Jump to content

They're definitely at it


gmac
 Share

Recommended Posts

"ZoneAlarm blocked what was most likely a port scan by a remote computer trying to find out if you are using Windows 2000. By default, Windows 2000 assigns port 445 to them SMB (Server Message Block) protocol which is used to share files, printers, and other services. ZoneAlarm prevented the computer at 218.102.196.62 from being able to see or access your files or printers, or to know what your computer name is."

 

I recently installed a firewall on my computer, at least in he windows half of it. I never fully appreciated how often my computer was scanned, during the course of one e-mail send there were 29 attempts. The message above occurs several times. Maybe it means someone will offer me windows 2000 for free. Actually I thought that was now superceded by XP.

 

Its taking me a while to get the hang of Mandrake but the more I see things like that the more the effort seems worthwhile.

 

"ZoneAlarm prevented a remote computer from connecting to port 139 on your computer. This connection attempt was probably legitimate network traffic. Port 139 is commonly used by networked Windows computers to enable file sharing and other resource sharing."

 

The most recent of 5 such attempts while I have been typing this. My computer is not networked by the way. I could start believing in conspiracy theories. On second thoughts seeing the above its not a theory is it?

 

How secure is mandrakesoft? I would buy from them but I am incredibly loathe to put credit card details on the internet, even more so now. I can't believe how often it happens. two more now.

Link to comment
Share on other sites

You might want to take into account your ISP, my ISP Telewest broadand, scans or checks for activity on my computer every 30 seconds or so.

Link to comment
Share on other sites

the IP you posted appears to belong to and address block owned by a company in Hong Kong.

 

information reported by the APNIC whois database:

inetnum:      218.102.0.0 - 218.103.255.255

netname:      NETVIGATOR

descr:        PCCW Limited

descr:        PO Box 9896 GPO Hong Kong

country:      HK

admin-c:      NA45-AP

tech-c:       NA45-AP

mnt-by:       APNIC-HM

mnt-lower:    MAINT-HK-IMS-CS

remarks:      replacement of old objects

changed:      hm-change@apnic.net 20020912

status:       ALLOCATED PORTABLE

source:       APNIC

 

role:         NETVIGATOR ADMINISTRATORS

address:      PO Box 9896 GPO

address:      Hong Kong

e-mail:       pmaster@netvigator.com

admin-c:      DK129-AP

admin-c:      WC109-AP

admin-c:      JW276-AP

tech-c:       DK129-AP

tech-c:       WC109-AP

tech-c:       JW276-AP

nic-hdl:      NA45-AP

mnt-by:       MAINT-HK-IMS

changed:      wilson.cheung@pccw.com 20020815

source:       APNIC

Link to comment
Share on other sites

Anon. I use telewest as well. I know they do that but I didn't realise it was quite so often. This could explain why I have been cut off without warning recently, I shall investigate.

 

I am currently being bombarded by some very strange e-mails and my virus checker has stopped a couple of viruses as well, hence the interest in the firewall.

 

I need to get to grips with Mandrake. Ideally I would prefer to sit and work through a manual step by step till I am familiar with it. I lack the patience to spend hours experimenting and trawling through the computer based manuals.

 

Any suggestion as to what would be a good one to buy? Most of the ones I have seen seem to be little help with Mandrake. I am not knowledeable enough to be able to extrapolate from the general to the specific, if you get my drift. My issues are pretty basic like how do I get the cd and cd burner burner working. I can get the floppy disc but not the cd and haven't yet worked out if it is me or the hardware at fault i.e I just am not mounting it correctly or I have a cd that in incompatable with mandrake.

 

Tyme. I'm impressed. I wouldn't have the foggiest idea how to track that down. Pccw looks familiar in that I have seen it appear a couple of times. I am being bombarded with adverts for yoghurt and web sites that are related in nature. I assumed most of them were american in origin. I wonder what kind of respense they get.

Link to comment
Share on other sites

 

How secure is mandrakesoft? I would buy from them but I am incredibly loathe to put credit card details on the internet, even more so now. I can't believe how often it happens. two more now.

This is not a real in depth scan, its a basic scan from the gibsons "shieldsup" site, but might give you a clue to Mandrakes security on a standard install, with security set to medium. No additional firewall apps installed.

Port	

Service  

Status  Security Implications



21  

FTP  

Stealth!  There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!



23  

Telnet  

Stealth!  There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!



25  

SMTP  

Stealth!  There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!



79  

Finger  

Stealth!  There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!



80  

HTTP  

Stealth!  There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!



110  

POP3  

Stealth!  There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!



113  

IDENT  

Closed  Your computer has responded that this port exists but is currently closed to connections.



135  

RPC  

Stealth!  There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!



139  

Net

BIOS  

Stealth!  There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!



143  

IMAP  

Stealth!  There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!



443  

HTTPS  

Stealth!  There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!



445  

MSFT

DS  

Stealth!  There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!



5000  

UPnP  

Stealth!  There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address![/quote]

Link to comment
Share on other sites

Mandrake/Linux is as secure as you want it to be. If you run it at the minimum security level with no firewall then thats your fault. Mandrake has security controls, which by default do quite a good job. It also comes with a tool for setting up a basic firewall. If your worried about being hacked use the supplied tools.

Link to comment
Share on other sites

There are quite a few internet sites where you can type in an ip address and trace it back. Just do a search for IP Lookup. Whois is a good one.

 

When I first installed ZoneAlarm in Windows I was shocked too. My ISP does ping me regularly but zonealarm blocked them and I've never had a problem caused by that. The one's that really bother me are the messages that such and such program is trying to access the internet and do I want to allow them or not. Nine times out of ten it's a M$ program. I don't use IE, I use Opera, and I don't allow any M$ programs to access the net. I'm really stubborn that way!

Link to comment
Share on other sites

If you like too. you can make another group for acces to an encrypted filesystem and add the group to you and if you want encrypt it with pgp.....

installing the firewall also helps, but normally if the acces right off the file only allows you to read the file, it should be safe already...chmod 700 <pathToFile>

Link to comment
Share on other sites

Well, yeah, but root kits get you in as root, meaning the file's perms do no good. There is no substitute for a good firewall. My personal favorite is Guarddog because it's relatively easy and very effective.

 

(mods - shouldn't this be in security?)

Link to comment
Share on other sites

This is not a real in depth scan, its a basic scan from the gibsons "shieldsup" site, but might give you a clue to Mandrakes security on a standard install, with security set to medium. No additional firewall apps installed.

 

That's weird I've tried the same scan before on a fresh install on "msec level 3" and my ports were reported as "closed". I guess it probably has to do with the fact that I installed iptables, (just so I could set up the firewall later), but didn't specify any rules yet so everything was on "ACCEPT"

 

gmac - BTW alot of the scans that you are getting aren't malicious. I drop lots of packets from sites I'm browsing or using various programs. I drop stuff from this site and places like justlinux.com or slashdot all the time. My firewall rulesets are tight and various extraneous packets just get dropped for one reason or another. The same thing happens when I'm using windows. Also if you have a dynamic IP addy you sometimes will get traffic your way that was meant for the person who previously had that addy. I've seen things like packets meant for Kazaa, Yahoo Messenger, and Gnutella flooding in and dropped when I dial in and get someones old IP. Of course I imagine that there's just as many scans that are malicious smacking up against your firewall. If you're still using Windows I'd recommend checking out Oupost Firewall instead of ZoneAlarm as it's very customizable and you can set up each and every application according to what ports, hosts, and directions are allowed for all internet traffic.

Link to comment
Share on other sites

"If you're still using Windows I'd recommend checking out Oupost Firewall instead of ZoneAlarm as it's very customizable and you can set up each and every application according to what ports, hosts, and directions are allowed for all internet traffic."

 

Sadly I'm stuck with windows in the short term until a) I get a comparable printer b) get my head round linux properly. c) learn how to use wine etc. Right now I,m trying to get my cd working. Do you remember what it was like having basic problems like that?

 

I am that rare commodity a genuine newbie, not only to linux but to computing generally.

 

At the moment I'm not even sure I know what the firewall is doing. It was a free download and firewalls are just one area I am going to have to master. :( Thanks for the tip but I need to get familiar with this one before I spread my wings.

Link to comment
Share on other sites

Newbie to computing generally? Excellent - it'll be easier to learn linux without the baggage of windows - you would have had to "unlearn what you had learned".

 

What will you need wine for? Just curious. Look in Tips and tricks for software equivalents, you may be surprised to find how many linux-native apps do what you thought you needed a windows app for.

 

Back to the topic at hand: For windows I like Norton Internet Security. It's done a smash up job of finding/blocking trojans, allowing me to customize it pretty well, and so on. Good ol' kazaa :) Speaking of which - is gIFT down and out? It was the only linux app for the fasttrack network (kazaa) that I knew about... Gnutella doesn't find as many files.

Link to comment
Share on other sites

What will you need wine for?

 

I work from home and will be doing more so inthe future. I have to use some packages that are made for windows only, hence either dual boot which i have or find some method of accessing them. More and more stuff in internet based so this may be less of an issue in future. I also have to contend with web sites that only support internet explorer. I'm sure I can work round this but not yet. I will also be keeping confidential information that I need to protect. I don't at the moment but thats why I'm footering about with firewalls.

 

Basically I've gone over the last four years from no computer to the point where I need to control a full blown data management system, use the internet to download and pass on information. The security aspect is a legal requirement that i need to meet..

 

I can either

1) pay someone else to do it. Frankly I am underwhelmed by a lot of "computer consultants". The number that haven't heard of linux is surprising. You might not use it but surely you keep up to date with your own industry.

2) master windows. xp etc

3) spend time learning linux.

 

I'm doing 3. sometimes I wish i hadn't started. but compared to windows linux is breathtaking. I like to know whats going on otherwise its a bit like buying a car and not asking about the engine. Actually I now know some computer consultants that work with linux and pursue 1 but thats no fun.

Link to comment
Share on other sites

  • 4 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...