| Pages: 1 2 3 4 :: [one page] |
|
|
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
7shining7one7
Quafe Paladins
   |
Posted - 2007.09.05 20:21:00 -
[1]
I love this game, it's great, and the people in it, for better or for worse, i'm sticking around and having fun with all of ya :)
Now.. i love to get to know people, and people also loves getting to know me.
It seems however, that there might be a person that is a little bit too eager to get to know me and who i am, and it might be someone from in here, which is why i post this.
yesturday, i was playing around with various stuff, having fun as i usually do. when i'm in front of the computer, at that point i didn't have my firewall on. at approximately 11 pm my time, i got logged out of my computer whereafter my password failed 5 times, i reacted quickly and pulled out the cable and got the message that there were other computers connected to this, that might loose data if i shut it down.
Only thing is, this is the only computer that i currently have hooked up to the internet, straight to the modem. as a precautionary meassure when playing with stuff.
So i ran some scans, spyware malware, scanned for rootkits viruses trojans etc. as anyone would. i changed all my passwords and found to my luck that all was well and no keylogger or such was there.
i also noticed the bugger had enabled remote support, he got in through a port i had accidently left open after playing with some network stuff.
So.. next day.. which is today.. i had all the usual programs up and running, now from approximately 4 pm to 10 pm my time, there were over 1900 attempts on the same port (the port i had just closed as a result).
first of all, no program tries the same port for 4 hours, and definately not 1900 times, normal programs fail and give up after certain amount of tries. secondly no registered program uses the port that it was trying to use.
so as my firewall program was happily blocking and logging i was taking screenshots all along, doing traceroute on some of the ip's. The ip's changed a lot but there were some redundant ones, that will be investigated (more on this in a little bit). ping resulted in timeout, but traceroute went through fine. he was most likely employing an ip spoofer in tandem with a connection program.
he got through yesturday by portscanning me and finding a port open, and as i had a shared folder and no firewall up those who know anything about hacking knows how easy it is from there.
now despite lucking out yesturday, the poor sap thought he'd give it a shot for no less than 4 hours today, apparently he doesn't see the logic in his attempt being logged the 2nd time, after it was clear what he was trying to do yesturday.
now.. i'm all for getting to know one another and having fun.. but i'm really getting bored with this rather quickly. so what i'm going to say is this. 1. i have evidence. 2. in my country the isp can be involved and trace you out in coordination with other isp's if there is sufficient evidence to constitute suspicion of intrusion attempts. 3. ip spoofer will not help once the isp's get involved in tracing you, then it's pretty much over.
so.. i'll do some looking up myself of the huge log i got and the authorities will do the same, and i sincerely hope it's not someone from in here.
now.. i know some of you do meta gaming like this. i know the mittani does.. and others he employs, and i'm not pointing any fingers.. but i have seen several in here that were suprised to see chatlogs surface that were only on their computer, and posted by alts, knowing that this could only have been found through hacking his computer.
so.. meta gamers and those who attempt it without any concent, or script kiddie newbie hacking with maliscious intent, will not be tolerated and should not. whoever it is that did this, say goodbye to your "hacking career".. and no, there's no company that'll save u and come give u a job cause ur such a "nber cool guy"..
have a nice day
7
|
Jimer Lins
Gallente
Sanctuary
|
Posted - 2007.09.05 20:25:00 -
[2]
Prediction: This will be epic.
SEARCh- we find sites for you! |
Laura Steel
Minmatar
Independent Interspace Industiers
Fallout Project
|
Posted - 2007.09.05 20:25:00 -
[3]
Well..
goodjob in taking control of the situation :)
----
Darn exclamation mark! I have brown hair, green eyes and a nice tan :) |
Tarminic
Black Flame Industries
|
Posted - 2007.09.05 20:32:00 -
[4]
Yikes, good thing you caught the attack when you did! I hope you catch the guy that did it.
Until now I forgot that chat logs are recorded by EVE. Makes me glad that I usually keep my computer locked up fairly well, and also glad that I don't do anything especially important either.
------------
Whiners - Unite! | Posting and You
Tarminic - Forum Warfare Specialist. |
Major Stallion
Four Rings
D-L
|
Posted - 2007.09.05 20:32:00 -
[5]
reading your post got me concerned about open ports on my own end....how do i know if i have open ports on my computer? (i know its probably a total noob question...
________________________________
High Sec PvP
 Originally by: "Wylker"
CCP has finally mastered stupidity
|
Illyria Ambri
RennTech
|
Posted - 2007.09.05 20:33:00 -
[6]
See what happens when you leave your ports open.. you get sailors in them
------------
This is not War... This is pest control - Dalek Sek
Here come the Drums!! - The Master |
SengH
Black Omega Security
Pandemic Legion
|
Posted - 2007.09.05 20:35:00 -
[7]
Originally by: 7shining7one7
Only thing is, this is the only computer that i currently have hooked up to the internet, straight to the modem. as a precautionary meassure when playing with stuff.
Thats your problem right there.... are you insane? It probably has nothing to do with eve to begin with...
|
Tarminic
Black Flame Industries
|
Posted - 2007.09.05 20:35:00 -
[8]
Originally by: Major Stallion
reading your post got me concerned about open ports on my own end....how do i know if i have open ports on my computer? (i know its probably a total noob question...
There are cute little programs that script kiddies and n00b hackers use called Port Scanners - download one and have it scan your own IP address, it will give you a list of ports that respond.
------------
Whiners - Unite! | Posting and You
Tarminic - Forum Warfare Specialist. |
Major Stallion
Four Rings
D-L
|
Posted - 2007.09.05 20:39:00 -
[9]
Originally by: Tarminic
Originally by: Major Stallion
reading your post got me concerned about open ports on my own end....how do i know if i have open ports on my computer? (i know its probably a total noob question...
There are cute little programs that script kiddies and n00b hackers use called Port Scanners - download one and have it scan your own IP address, it will give you a list of ports that respond.
and the ones that respond are the open ones....im assuming you close them via your router? =/ im good with computers, but absolute crap with anything related to networking.
________________________________
High Sec PvP
Originally by: "Wylker"
CCP has finally mastered stupidity
|
XiticiX
Gallente
Kudzu Collective
Knights Of the Southerncross
|
Posted - 2007.09.05 20:40:00 -
[10]
Analysis: This is a random event, nothing to do with EvE. He was not 'hacking' - rather, running a script looking for open ports. The script found one, logged it as avaliable, and kept trying because that's what scripts do. The 'hacker' was probably sleeping or out to dinner while it did its stuff. If he was clever he would have routed his attack through previously 'hacked' computers, making an ISP's life extremely difficult. No ISP in the world will follow the trail through 8 different machines, 7 of which they don't own, nor provide service for. The authorities will stop their investigation at your ISP.
Prediction: nothing at all will come of this. Keep blocking the port intrusion attempts.
~~~
This is my sig. Do you like it?
~~~ |
|
|
Big Pick
Caldari
Task Force Ranger
|
Posted - 2007.09.05 20:41:00 -
[11]
Agreed. You gotta run an intermediary firewall man. Its probably not even a script kiddie. The overwhelming majority of the logged intrusion attempts on my company's network are automated bot nets. Almost all of those are intended as e-mail spam bots.
It can be something as simple as a cheap NAT router or as advanced as a FreeBSD firewall that runs Snort or some other intrusion detection system like we use. But you have to really protect your network.
=====The Devs stole my sig, so they should make me a new one.===== |
Abbadon
Caldari
Pukin' Dogs
D0GMA
|
Posted - 2007.09.05 20:43:00 -
[12]
Edited by: Abbadon on 05/09/2007 20:45:04
Edited by: Abbadon on 05/09/2007 20:43:42
Originally by: Major Stallion
reading your post got me concerned about open ports on my own end....how do i know if i have open ports on my computer? (i know its probably a total noob question...
One of the fastest and easiest ways is to go here Gibson Research and run the ShieldsUP! scan.
There is also a list of other very useful hints/tips/apps etc
.
|
Tarminic
Black Flame Industries
|
Posted - 2007.09.05 20:45:00 -
[13]
Originally by: Major Stallion
Originally by: Tarminic
Originally by: Major Stallion
reading your post got me concerned about open ports on my own end....how do i know if i have open ports on my computer? (i know its probably a total noob question...
There are cute little programs that script kiddies and n00b hackers use called Port Scanners - download one and have it scan your own IP address, it will give you a list of ports that respond.
and the ones that respond are the open ones....im assuming you close them via your router? =/ im good with computers, but absolute crap with anything related to networking.
It varies depending on the type and sophistication of your router, but generally yes. Some you'd want to leave open for diagnostic purposes (ping, for example). You should also be able to close ports through your firewall software as well.
Take this with a grain of salt though, it's been a year or two since I did any serious networking work.
------------
Whiners - Unite! | Posting and You
Tarminic - Forum Warfare Specialist. |
Frug
Zenithal Harvest
|
Posted - 2007.09.05 20:45:00 -
[14]
Originally by: XiticiX
Analysis: This is a random event, nothing to do with EvE. He was not 'hacking' - rather, running a script looking for open ports. The script found one, logged it as avaliable, and kept trying because that's what scripts do. The 'hacker' was probably sleeping or out to dinner while it did its stuff. If he was clever he would have routed his attack through previously 'hacked' computers, making an ISP's life extremely difficult. No ISP in the world will follow the trail through 8 different machines, 7 of which they don't own, nor provide service for. The authorities will stop their investigation at your ISP.
Prediction: nothing at all will come of this. Keep blocking the port intrusion attempts.
This man is right.
You're on the internets. It's full of haxxorz trying to pwn ur computorz. It's got nothing to do with eve, but I like how you tossed mittani's name in there.
- - - - - - - - - Do not use dotted lines - - - - - - -
If you think I'm awesome, say BOOO
BOOO!! - Ductoris
Neat look what I found - Kreul
Hey, my marbles |
7shining7one7
Quafe Paladins
|
Posted - 2007.09.05 20:45:00 -
[15]
Originally by: XiticiX
Analysis: This is a random event, nothing to do with EvE. He was not 'hacking' - rather, running a script looking for open ports. The script found one, logged it as avaliable, and kept trying because that's what scripts do. The 'hacker' was probably sleeping or out to dinner while it did its stuff. If he was clever he would have routed his attack through previously 'hacked' computers, making an ISP's life extremely difficult. No ISP in the world will follow the trail through 8 different machines, 7 of which they don't own, nor provide service for. The authorities will stop their investigation at your ISP.
Prediction: nothing at all will come of this. Keep blocking the port intrusion attempts.
he logged me out and attempted to change password.
granted it might have nothign to do with eve, but i've been on some teamspeak servers, (and granted i could have used an ip spoofer when i did that, it's allways easy to be smart after the fact.) and other stuff that might have given away my ip. and as i write, i write this post in case it is someone from in here, and as an encouragement to the entire community not to take metagaming to this level (i've seen such thigns mentioned here before, it's not a new thing), cause it has dire consequences. it's the equivalent of breaking into somebody's home and prying around in their stuff potentially breaking stuff or stealing something that does not belong to you. it's not just "ok" cause it's on the "computer".. hacking is not "a game".
just a little heads up.
|
SengH
Black Omega Security
Pandemic Legion
|
Posted - 2007.09.05 20:55:00 -
[16]
Originally by: 7shining7one7
Edited by: 7shining7one7 on 05/09/2007 20:53:56
Originally by: XiticiX
Analysis: This is a random event, nothing to do with EvE. He was not 'hacking' - rather, running a script looking for open ports. The script found one, logged it as avaliable, and kept trying because that's what scripts do. The 'hacker' was probably sleeping or out to dinner while it did its stuff. If he was clever he would have routed his attack through previously 'hacked' computers, making an ISP's life extremely difficult. No ISP in the world will follow the trail through 8 different machines, 7 of which they don't own, nor provide service for. The authorities will stop their investigation at your ISP.
Prediction: nothing at all will come of this. Keep blocking the port intrusion attempts.
he logged me out and attempted to change password.
i threw the mittani's name in here cause of the article here where it seems obvious that he might be morally capable (or crippled, matter of oppinion i suppose) to take metagaming to such a level. part of the article is an associate of the mittani verifying and cross referencing ip and phone number of the interviewer. and i am not pointing any fingers as i said.. i just brought him and his associates up as an example of heavy meta gaming.
granted it might have nothign to do with eve, but i've been on some teamspeak servers, (and granted i could have used an ip spoofer when i did that, it's allways easy to be smart after the fact.) and other stuff that might have given away my ip. and as i write, i write this post in case it is someone from in here, and as an encouragement to the entire community not to take metagaming to this level (i've seen such thigns mentioned here before, it's not a new thing), cause it has dire consequences. it's the equivalent of breaking into somebody's home and prying around in their stuff potentially breaking stuff or stealing something that does not belong to you. it's not just "ok" cause it's on the "computer".. hacking is not "a game".
just a little heads up.
what rock have you been under its already been done.... its how the T20 thing was uncovered...
|
SchirmerN
Amarr
Danish Arms Association
|
Posted - 2007.09.05 20:55:00 -
[17]
Edited by: SchirmerN on 05/09/2007 20:56:06
A blind chicken could get into your pc, if you turn your firewall off. duh
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.05 21:03:00 -
[18]
Edited by: 7shining7one7 on 05/09/2007 21:05:06
it's a funny coincidence however, that 10 minutes after i wrote the post, the 4-5 hour onslaught with over 1900 attemps went to a complete standstill..
might be a coincidence, i just find it rather amusing still...
so again, it might have nothign to do with eve, just thought i'd bring up the whole meta gaming thing along with my own experience, to get people to think about making themselves safe at all times, and don't let your guard down just to experiment a little bit, and also to give people a chance to reconsider if they really want to take metagaming to a level like that.
have a nice evening :)
update: i'm still laughing 
|
DavidBowiesNippleAntenna
GoonFleet
GoonSwarm
|
Posted - 2007.09.05 21:08:00 -
[19]
looks like you caught "The Mittani" red handed trying to infiltrate the Quafe Paladins, clearly a high priority target. I'm glad to hear you're safe 7shining7one7 and I hope you repel all future internet invaders.
|
Play Thing
|
Posted - 2007.09.05 21:11:00 -
[20]
Hmmmmm
"Acquired" Laptop + Wireless + idiot users with no security on wireless router = trace with your isp until your blue in the face.
I have become the formless.
|
|
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.05 21:12:00 -
[21]
Edited by: 7shining7one7 on 05/09/2007 21:15:22
rofl, i'm quite sure that was not the purpose with it tho (otherwise someone needs to check their intel), might just have been an effort to get to know more about who i am in general.. but thanks for the funny comment
i don't use wireless, definately.. definately.. not an idiot, (yes i know about wireless hacking and such *hint* pringles can *hint*, and i've played around with some friends with concent to test stuff out for fun.
as for the hopelessness.. the traceroutes went through fine, so that narrows it down substantially.
oh btw. post with your main :) (ya, i like that too)
|
JoDirt
Minmatar
Tides of Silence
Hydra Alliance
|
Posted - 2007.09.05 21:28:00 -
[22]
You should install a hardware firewall and NAT your IP Address. This will implicitly deny all inbound traffic. Only traffic orginating from your network will be allowed the return trip. oh and pm me the ip address scanning you if you like, wouldn't mind having a looksy.  |
Gwoden
Gallente
Exa Utopia
Exa Nation
|
Posted - 2007.09.05 21:31:00 -
[23]
Everyday... every minute.. millions upon millions of IP addresses are being scanned by other infected systems. This is nothing new.
What you are experiencing is what we call the interet. Welcome. Now get behind a router/firewall before your PC gets killed.
My opinion is that this is all just one big coincidence. This has nothing to do with eve, or the playerbase. Your system IP has been added to a hacker "hot list". A list of IP addresses with open ports, placed backdoors, or easy passwords. Unfortunately your IP will undergo many, many scanns for many months until it is eventually removed. Maybe. Best bet is to contact your ISP and request that they give you a new external IP address. And then format your PC. Yep... for-mat. Change all passwords. And start over.
After this, always connect your PC to the internet, behind a hardware firewall. Then turn on your software firewall. :) Have up to date anti virus, and an up to date OS. Preferably layer your vendor protection. Software firewall by Norton, and anti-virus by McAfee. The more "layers" a hacker has to pass through, the more frustrating it is for them ;) After a while the time to ***** versus benefit is no longer in their favor.
As for going after these people. Unfortunately the hacker rule #1 is that any open port is an open invitation or people to access it. If they login to your system and you have a banner/message that says "only authorized access allowed. If you are not authorized, you must disconnect." (or something close) then you can prosecute. If you do not have a message/banner, once again this will fall back on the rule of "you have the port open, you are giving people the right to access it.". Then you cannot prosecute.
Sorry to hear of your troubles, and i hope this information helps you.
_______________________________________________
There is no "I can't" only "I will". |
Zenst
Gallente
Reikoku
Band of Brothers
|
Posted - 2007.09.05 21:46:00 -
[24]
As a rule never connect a PC directly to the net when you can port forward and do with other means as well as a firewall.
Fact - installing windows XP from scratch and patching from windows update straight away will by the time you get fully patched up already have left your box exposed and vulnable for nearly an hour. In that time there will be many attempts due to botnets and scriptkiddies. The various different IP's and duration would indicate that to some extent is what you got. Even having automation driven port scans after several nodes rport unsucceful back to the controlling nodes to restablish root.
I do however strongly reccomend having a seperate install/partition of XP just for games. This means you can do all that jazz in a install tuned for that without extra registry and dll bloat distracting from performance. Then have dedicated internet banking/business stuff. VMware is a wonderful tool btw in that you realy dont need a fast system for internet banking and having using that or another free version works well from a security aspect.
Also check sheilds up remote port scan on this site GRC Sheilds up . Its not the best but it does do the job and thats all you can ever ask.
Also not there is never any reason whatsoever to have your PC plugged directly onto the internet, NAT or firewall and/or port redirection. Generaly as a rule deny everything and allow by exception and then you can ignore all the bots. Though do keep patched up as whilst your patched up today there will be a vulnability tomorrow and thats one released at a public level. Zero day expliots whilst not exactly years until known thesedays do happen, albeit mostly days or weeks. But still there are the odd ones that do get a long shelf life.
Remember putting a PC directly onto the internet is like driving a bicycle on a busy motorway.
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.05 21:53:00 -
[25]
Originally by: Gwoden
Everyday... every minute.. millions upon millions of IP addresses are being scanned by other infected systems. This is nothing new.
What you are experiencing is what we call the interet. Welcome. Now get behind a router/firewall before your PC gets killed.
My opinion is that this is all just one big coincidence. This has nothing to do with eve, or the playerbase. Your system IP has been added to a hacker "hot list". A list of IP addresses with open ports, placed backdoors, or easy passwords. Unfortunately your IP will undergo many, many scanns for many months until it is eventually removed. Maybe. Best bet is to contact your ISP and request that they give you a new external IP address. And then format your PC. Yep... for-mat. Change all passwords. And start over.
After this, always connect your PC to the internet, behind a hardware firewall. Then turn on your software firewall. :) Have up to date anti virus, and an up to date OS. Preferably layer your vendor protection. Software firewall by Norton, and anti-virus by McAfee. The more "layers" a hacker has to pass through, the more frustrating it is for them ;) After a while the time to ***** versus benefit is no longer in their favor.
As for going after these people. Unfortunately the hacker rule #1 is that any open port is an open invitation or people to access it. If they login to your system and you have a banner/message that says "only authorized access allowed. If you are not authorized, you must disconnect." (or something close) then you can prosecute. If you do not have a message/banner, once again this will fall back on the rule of "you have the port open, you are giving people the right to access it.". Then you cannot prosecute.
Sorry to hear of your troubles, and i hope this information helps you.
hehe thanks, but i have rootkit, malware, spyware, trojan scanner firewall and a router with nat, i was just experimenting with some network stuff s all..
as for the prosecute or not prosecute: "you have the port open...." i didn't and it was attempted for 5 hours. so that's what that is.
and yes unless the person has some way of coming in contact with me and so we can have a talk about it, then the hunter has become the hunted as far as i'm concerned. But that offer won't stand forever offcourse. If someone tries to break into your property with success or not, you wouldn't take it lightly either.
also let's differentiate between true hackers who actually are nice very intelligent people who seek to find exploits and inform corporations about them and make a living as such, and concentually hacking various systems in order to accomplish this..
and script kiddies, *****ers etc. who are maliscious, many times sociopathic semi adults who wants to make a reputation for themselves by messing stuff up, thus creating maliscious scripts, trojans and viruses, hoping they will somehow get employed for being such an "nber cool guy".
i like to keep those two terms very separate.
jodirt, that can be arranged np :) it's allways nice to have justice on your side, morally and lawfully speaking. and the more the merrier.
|
Gnulpie
Minmatar
Miner Tech
|
Posted - 2007.09.05 22:27:00 -
[26]
OMG!
You got attacked by some scripter and you seem to have good control over the situation, grats to that.
But what the *** makes you believe that this has ANYTHING to do with Eve??? Honestly, if your first thought after you got attacked is that it might be something Eve-related then I seriously suggest that you should take a step away from Eve for a while...
|
Zombie Network
GoonFleet
|
Posted - 2007.09.05 22:33:00 -
[27]
1989 just called, they want their breaking news back!
|
SiJira
|
Posted - 2007.09.05 22:35:00 -
[28]
someone is about to get a retro amazing prostate exam
____ __ ________
_sig below_
devs and gms cant modify my sig if they tried!
_lies above_
CCP Morpheus was here
Morpheus Fails. You need colors!! -Kaemonn
[yellow]Kaem |
syphurous
Gallente
|
Posted - 2007.09.05 22:42:00 -
[29]
I dont get how you related Eve and your machine being scanned ?
Can I Have Your Stuff ?
___
Too Many Anchored Cans |
7shining7one7
Quafe Paladins
|
Posted - 2007.09.05 22:50:00 -
[30]
Edited by: 7shining7one7 on 05/09/2007 22:56:38
Originally by: Gnulpie
OMG!
You got attacked by some scripter and you seem to have good control over the situation, grats to that.
But what the *** makes you believe that this has ANYTHING to do with Eve??? Honestly, if your first thought after you got attacked is that it might be something Eve-related then I seriously suggest that you should take a step away from Eve for a while...
first of all i said it could potentially be an eve player, and i didn't point any fingers please read it again.
second it was first of all to bring up the issue of meta gaming based on the experience since it was a possibility it had something to do with it.
but also.. it was to see if posting here had any effects on the attack, which it had, the attacks stopped on a dime 10 minutes after i made the post.
i still haven't said that it might necessarily be an eve player, and i have also stressed that i hope it is not. but.. i'm definately going to find out.
and thirdly, meta gaming is something very much to do with eve since many do it to some degree, and as i've illustrated with mittani, he doesn't mind looking up your ip and cross reference it with your phone number, and i sincerely doubt he's the only one that could contemplate metagaming like that. also the numerous instances where some have had chatlogs surfaced by alts showing info of strategic importance, that to the person owning those, never left his computer, but that person was hacked some time ago. this game means a lot to some people, i just encourage that keeping it in game might be the way to go. And that failure to do so will result in consequences. and that's what this post is about.
i hope that clarifies it.
to the "can i have your stuff" comment, mb you should read the post first before making smart remarks, i am not gonna leave game anytime soon :) i think me asking you the same would be more likely to be quite honest :)
as for me playing eve a lot.. no not really, i mostly juts hit up the forums as i skill up :) it's a great game tho so respect to everyone who put whatever effort they deem appropriate to their lives into it.
|
|
|
Lilian Long
|
Posted - 2007.09.05 23:00:00 -
[31]
Edited by: Lilian Long on 05/09/2007 23:00:59
Don't know, what the attacker did, but port scanning on it's own hasn't been judged as a crime so far.
There was just one court case and they judged it legal, because it didn't cause any damage in that case.
So to go win at court, you probably have to prove malicious intent, which can be quite difficult I guess.
But what could work is finding out and mailing his provider or the institution, from where the scan originated. If they can track it down to one user, he might get into trouble, because he has violated some policies there.
Personally I try to protect myself and don't bother much, except a person would really gain remote access and dig through or download my personal stuff. Then I'd maybe call the police.
|
ForumPosterAlt
HERRO KITTY
|
Posted - 2007.09.05 23:04:00 -
[32]
It was me.
Because posting on the forums is serious business. |
ry ry
StateCorp
The State
|
Posted - 2007.09.05 23:07:00 -
[33]
"stop playing defcon, lets hax some noobs lol"
|
syphurous
Gallente
|
Posted - 2007.09.05 23:23:00 -
[34]
Originally by: 7shining7one7
to the "can i have your stuff" comment, mb you should read the post first before making smart remarks, i am not gonna leave game anytime soon :) i think me asking you the same would be more likely to be quite honest :)
I read it, doesn't stop me from asking :P
___
Too Many Anchored Cans |
redialer
Minmatar
The African Contingency
Veritas Immortalis
|
Posted - 2007.09.05 23:34:00 -
[35]
Originally by: Illyria Ambri
See what happens when you leave your ports open.. you get sailors in them
|
Kazuma Saruwatari
|
Posted - 2007.09.06 00:42:00 -
[36]
 There's a reason why this would have never happened if you had your firewall on at the time and/or closed the ports you had open in the first place.
Then again, great work catching it and doing damage control. Whoever this is should get whats coming to em (namely you with the assistance of the authorities hopefully).
-
Odd Pod Out, a blog of EVE Online |
Lord XSiV
Amarr
Digital Research - Omega Protocol
|
Posted - 2007.09.06 01:21:00 -
[37]
op as described is complete bs. Anyone knowledgeable in the industry can see it, so figure it out for yourself.
This is just another fud scare tactic to slight this game. Nothing more, nothing less.
|
Lord Matrix
Department of War
|
Posted - 2007.09.06 01:42:00 -
[38]
Can I have your ports?
On a serious note, what just happened is normal on the Internet and is what I call a "Background Noise". I sometimes do a "Crazy Ivan" maneuver by disconnecting all my computers from the network and just listen what comes over the Internet line with a package sniffer 
------------------------------------------------------------------
What good have you done for the EVE community today? |
Modrak Vseth
Veto. Academy
Veto Corp
|
Posted - 2007.09.06 03:23:00 -
[39]
"Everybody grab your tinfoil hat!"
Originally by: 7shining7one7
here's the snippit of interest:
-
"I just had Rycar run your IPs," he finally informs me. He just what? I look over my shoulder on reflex, half expecting to see some internet commando behind my back, gently pressing a knife to my throat.
"You do indeed seem to be from Michigan and the phone number you gave fits that," The Mittani concludes in a nonchalant manner, as if locating my house were on par with a handshake. He tells me that it's the nature of my request that has him on edge. "Anything that appeals to my vanity I'm always really suspicious of because it's such a weak spot with people."
You talk like you know a lot about networking, yet you don't seem to understand two of the most commonly used tools in the networking world: Arin.net(and it's regional equivalents) and whois.net. What he did above is extremely simple.
The interviewer likely had some type of email correspondence with "the Mittani" which would have revealed his IP just by looking at the expanded email header. You then plug that IP into Arin.net and it handily gives you their ISP and "general" locational information. Knowing that somebody lives in Michigan is hardly a big deal, especially if you know their IP. You can even see all this information about yourself without even knowing your IP. Try this link and be amazed at the information to be found on the intrawebs!
|
w0rmy
M. Corp
M. PIRE
|
Posted - 2007.09.06 03:30:00 -
[40]
Edited by: w0rmy on 06/09/2007 03:33:53
Originally by: 7shining7one7
2. in my country the isp can be involved and trace you out in coordination with other isp's if there is sufficient evidence to constitute suspicion of intrusion attempts. 3. ip spoofer will not help once the isp's get involved in tracing you, then it's pretty much over.
and
Thats almost as funny as the guy who emailed us saying "Your server called ns1.ispname is trying to hack me via port 53!!!!"
Originally by: CCP Oveur
I'm very sorry w0rmy, I beg your forgiveness.
Originally by: Dianabolic
I was never sworn to secrecy, w0rmy, sorry to dissappoint you.
|
|
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 12:17:00 -
[41]
in for a quick comment.
Originally by: Modrak Vseth
"Everybody grab your tinfoil hat!"
Originally by: 7shining7one7
here's the snippit of interest:
-
"I just had Rycar run your IPs," he finally informs me. He just what? I look over my shoulder on reflex, half expecting to see some internet commando behind my back, gently pressing a knife to my throat.
"You do indeed seem to be from Michigan and the phone number you gave fits that," The Mittani concludes in a nonchalant manner, as if locating my house were on par with a handshake. He tells me that it's the nature of my request that has him on edge. "Anything that appeals to my vanity I'm always really suspicious of because it's such a weak spot with people."
You talk like you know a lot about networking, yet you don't seem to understand two of the most commonly used tools in the networking world: Arin.net(and it's regional equivalents) and whois.net. What he did above is extremely simple.
The interviewer likely had some type of email correspondence with "the Mittani" which would have revealed his IP just by looking at the expanded email header. You then plug that IP into Arin.net and it handily gives you their ISP and "general" locational information. Knowing that somebody lives in Michigan is hardly a big deal, especially if you know their IP. You can even see all this information about yourself without even knowing your IP. Try this link and be amazed at the information to be found on the intrawebs!
oh i'm quite familiar with how to resolve hostnames and look up such information, what i was pointing out as you clearly took this out of context and made up your own story about the reason i pasted that particular thing off the article, was to illustrate that some people might take metagaming to that level. if looking up ip's and cross referencing like that is the norm, then it only stands to reason that going further wouldn't be far fetched. also as i said it's nothing new just browse the forums for a little bit you'll see some examples of surprised people seing chatlogs posted by alts on pastebins that reveals info that never left their computer (an eve chatlog of strategic importance for instance).
so.. you kinda missed the point.. suggest you read the post again.
Originally by: Lord XSiV
op as described is complete bs. Anyone knowledgeable in the industry can see it, so figure it out for yourself.
This is just another fud scare tactic to slight this game. Nothing more, nothing less.
you clearly need to read the entire post again, first of all first thing i say straight off the bat is that i love the game, and the reason i post this is cause it MIGHT be someone from here, time will tell..
therefore i would not at all slight this game.. and it's not scare tactics, it happens.. so please take your tinfoil crap somewhere else.. what are you going to say next.. there's no such thing as hackers and metagamers? get real..
and please.. do elaborate and share with us just how exactly the explanation was bs :) i'm looking forward to that in particular.
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 12:34:00 -
[42]
Edited by: 7shining7one7 on 06/09/2007 12:43:03
Originally by: w0rmy
Edited by: w0rmy on 06/09/2007 03:33:53
Originally by: 7shining7one7
2. in my country the isp can be involved and trace you out in coordination with other isp's if there is sufficient evidence to constitute suspicion of intrusion attempts. 3. ip spoofer will not help once the isp's get involved in tracing you, then it's pretty much over.
and
Thats almost as funny as the guy who emailed us saying "Your server called ns1.ispname is trying to hack me via port 53!!!!"
you know.. there are two ironies in this area.
1 of them is offcourse that generic people think they are safe doing anything on the net.. and don't have to setup some form of protection. I knew that, i just turned it off briefly cause i was playing with some networking stuff and then forgot to turn it off, for those that have ever played around with just an example network programming, knows that sometimes it's leisurable to do in order to observe certain things and debug, and someone got in logged me out, i took responsibility for my action and my mistake.. cause it was a mistake (too long period to be safe) i took precautions to limit damage (only had 1 comp hooked up).. and i cut him off put up the blocks and logged him the 2nd time around..
now.. the 2. and perhaps the biggest irony of the two is hackers thinking they are safe and cannot be traced.. they can. and let's face it this hacker wasn't even remotely smart. which kind of moron tries to log out a user and change password, and then tries again the 2nd day where it's only logical that everything gets logged and traced, instead of just saying ok.. ****.. my plan failed.. i'm out. he didn't even employ ads (alternate data streams (hiding in other processes) a hard to get trojan or a little nasty rootkit..
as for your funny little comment.. "offcourse u can't trace that ****".. i think you seriously underestimate the built in ip resolving features and the likes of modern firewalls, not to mention insult the general intelligence of the people who play this game.
how about this: tracert 80.31.50.54 aka adsl-146-200-89.mob.bellsouth.net:53742 (remove the port number obviously to do a tracert)
there were various repeats adresses that i will investigate and so will the authorities to the degree possible.
a hacker is as unsafe as any other person on the net as far as tracing and intrusion attempts go. granted if one were to go unix / linux and trace someone it would be easier, who says not?
at any rate.. was a thread about my experience, and an encouragement to not to metagame.. and a hope that it wasn't someone in here that will be found out to be responsible.. or a group from in here employing a scan group network for their own means.. (ye.. i've hung out in irc too, for several years, and i've also talked to security expert that work for fortune 500 companies and how they got started so i know about that too.. shared the cute little details. i've also personally know people who have several years ago developed heuristic archive bombs and stuff like that, and found exploits in novels login systems and sys admin tools to grant themselves super admin acces, and have novel guys come in with their suit and tie and their black suitcases and sterling laptops unable to place the blame on the culprit..
anyways.. i'm not trying to come off as being smarter than everyone, but it seems some are trying to do that here.. and it doesn't benefit anyone..
so having said that, the crux of this post is to remember.. weither or not you have or have not done this or have or have not thought about it. do not take metagaming to a level like this. it will have consequences. and people don't like it very much when u try to mess with their stuff.. just keep the gaming in game, inasmuch as gaming involves things not to do with accessing private information.
have a nice day
7
|
RaTTuS
BIG
|
Posted - 2007.09.06 12:39:00 -
[43]
IPCop
Don't even bother to use a machine connected to the Internet without a firewall of some sort. - especially not an unpatched windows machine
--
BIG Lottery, BIG Deal, InEve & RaTTuS Home
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 12:45:00 -
[44]
i know man i know, that was what the idea probably was, log me out, force me to reinstall, bombard me with unpatched windows exploits since i was forced to be online to update it, but the attempt failed. at any rate, yes, thanks for your response everyone should benefit from this post that's what it's about, sharing experiences and also heads up to consider consequences of certain actions, if not all actions.
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 12:48:00 -
[45]
Originally by: Lord Matrix
Can I have your ports?
On a serious note, what just happened is normal on the Internet and is what I call a "Background Noise". I sometimes do a "Crazy Ivan" maneuver by disconnecting all my computers from the network and just listen what comes over the Internet line with a package sniffer
haha.. hunt for red october ftw
|
Cornucopian
Gallente
Dutch Omega
United Freemen Alliance
|
Posted - 2007.09.06 12:52:00 -
[46]
Edited by: Cornucopian on 06/09/2007 12:52:27
Originally by: Zenst
As a rule never connect a PC directly to the net when you can port forward and do with other means as well as a firewall.
Fact - installing windows XP from scratch and patching from windows update straight away will by the time you get fully patched up already have left your box exposed and vulnable for nearly an hour. In that time there will be many attempts due to botnets and scriptkiddies. The various different IP's and duration would indicate that to some extent is what you got. Even having automation driven port scans after several nodes rport unsucceful back to the controlling nodes to restablish root.
I do however strongly reccomend having a seperate install/partition of XP just for games. This means you can do all that jazz in a install tuned for that without extra registry and dll bloat distracting from performance. Then have dedicated internet banking/business stuff. VMware is a wonderful tool btw in that you realy dont need a fast system for internet banking and having using that or another free version works well from a security aspect.
Also check sheilds up remote port scan on this site GRC Sheilds up . Its not the best but it does do the job and thats all you can ever ask.
Also not there is never any reason whatsoever to have your PC plugged directly onto the internet, NAT or firewall and/or port redirection. Generaly as a rule deny everything and allow by exception and then you can ignore all the bots. Though do keep patched up as whilst your patched up today there will be a vulnability tomorrow and thats one released at a public level. Zero day expliots whilst not exactly years until known thesedays do happen, albeit mostly days or weeks. But still there are the odd ones that do get a long shelf life.
Remember putting a PC directly onto the internet is like driving a bicycle on a busy motorway.
uhm... noob alert. I have a router, a firewall, and a fully updated mcaffee (with the whole suite of kewl internet safety rubbish active) running on vista. Am I a little safer than the average internetzusar?
-----------------------------------------------
"post with your main. delete your alt, you sad little exploiting metagamer."
Originally by: Royaldo
complete win by Cornucopian!
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 13:05:00 -
[47]
Edited by: 7shining7one7 on 06/09/2007 13:11:13
you could do with a rootkit scanner, use hijack this and rootkit buster and rootkit unhooker, u need to read more about rootkits to actually know what to look for so u don't delete the wrong things, otherwise u can genuinly mess stuff up, but i highly recommend u play around with it
also u could definately do with a out right trojan scanner, antivirus don't allways sniff up trojans (like trojan hunter for instance).. firewall on paranoid mode is a good idea too.. sunbelt kerios is a pretty decent firewall for that. offcourse there are other great alternatives.
also be on the lookout for ADS's Linkage (rootkit related)
not adds but alternate data streams, or rather, little nasty buggers hiding in other processes. on windows systems they employ this in harddrives using the ntfs file system which uses this, if u use fat32 you should be safe but come on, who uses that nowadays.. in other words, scan for it and be on the lookout for it.
also when you do a scan, given that u run windows.. turn off system restore so they can't hide in the sys restore compressed archives, and do throrough scans including memory (allthough most programs do that) so that they don't just hide in mem get deleted on hd and pop down in hd after ur done, solving nothing.
also keep ur browser updated to prevent browser oriented attacks and delete your history and personal info and it's actually also quite good to not use auto formulas that remember your entered passwords and recall them etc. but to just have the passwords on a little piece of paper under lock till you remember them, and use numeric, alphabetic and odd out symbols in your password. alsodon't have em in a text file on the computer that's a bad idea.
many programs detect keyloggers right off the bat, but there's also specific anti keylogger programs out there that can run in the background actively and block such attempts. allthough keyloggers have huge telltale signs, since you can gain info by running certain programs about where they sent the passwords and such, which is mostly a dead giveaway resulting in the person most likely being caught.
as one suggested earlier, get a port scanner and scan yourself, and u can also do a red october inspired crazy ivan as the guy above suggests hehe.
and DO PLEASE have a log feature in your firewall, so u have some evidence for further investigation. Otherwise you might be stumbling in the dark a little bit if someone gets to you somehow.
hope this'll get you started m8
take care
7
|
Susan Acid
|
Posted - 2007.09.06 13:33:00 -
[48]
Paranoid much? |
Occara
|
Posted - 2007.09.06 13:53:00 -
[49]
this thread is epic fail.
i have one system in my charge that has an internet facing ip.
it constantly emails me that it has blacklisted this ip or that.
i suppose it's TIME TO INVESTIGATE!
p.s. in context your silly quote from that interview means "we looked and your ip address is owned by an isp that exists where you claim to exist" it isn't even related in the slightest bit to what you are talking about.
epic. paranoia. fail. thread.
what this thread should have said.
"I hooked up an unhardened system to the internet. I got randomly pwnd by another randomly pwnd computer. Boy am I dumb."
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 14:10:00 -
[50]
Edited by: 7shining7one7 on 06/09/2007 14:15:53
Originally by: Occara
this thread is epic fail.
i have one system in my charge that has an internet facing ip.
it constantly emails me that it has blacklisted this ip or that.
i suppose it's TIME TO INVESTIGATE!
p.s. in context your silly quote from that interview means "we looked and your ip address is owned by an isp that exists where you claim to exist" it isn't even related in the slightest bit to what you are talking about.
epic. paranoia. fail. thread.
what this thread should have said.
"I hooked up an unhardened system to the internet. I got randomly pwnd by another randomly pwnd computer. Boy am I dumb."
allow me to feed you with the same spoon you dish out **** with..
"i have one system in my charge that has an internet facing ip.
it constantly emails me that it has blacklisted this ip or that.
i suppose it's TIME TO INVESTIGATE!"
this has no correlation whatsoever to 1900 attempts on the same port (that was open and that was used to log me out the day before). don't even start to think it does. you merely illustrate your immense stupidity on the subject.
"p.s. in context your silly quote from that interview means "we looked and your ip address is owned by an isp that exists where you claim to exist" it isn't even related in the slightest bit to what you are talking about."
taken out of context and is clearly related due to the subject of metagaming. it is related, u just lack the brainpower to realize how. work on that would you..
"epic. paranoia. fail. thread."
what's next, there is no hackers, or meta gamers? btw. taking this to the authorities might be faster than i would have previously thought, since there was just recently a case of this in local media, and it's not looking good for the culprits. allow me to feed you your tinfoil hat.
"what this thread should have said.
"I hooked up an unhardened system to the internet. I got randomly pwnd by another randomly pwnd computer. Boy am I dumb."
"
or rather, i was experimenting with some stuff temporarily, a hacker attempted entry and logged me out, i stopped him blocked him and logged the attempts the 2nd time around, suffered no data loss or loss of personal info and/or acess passwords either.
boy are YOU dumb for not having the brainpower to read the post and gather it in your brain in a cohesive way..
it's not often i see someone pwning themselves in the eye in the way you just did..
gl with that.
ps. the cute puppies shed sad puppy tears over you having management over the system in the way that you describe.
how you like your spoon? remember to lick it good, it is afterall your own ****.
btw. post with your main, you silly spineless incoherent alt.
|
|
|
Occara
|
Posted - 2007.09.06 14:35:00 -
[51]
except there is a major difference.
my post was based in reality, not delusion.
you sir, are delusional.
to the extreme.
as folks have said. you hooked up a naked/unhardened system to the internet. this. is. dumb. (and should never be done unless you plan on wiping the system afterwards)
you claimed to be "experimenting". if you knew enough to be experimenting, you would have known that you have no business using that system without wiping it since you obviously had some unpatched vulnerability that has been exploited.
your "hacker" wasn't even a living being. Oh, I mean a few generations up it may have been, but now it's just a wormed pc
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 14:42:00 -
[52]
Edited by: 7shining7one7 on 06/09/2007 14:44:39
Originally by: Occara
except there is a major difference.
my post was based in reality, not delusion.
you sir, are delusional.
to the extreme.
as folks have said. you hooked up a naked/unhardened system to the internet. this. is. dumb. (and should never be done unless you plan on wiping the system afterwards)
you claimed to be "experimenting". if you knew enough to be experimenting, you would have known that you have no business using that system without wiping it since you obviously had some unpatched vulnerability that has been exploited.
your "hacker" wasn't even a living being. Oh, I mean a few generations up it may have been, but now it's just a wormed pc
the vulnerability exploited can be read in the post..
no worms trojans rootkits malware spyware or anything on this pc.
1900 blocked attempts yesturday speak for itself, interesting side fact that might or not have any correlation.. is the attempts stopping 10 minutes after i post here.
it wasn't unhardened, some features were shut down temporarily.
read the above post where you illustrate you "amazing knowledge about internetzzz security". and that would be nuff said.
allthough, for my personal amusement..pwn yourself in the eye once more why don't ya spineless troll your hardly the first one i've slain, and you probably won't be the last either.
it's so pathetic that guys like you have no other thing to do than log onto eve-o forum and try to "pwn" someone on an alt. how pathetic.. i mean really.. atleast a lot of the alts have something sensible to say and don't pwn themselves in the eye like you.
as i said.. post with your main, and fix your brain, again..
|
nightslasher
|
Posted - 2007.09.06 14:56:00 -
[53]
Edited by: nightslasher on 06/09/2007 14:58:49
Edited by: nightslasher on 06/09/2007 14:57:41
Originally by: 7shining7one7
so.. you kinda missed the point.. suggest you read the post again.
You keep saying this, but I wonder if you take your own advice.
My own take on this is that you did something stupid (left your firewall off [still not sure why you need to turn it off at all, but ok....]), and someone attacked your comp...Then, you figured out that someone found you and you pulled the plug....
Short form: you left the keys in the car with the engine running in a crime-ridden location, and went to sleep in the back seat...Someone took your car for a spin, and then you woke up.
Big deal.
|
Susan Acid
|
Posted - 2007.09.06 15:02:00 -
[54]
7shing7one7 stop posting.
You have Zero proof that this is Eve related.
Maybe you think you are important?Maybe you want to be important in Eve and feel like someone is taking an interest in you,your 2 man corp,or whatever you are achieving in game?
Sorry to burst your ever expanding bubble of self worth but it's highly unlikely anybody even noticed you until you made your post.
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 15:03:00 -
[55]
Originally by: nightslasher
Edited by: nightslasher on 06/09/2007 14:58:49
Edited by: nightslasher on 06/09/2007 14:57:41
Originally by: 7shining7one7
so.. you kinda missed the point.. suggest you read the post again.
You keep saying this, but I wonder if you take your own advice.
My own take on this is that you did something stupid (left your firewall off [still not sure why you need to turn it off at all, but ok....]), and someone attacked your comp...Then, you figured out that someone found you and you pulled the plug....
Short form: you left the keys in the car with the engine running in a crime-ridden location, and went to sleep in the back seat...Someone took your car for a spin, and then you woke up.
Big deal.
yes, please read the reply where you took it out of context, and why are you posting with an alt now? check that..
had the normal native firewall on, but in order to debug certain things it can be beneficial to turn off secondary firewalls to take them out of the equation, for a short duration of time. offcourse we all know how faulty generic windows firewall can be, but i took a chance, and when someone came in i cut him off.. it's no big deal but.. i have a huge log and i traced various of the redundant ips and i will find out who did it..
at any rate you should read the post again before replying any further.
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 15:07:00 -
[56]
Edited by: 7shining7one7 on 06/09/2007 15:07:19
Originally by: Susan Acid
7shing7one7 stop posting.
You have Zero proof that this is Eve related.
Maybe you think you are important?Maybe you want to be important in Eve and feel like someone is taking an interest in you,your 2 man corp,or whatever you are achieving in game?
Sorry to burst your ever expanding bubble of self worth but it's highly unlikely anybody even noticed you until you made your post.
[/endquote]
i'm going to give u a huge shocker.. mrs ALT.. i don't give a **** about what people think about what i do in game, i am respectful to people who are respectful towards me, and i don't seek any fame or fortune i just seek to have fun with this game. there's no bubble to burst, go check your inflated ego instead that causes you to post drivel like that.
there's no doubt that this could be eve related, which is why i posted this at all.. also to bring up meta gaming based on the experience. the factors to give way to such a hypothesis is clear if you read the post.
i'm sorry that i am not on the venture like you.. to get a huge e-peen.. i like to keep to myself and do my own thing, but i do talk to people that are nice and kind and we share stuff and experiences.
don't mistakingly seek to apply your own motives for playing eve and for making posts, for the motives i have for doing so.
homer says it best.. your reply is a big *d'oh*.
|
Gwoden
Gallente
Exa Utopia
Exa Nation
|
Posted - 2007.09.06 15:31:00 -
[57]
Originally by: 7shining7one7
hehe thanks, but i have rootkit, malware, spyware, trojan scanner firewall and a router with nat that i had the cable plugged into, i was just experimenting with some network stuff s all.. and had some things switched off temporarily
Keep in mind that the whole point of rootkits are to avoid detection. There are ways of protecting your rootkit from the rootkit scanners themselves. I've been a network sec tech for many years now. The rule of thumb is if you suspect a rootkit is on your system. Format the machine.
The hacker versus sec tech (or black-hat versus white-hat), is a cat and mouse game. Hacker comes out with a new rootkit, sec tech finds a way to detect and remove it. Then the hacker finds a way to disable detection by attacking the scanning tool directly, or by coming up with a new, and more tricky, masking method. By far the easiest is to use filenames that match system filenames, so people don't delete them. Of course that is a very loose example, but i hope you get the idea.
So in this case, you asked for advice. My advice is that if you suspect a rootkit is on your system, then format it. What you do from here is up to you.
_______________________________________________
There is no "I can't" only "I will". |
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 15:34:00 -
[58]
thanks gwoden but i think i have a firm grasp on the situation for the time being. your reply is very true though, and i'm sure reading it will benefit a lot of people, and that's what part of this thread is about. information.
|
nightslasher
|
Posted - 2007.09.06 15:36:00 -
[59]
Originally by: 7shining7one7
Originally by: nightslasher
Edited by: nightslasher on 06/09/2007 14:58:49
Edited by: nightslasher on 06/09/2007 14:57:41
Originally by: 7shining7one7
so.. you kinda missed the point.. suggest you read the post again.
You keep saying this, but I wonder if you take your own advice.
My own take on this is that you did something stupid (left your firewall off [still not sure why you need to turn it off at all, but ok....]), and someone attacked your comp...Then, you figured out that someone found you and you pulled the plug....
Short form: you left the keys in the car with the engine running in a crime-ridden location, and went to sleep in the back seat...Someone took your car for a spin, and then you woke up.
Big deal.
yes, please read the reply where you took it out of context, and why are you posting with an alt now? check that..
had the normal native firewall on, but in order to debug certain things it can be beneficial to turn off secondary firewalls to take them out of the equation, for a short duration of time. offcourse we all know how faulty generic windows firewall can be, but i took a chance, and when someone came in i cut him off.. it's no big deal but.. i have a huge log and i traced various of the redundant ips and i will find out who did it..
at any rate you should read the post again before replying any further.
You are a piece of work...heh
Other than my post that you quoted, I have not posted in this thread, ever.....I'm not an alt of anyone here...Look me up on the search tool...But, however you want to justify your stupid mistake, that is fine with me.
What I said is still true.
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 15:41:00 -
[60]
Edited by: 7shining7one7 on 06/09/2007 15:48:13
No it's not and it's clear when you read the post.
you took it out of context and made up your own version of what i meant by that statement, and originally that statement was my reply to another persons reply, which is why it was likely you were that persons alt, and you messed up by posting with the wrong char (it can happen i've heard), if you don't want to admit it now that's cool, and if ur not an alt of that char, then that's cool too.
also: stop trolling. and no.. saying it even a billion times won't make it more true, you didn't read it all and thusly didn't pick up on the small details about the matter.. don't blame me for that.
be constructive or begone.
and post with your main, or attempt to have the last word as any troll would and recieve no further comments and then proclaim "victory" as you trolls do. and then go on with your day.. far far away i could care less about your entire persona and the way you think you are and your false beliefs and your conduct, and about your feelings, or what you have to say from this point on, untill you change your attitude towards being respectful and kind.
|
|
|
Occara
|
Posted - 2007.09.06 15:55:00 -
[61]
Originally by: 7shining7one7
and no.. saying it even a billion times won't make it more true,
read it, comprehend it.
quit while you only look mostly like an idiot.
|
Mad Amos
|
Posted - 2007.09.06 15:57:00 -
[62]
Originally by: 7shining7one7
I love this game, it's great, and the people in it, for better or for worse, i'm sticking around and having fun with all of ya :)
Now.. i love to get to know people, and people also loves getting to know me.
It seems however, that there might be a person that is a little bit too eager to get to know me and who i am, and it might be someone from in here, which is why i post this.
yesturday, i was playing around with various stuff, having fun as i usually do. when i'm in front of the computer, at that point i didn't have my firewall on.
Stopped reading there.
"Show me a sane man and I will cure him for you." -Carl Gustav Jung |
Lord MuffloN
Caldari
Caldari Provisions
|
Posted - 2007.09.06 16:00:00 -
[63]
Got no anti virus or firewall, not even spyware protection, doing fine here
(I'm not saying anything about the OpenBSD router I have)
|
Robert Dobbs
Evolution
Band of Brothers
|
Posted - 2007.09.06 16:05:00 -
[64]
Edited by: Robert Dobbs on 06/09/2007 16:05:55
Originally by: 7shining7one7
i reacted quickly and pulled out the cable and got the message that there were other computers connected to this
This is your problem.
This means that you had Windows File and Printer sharing enabled on your WAN (the internet, your modem connection).
This is how you got "hacked". It was most likely nothing to do with EVE.
If you have some f**** sense and don't leave your computer open to the world, you don't need a firewall or antivirus running. I have never run either of these.
-
Listen or we'll take your region. |
Mr Digs
Tyranny INC
|
Posted - 2007.09.06 16:08:00 -
[65]
Never had a problem here and I dont run a firewall either.
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 16:08:00 -
[66]
Edited by: 7shining7one7 on 06/09/2007 16:13:53
i know, was one of the first things i turned off, i explained this earlier too (shared folder etc.) and i did have native firewall on, but it doesn't block file sharing (it's not the only comp i got). mr. BoB i know how to protect my comp, i was messing around with some stuff, and had only that comp hooked up while i did so, and it was only meant to be a short duration.
at any rate it's besides the point, cause weither or not anyone had access for a short duration or not it's not something you do without consequence.
|
ry ry
StateCorp
The State
|
Posted - 2007.09.06 16:08:00 -
[67]
Edited by: ry ry on 06/09/2007 16:09:25
yesterday my carrier bag split outside the shop.
i know one of you lot tampered with it in anticipation of me purchasing something, and i've sent the offending carrier to the NSA for analysis. Game over hackers, game over.
but seriously, we all get sniffed daily. you happened to have an unpatched windows box without a firewall. there is no conspiracy matey.
|
Robert Dobbs
Evolution
Band of Brothers
|
Posted - 2007.09.06 16:09:00 -
[68]
Originally by: 7shining7one7
i know, was one of the first things i turned off, i explained this earlier too (shared folder etc.)
Do yourself a favour and buy a NAT'ing router, this is a blanket security shield that will protect you against most of your own stupidity :)
-
Listen or we'll take your region. |
Thuul'Khalat
Gallente
Phoenix Wing
Acheron Federation
|
Posted - 2007.09.06 16:09:00 -
[69]
Use NAT, problem solved
---
Do YOU have what it takes? |
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 16:16:00 -
[70]
Originally by: ry ry
Edited by: ry ry on 06/09/2007 16:09:25
yesterday my carrier bag split outside the shop.
i know one of you lot tampered with it in anticipation of me purchasing something, and i've sent the offending carrier to the NSA for analysis. Game over hackers, game over.
but seriously, we all get sniffed daily. you happened to have an unpatched windows box without a firewall. there is no conspiracy matey.
where do you get your facts, out of thin air? did IQ's just drop sharply while i was away? how dare you mock anyone without getting your facts straight. i never said i had an unpatched windows box, and when i said i didn't have firewall on, i meant secondary firewall, not native.
|
|
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 16:18:00 -
[71]
Originally by: Robert Dobbs
Originally by: 7shining7one7
i know, was one of the first things i turned off, i explained this earlier too (shared folder etc.)
Do yourself a favour and buy a NAT'ing router, this is a blanket security shield that will protect you against most of your own stupidity :)
i do have a NAT'ing router, it was setup to forward from that port to this ip (the port i got attacked on), but it didn't help for this particular exploit. it is good advice though.
|
Robert Dobbs
Evolution
Band of Brothers
|
Posted - 2007.09.06 16:22:00 -
[72]
Originally by: 7shining7one7
i do have a NAT'ing router, it was setup to forward from that port to this ip (the port i got attacked on), but it didn't help for this particular exploit. it is good advice though.
Why the hell did you have your router forwarding SMB (port 138/139, the most commonly exploited ports available) to your machine?
-
Listen or we'll take your region. |
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 16:23:00 -
[73]
Originally by: Robert Dobbs
Originally by: 7shining7one7
i do have a NAT'ing router, it was setup to forward from that port to this ip (the port i got attacked on), but it didn't help for this particular exploit. it is good advice though.
Why the hell did you have your router forwarding SMB (port 138/139, the most commonly exploited ports available) to your machine?
sry when did i say i had that port forwarded? i missed that part.
|
Brumin Rush
Minmatar
|
Posted - 2007.09.06 16:29:00 -
[74]
Some ramblings:
if you go to a command prompt after you finish installing windows and do: netstat -b it will show you running application and their connections. Every once in a while, let's say after installing anything you ca re-issue the command to see what has changed.
Now there are alot of great tools you can use to trace bad stuff. you can look-up Sysinternals (who got baught by Microsoft) and Robin Keir who's primary tools got baught by Foundstone/Mcafee.
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 16:30:00 -
[75]
cool "ramblings" brumin
|
Thuul'Khalat
Gallente
Phoenix Wing
Acheron Federation
|
Posted - 2007.09.06 16:38:00 -
[76]
Originally by: 7shining7one7
Edited by: 7shining7one7 on 06/09/2007 16:28:14
Originally by: Robert Dobbs
Originally by: 7shining7one7
i do have a NAT'ing router, it was setup to forward from that port to this ip (the port i got attacked on), but it didn't help for this particular exploit. it is good advice though.
Why the hell did you have your router forwarding SMB (port 138/139, the most commonly exploited ports available) to your machine?
sry when did i say i had that port forwarded? i missed that part.
Originally by: 7shining7one7
i do have a NAT'ing router, it was setup to forward from that port to this ip (the port i got attacked on), but it didn't help for this particular exploit. it is good advice though.
---
Do YOU have what it takes? |
Robert Dobbs
Evolution
Band of Brothers
|
Posted - 2007.09.06 16:42:00 -
[77]
Originally by: 7shining7one7
sry when did i say i had that port forwarded? i missed that part.
at any rate, why are you consisting trying to explaining to me how i was hacked, i know how i was hacked, that's not what this is about, it was just general topic about meta gaming based on my experience cause first of all i wanted to see if posting here had any effect on the attacks (it did) secondly i wanted to bring up meta gaming and make people realize to protect themselves from meta gamers.. (since it's not new to this game.. need i mention hacked teamspeak servers and hacking of players with chatlogs surfacing that were on their puter?) and just a general heads up and healthy discussion of how to protect themselves etc.
so let's stick to that shall we.
You are deluded if you think that this "attack" has anything to do with EVE. It probably wasn't even a person doing it, more likely a bot.
This will be my last post on the subject, since I don't feel any desire to mollycuddle you into the evil world which is the "internet"..
-
Listen or we'll take your region. |
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 16:44:00 -
[78]
Edited by: 7shining7one7 on 06/09/2007 16:45:24
the port i got attacked on was a very different port.. and i never said i had NAT'ed those ports that was spoken off... so hmmm care to explain?
your contribution wasn't exceptional either, i'm sure it won't be missed...
|
Kagura Nikon
Minmatar
Guardians of the Dawn
Interstellar Alcohol Conglomerate
|
Posted - 2007.09.06 16:47:00 -
[79]
mmm The chance of this being related to eve players is mostly remote to be true.
My computer network suffers invasion attempts like 5 times per day every day, from incredibly diverse and self expanding set of origins. Ther e are a lot of wannabe hackers around that do that
If brute force doesn't solve your problem... you are not using enough |
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 16:56:00 -
[80]
true true, i just used the opportunity to bring up meta gaming and also to get people to discuss safety tips, time will tell who it is, and it doesn't have to be an eve player, i've allready said and had to restate it atleast 10 times to people who came in the thread late, but that's ok. however again.. the utter timing of it is indeed quite a "coincidence", which is why i won't rule out that possibility.. time will tell.
|
|
|
JoDirt
Minmatar
Tides of Silence
Hydra Alliance
|
Posted - 2007.09.06 16:58:00 -
[81]
Originally by: 7shining7one7
Edited by: 7shining7one7 on 06/09/2007 16:50:07
Edited by: 7shining7one7 on 06/09/2007 16:45:24
the port i got attacked on was a very different port.. and i never said i had NAT'ed those ports that was spoken off... so hmmm care to explain?
your contribution wasn't exceptional either, i'm sure it won't be missed...
on a sidenote i find it quite humerous that a member of BoB is defending a potential meta gaming attempt.. i thought your tinfoil rants would have been stomped down allready.. but no.. if you want to talk about delusion.. mb.. delusion is evolution, atleast for some.. if you catch my drift 
NAT is not the ultimate protection. If an attacker is able to enumerate your internal ip address then it is possible to carefully craft a packet that will successfully make it through a NAT even with no port forward. That is way it is important to have a firewall.
The folks suggesting that a bot is scanning your computer are most likely correct. To find the real attacker, one would have to compromise the bot, setup a "man in the middle attack" then wait for the "bot controller" to download the findings. Only then will you find the true perpetrator.
Best advice is rebuild your machine, I recommend that mainly because you may lack enough skill to properly remove any payload that made it through. Use a real hardware firewall. Keep your windows firewall always enabled, and use a modern anti virus client.
In the future, if you feel the need to "experiment" with your network, Use a virtual machine clone.
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 17:02:00 -
[82]
Edited by: 7shining7one7 on 06/09/2007 17:06:30
exactly joe..
that's one of the reasons he got through, cause i did have NAT enabled.
i have the tools and the know how to remove this stuff joe don't worry, and there's no nasty stuff, i have used several of each of the tools for the various areas, like rootkit scanners ads scanners etc. and the likes. and have 1 firewall that replaces the native upon execution and 3 other scanning tools running in background per usual operation. hardware firewall is a good idea but has it's limitations, but u don't exactly need it tho and you and i know that, but i get the point.
thanks for your reply tho m8, your good to have in this thread, nice and constructive i like that.
|
Susan Acid
|
Posted - 2007.09.06 17:12:00 -
[83]
Originally by: 7shining7one7
true true, i just used the opportunity to bring up meta gaming and also to get people to discuss safety tips, time will tell who it is, and it doesn't have to be an eve player, i've allready said and had to restate it atleast 10 times to people who came in the thread late, but that's ok.
Safety tips?Turn on your Firewall.
It doesn't have to be an Eve player?So now you concede that it might not be Eve related?
and I don't believe you when you say it's increased since you posted here.
You are a Drama Queen.Enjoy your Pantomime.
|
Taedrin
Gallente
Magellan Exploration and Survey
Zzz
|
Posted - 2007.09.06 17:20:00 -
[84]
Computers are only as secure as they are programmed to be. And unfortunately, Windows is such a bloated program, that it is nigh impossible to make it secure without resorting to using additional hardware/software.
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 17:25:00 -
[85]
Originally by: Susan Acid
Originally by: 7shining7one7
true true, i just used the opportunity to bring up meta gaming and also to get people to discuss safety tips, time will tell who it is, and it doesn't have to be an eve player, i've allready said and had to restate it atleast 10 times to people who came in the thread late, but that's ok.
Safety tips?Turn on your Firewall.
It doesn't have to be an Eve player?So now you concede that it might not be Eve related?
and I don't believe you when you say it's increased since you posted here.
You are a Drama Queen.Enjoy your Pantomime.
if you would get your little fat hairy alt ass over to the first post and read it, allready there would you see that i said it might not be eve related.. so i guess that's where you fall down..
buhbye troll..
|
JoDirt
Minmatar
Tides of Silence
Hydra Alliance
|
Posted - 2007.09.06 17:25:00 -
[86]
Originally by: Taedrin
Computers are only as secure as they are programmed to be. And unfortunately, Windows is such a bloated program, that it is nigh impossible to make it secure without resorting to using additional hardware/software.
any unpatched OS is quite easy to compromise. Windows Vista fully patched with all security turned on is better then you would expect (given the MS track record). I'm quite impressed with it actually.
my point is always patch, always patch, always patch no matter your OS. always use all the security features no matter the OS. |
Occara
|
Posted - 2007.09.06 18:00:00 -
[87]
backpedal more.
soon you'll claim you didn't even post this thread and we all made it up to flame you.
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 18:22:00 -
[88]
Edited by: 7shining7one7 on 06/09/2007 18:23:33
Originally by: Occara
backpedal more.
soon you'll claim you didn't even post this thread and we all made it up to flame you.
from the OP:
"It seems however, that there might be a person that is a little bit too eager to get to know me and who i am, and it might be someone from in here, which is why i post this."
a thing i restated several times in the thread..
occara, your just mad cause you tried to be superior and ended up pwning yourself in the eye..
and that's where you fall down. again..
|
Princess Jodi
Vendetta Underground
Rule of Three
|
Posted - 2007.09.06 18:33:00 -
[89]
Did it ever occur to you that Chat Logs by nature include more than one person? Therefore anyone who you were chatting with also has the same logs.
|
Occara
|
Posted - 2007.09.06 18:57:00 -
[90]
Originally by: 7shining7one7
from the OP:
"It seems however, that there might be a person that is a little bit too eager to get to know me and who i am, and it might be someone from in here, which is why i post this."
a thing i restated several times in the thread..
occara, your just mad cause you tried to be superior/troll and ended up pwning yourself in the eye..
and that's where you fall down. again..
go back to your cave... troll.. 
what about my just mad?
take your repeating something does not make it true advice.
|
|
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 19:07:00 -
[91]
Edited by: 7shining7one7 on 06/09/2007 19:14:33
Originally by: Princess Jodi
Did it ever occur to you that Chat Logs by nature include more than one person? Therefore anyone who you were chatting with also has the same logs.
oh i was talking about a def example of meta gaming in eve, this is not a definate example, only time will tell if it is, anyways..
to your comment, the chat log example i made was only known by 2 people not their alliance, and was surfaced by an alt later on via a pastebin, to the persons big surprise, afterwhich that person mentioned it could have only happened when he was hacked some time ago.. to which another person responded "welcome to internet spaceship games, where flying internet spaceships is big business".
if you want to find it yourself, i think the involved parties in the chatlog was avernus and seleene, and it surfaced by an alt on a pastebin in an mc related thread by an alt with several odd out numbers in his name, avernus's response to that was quite revealing. if avernus wants to come in here and comment on that himself that would be great too. now that the subject of metagaming is up anyways..
anyways just thought i'd clarify that so u don't have to reread.
anyways thanks for everyones comment, good points mentioned etc. about security for people to read about, and my personal experience i'll get to the bottom off with the help of the authorities.
so unless someone else has something constructive to say i'll say
thanks everyone and trolls .. go to your caves..
|
7shining7one7
Quafe Paladins
|
Posted - 2007.09.06 19:19:00 -
[92]
Originally by: Occara
Originally by: 7shining7one7
from the OP:
"It seems however, that there might be a person that is a little bit too eager to get to know me and who i am, and it might be someone from in here, which is why i post this."
a thing i restated several times in the thread..
occara, your just mad cause you tried to be superior/troll and ended up pwning yourself in the eye..
and that's where you fall down. again..
go back to your cave... troll.. lool
what about my just mad?
take your repeating something does not make it true advice.
occara you fell so hard you can't form a coherent sentence nomore?? haha.. that's priceless..
|
ry ry
StateCorp
The State
|
Posted - 2007.09.06 19:53:00 -
[93]
Edited by: ry ry on 06/09/2007 19:57:07
Originally by: 7shining7one7
Originally by: ry ry
Edited by: ry ry on 06/09/2007 16:09:25
yesterday my carrier bag split outside the shop.
i know one of you lot tampered with it in anticipation of me purchasing something, and i've sent the offending carrier to the NSA for analysis. Game over hackers, game over.
but seriously, we all get sniffed daily. you happened to have an unpatched windows box without a firewall. there is no conspiracy matey.
where do you get your facts, out of thin air? did IQ's just drop sharply while i was away? how dare you mock anyone without getting your facts straight. i never said i had an unpatched windows box, and when i said i didn't have firewall on, i meant secondary firewall, not native.
yes. your IQ is truly astonishing, mr agressive.
your box (windows?) was compromised with your firewall turned off but the 'native' (windows?) firewall running. (most half decent software firewalls turn off the windows firewall when they activate (2 software firewalls are a bad idea) and you have to manually re-enable the windows firewall throught the security center. presumably you did this.) which suggests something took advantage of an unpatched exploit.
Windows security updates are slow to emerge at the best of times, and once somebody releases PoC code they get integrated into various nastiness long before MS get patches out on the streets.
You seem a wee bit paranoid. why is this **** anything to do with Eve? I don't think you quite grasp how much 'hostile' traffic your average PC garners on a regular basis from random zombies scanning vast tracts IP ranges for known exploits, and script kiddies sniffing around your binary bins. you just got lucky.
|
Sharupak
Minmatar
Knights Of the Black Sun
Rule of Three
|
Posted - 2007.09.06 20:05:00 -
[94]
Originally by: 7shining7one7
so.. meta gamers and those who attempt it without any concent, or script kiddie newbie hacking with maliscious intent, will not be tolerated and should not. whoever it is that did this, say goodbye to your "hacking career".. and no, there's no company that'll save u and come give u a job cause ur such a "nber cool guy"..
have a nice day
7
first, router ftw, and second...teamspeak, ventrilo or whatever voice you use...I would suggest you look there first
_______________________________________________
RuntimeError: ChainEvent is blocking by design, but you're block trapped. You have'll have to find some alternative means to do Your Thing, dude. |
|
|
| |
|
| Pages: 1 2 3 4 :: [one page] |