), find out what software is running, find exploits for it, and try them out. Doing that would certainly be classed as hacking.

But ping, traceroute, reverse dns tools, and whois lookups aren't hacking - they're normal investigative procedures.
matrix07
HEY YOU HAVE TO INSTALL THE LATEST VERSION OF ZONE ALARM AND IF U DONT HAVE ZONE ALARM U HAVE INSTALL WINDOWS SERVICE PACK 2 FOR WIN XP AFTER INSTALLING KEEP URE FIREWALL OPTION ALWAYS"ON"THAT WILL PREVENT U FROM HACKERS!!!!
mathiaus
Hi

Well thanks for all the replies everyone, although I don't think the first posters really understood what I was asking. My personal security is very tight. The hacker didn't manage to do anything as he couldn't get through my router as all posrts are closed and in stealth mode etc etc. I don't need tips on which firewall to install but what I can do stop someone doing this as the router could barely manage with this attack so I was unable to access the internet.
Other than pinging or tracert'ing the IP recorded though it doesn't seem like I can do much else.

closing before people start sharing hacking tips (real ones Twisted Evil )
-close-
Related topics
Google Hacked?
MS Accepts Korean Site Attack
can a virus cause unrecoverable damage to HD?
[OFFICIAL] What are you currently reading?
Top Chinese General Warns US Over Attack
If WWII had been an online Real Time Strategy Game
THE BEST HACKER??
Plan of attack mod (Beta 4 Release Plans) (56k warning)
can my paypal account be hacked?
lost images - resolved
Worlds worst hacker
PR 3 Directory - Free Submission post your site here.
How to Make my Custom phpBB Login on Safe
Compromised WordPress blogs used in DDoS attack
This topic is locked: you cannot edit posts or make replies.    Frihost Forum Index -> Computers -> Computer Problems and Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.