I got to get ready for some near fail proof Web Protection because i will be suffing by fall like no one ever suff before. And when i hit that big wave i don't want to end up shark food.

I got some very dumb questions about sockets, Firewalls, and sevices. Ok i don't want to even attempt to write a full blow wall because i am not young nor cleaver enough to do so ... So i am more interested in what these people can do once they invade your machine.... I mean there must be STEPS that THEY MUST FOLLOW and i would simply like to know a few of those steps so i can at lease have a fighting chance to stop it even if i have to crash my own machine (Just in Time).... I have no problem with that... Or do the system allow the invaders to overwrite the system rules itself. If this is possible Windows cannot be classed as an OS. I sure hope not.

Question one What in the HELL is a SOCKET and WHO made it possible for anyone on the other end to open up PORTS at will on my F""""G machine? Can i do something about this with out writing a darn FIREWALL.

For instance i go here when i go to the web and no where else for months at a time and after i shut down i use to see all kind of BLOCK that my FireWall caught... Only a few BLOCKS these days i guest they got tried of me RE-INSTALLING WINDOWS every week of course with DISKFORMAT first... That's one good thing about 95 it's not that much :)

But i even see my own ISP info in there and i NEVER EVER went to my own ISP Web Site for over a year .... But they track me like a Blood Hound i guest... Do i need this... I did not ask them or anyone else to desturb me. My Home is the Win32 Community. Did i need their help after im connected... This is the question.

It seem that when others try to come in opening up PORTS all over the place my ISP name is somewhere right before or after it.... EXAMPLE:

209.151.73.97 all good 1000 time
209.151.73.97
209.151.73.97

fnpop-cluster,prodigy.net.....The people that brought out flash.net and i now pay prodigy for their ISP service www2.state.il.us..............My home state... what do they want out of me but taxes and someone to fill their jails.

Posted on 2003-03-16 17:30:24 by cmax
There are some ports that you just have to have open, especially on a webserver. You can block ports either by getting a port blocker which runs on the webserver and intercepts and denies incoming connection attempts, or you can use a firewall. Note that these protection methods do not protect you against people breaking your machine with things like malformed url attacks, or DOS attacks.


If you are going to run a webserver then you have to expect it to be attacked, it is like an immutable law of the universe. The thing that will differentiate your webserver from everyone else's is how you deal with and recover from the attack.
Posted on 2003-03-16 20:25:58 by sluggy
I was way out the ball park then... I just going to have to read about this stuff first but there has been a lots of great hints about it latly. I just liked the word SERVICE.
Posted on 2003-03-17 01:31:32 by cmax
sluggy , I was on time, and not out the box with my question i think. It may be miss leading the way i put it.

If someone did a dos attact or url attacks OR WHAT EVER IT TOOK on a plain person small computer while he is just on the
WEB what would would some of the thing that would happen and where would they be coming in at... That's what i am trying to find out.

I don't think i have ever had a serious attact but i do subspect there were attempts made in the pass.

i just want to know what happen to the small guy computers not servers if something every happen so that i at lease
got a clue.

EXAMPLE: Do i have to have something open inorder for them to see or can they just run all over my machine and open what they want if so what did i have to do wrong to let that happen ... Im just hoping that the latter is not possible.
Posted on 2003-03-17 02:09:50 by cmax
Hi

Noone can open ports on your puter from the outside, unless they've got remote access to your puter. So, unless they've got a trojan running on your puter, they can't open anything as such.

However, assuming you run winblows, some ports will be opened by the system. If you're a malicious bastard, you might scan ip's looking for these ports, noting when you receive an answer. If we assume that noone has got a trojan running on your puter, there's basically two things they can do: 1) scan your puter and then act on the info or 2) assume that whatever they send will get thru to something and just transmit. #2 is rather unlikely, unless someone dislikes you and just decides to throw shit at you. #1 is much more likely, since some people scan ip ranges just looking for open holes. Best way to tackle #1 is hiding your open ports, using a port blocker or a firewall. If someone scanning receives no reply there wont be further traffic - it would be a waste of time for her.

Fake
Posted on 2003-03-17 03:04:09 by Fake51
"Noone can open ports on your puter from the outside" Thanks Fake51 "#2 is rather unlikely, unless someone dislikes" That made my day because i have been feeling loozzy at times lately when i post or try to answer questions. My input that many can live with out :( :( :( but i still love trying...

These are the kind of things that i am hoping to hear. By being a lightweight ASM progrmmer i always have feared being
on the web. Not here but other places. It would be a faith worst than death if someone got even the simplest asm file
off my drive while i surf the web. I really think i did some great things all because of tutes :)

I am not a web programmer so i need to hear some of the GOOD thing or bad things so i can learn to relax and not be
so afraid to go from here to THERE.

As of this moment it sound like even the personal computer has SOME true power of protection based on common physic.
As long as no one on the web cannot get a copy of any file off my computer if treat my computer right that is great. I don't REALLY care if someone delete or destory something on my computer ,,,, just as long as they don't see my LOVE LETTERS :)

But i hear that this is true that when using IE someone who know how can see anything on your desktop if something is open.

I don't thing they can stroll down the whole 10 page doc for example...... but they can see the FULL page that is on the screen and get a FULL copy of that.

Is this still true or was it ever true. Do anyone hear or read about that. I think that was IE 5.5 holes in the program a while back.

Thanks alot
Posted on 2003-03-18 23:30:25 by cmax
There have been a lot of holes in IE, and some of those would allow a person with malicious intent to grab files off your puter. You needn't worry bout your asm files, however, since the person would have to know what he was looking for. Hardly anyone who didn't know you would be grabbing at .asm files. Other holes in IE have allowed a person to run code on the box, meaning trojan infection. In general, stay away from IE, use another browser with less security holes. I haven't heard of any probs with phoenix yet.

Fake
Posted on 2003-03-19 02:43:59 by Fake51
That's is what i am trying to find out. But where do they inject the code. My guest now is inside the web page. I already know they can put anything inside a bad downloaded zip file. Now my final question one again is where are the likely places that a hacker would attack... I mean what folders would he have to inject the trojan in or other hacking type code.

There must be a place to start my guest now is in the Temporary Internet Files folder, or the Cache folder for Netscape
or Opera... I'm more interested in IE because the Temporary Internet Files folder is connected to the whole Windows
system...Recent, Temp, Downloaded Program Files, Application Data, Cookies, History, and the worse of all i think Local
Settings. I bet they all under the same interface, i mean well conected, "one all and all for one". Do you think this is true...

So if they can do stuff like malformed url attacks, DOS attacks, trojan infection (all 3 i know nothing about) and who knows what else they came up with.....

Out of all the folders i listed which one is attacker starting point just to get in and where do he have to end up at to get his shitty code running. or do they just put it dead in our system memory the second a web page show up or whatever.

And why should we put so much trust in a firewall when everybody knows that a pro hacker can just walk right though it. I saw a guy on 60 Minutes last year on TV and he was laughing at how easy it was for him to hack anyone computer while on line....So they got have a start point to get to where they trying go.
Posted on 2003-03-19 04:11:13 by cmax
Almost all of the security flaws found in IE were in either the Java virtual machine, or the scripting engine. All of the E-Mail worms use these flaws. Both can be disabled. I also believe there were some issues with ActiveX controls, but this too can be disabled. And they really aren't much of an issue as long as you don't go wandering around the dark alleys of the web; they depend on you visiting a site that hosts evil scripts / java (unless the traffic is altered during transmission, but because TCP/IP is packet based that's very hard to do). Of course a webserver's security can be hacked, but this is not often used to attack client PC's (SQL slammer being a recent exception).

Another popular way of attacking a PC is through buffer overflows. Basically, a program (like IE) copies more data than a specific buffer can hold. When this buffer is on the stack, the data can overwrite the return address, and thus allow evil code embedded in the data in the buffer to be executed. This isn't very usable for sending more complex pieces of code (trojan etc.), so the code contained in the buffer usually just downloads and executes another program. This is very hard to stop since the code basically can do whatever a normal program could do. The simple ones (most of them) download the main executable to a directory everyone has, like C:\, C:\windows\, C:\Windows\system etc.
You can't really stop this, except by installing the latest security patches for IE, Office etc.

Also, Windows runs many network services by default or by misconfiguration that can allow people to access your PC. For example, make sure NetBIOS isn't accepting connections from the internet. To block these kind of things, as well as most trojans, you really need to install a firewall. A firewall is a very powerfull tool, since it blocks access to everything but things you want. In that case a hacker could only send data to your browser (which would refuse a connection since it didn't ask for it) and your E-Mail client / messenger (ditto).

After reading your post more carefully, here is a description of a "port". Imagine your computer is a large company building, and each office has a number. This is the port number. When a courier comes to the reception area of the building (the firewall), they will send him back if:
- He has an appointment for an empty office (no program using that port, this also happens without a firewall)
- The management has instructed them not to let him through (you blocked his IP)
- That office isn't open to people from outside the company (You blocked the port, or more accurately didn't unblock it)
- They know the person in the office isn't expecting anyone (program isn't listening for connections)

Now you see why a firewall is so important. Now a visitor will only be allowed to visit offices where people work that you can trust, and not any employee that decides to let him in. These people are usually from well-respected famillies (Microsoft, Netscape) and have stable lives (well tested, not version 1.0).
Posted on 2003-03-19 09:29:14 by Qweerdy
I just hear this morning on the new that Window 2000 and the IE they founded a new bug... They said that hackers can going dead up in your machine as scan your drive and tranfer anything he want to his machine.... M$ got a patch for it. Thanks Qweerdy , now im going to go and read this very carefully once again it makes a lot of since. One Perfect Tute
Posted on 2003-03-20 06:17:02 by cmax
Don't forget that the majority of the bugs that are found relate to the typical user: the IE bugs more or less all pose a problem if you are surfing the net. They have nothing to do with you running a server. So just because they found a new bug in win2k, you don't necessarily have to get sweating.

What should concern you is not malicious scripts on some other persons computer. They only affect you when you visit that site. So running a server does NOT leave you vulnerable to IE bugs (the majority of them) since that's a different ballgame.

Fake
Posted on 2003-03-20 07:03:57 by Fake51