Denial
of Service (DoS)
It is
your duty to protect your computer (for all our sake)
Do you know what your
computer was doing last night or did you allow your computer to play on the
internet with no firewall or no antivirus. If you allowed your
computer to play out without any protection then it may well have been
involved in a Denial of Service attack (DoS). Your computer can't
think for itself and if someone tells it to do something then it will
blindly follow orders, break into internet banking sites, give your credit
card details or even take down parts of the internet. It's
time to protect yourself and others.
After following a link that Shoarthing sent me I came to the conclusion that anyone who goes on the internet has a duty to protect their computer from the hackers, with a suitable firewall and an upto date virus/trojan checker. It's no use just having them you must use them!
Why should you protect your computer? It is your computer, and you should have the right to to decide what security measures you take.
I'm afraid things just aint that simple. YOUR computer could be used to take complete networks down and as more and more of us get high speed internet, always on
connections, it becomes more important to protect your computer so that it can't be used to deny other peoples use of the internet.
It took a 13 year old
kid, armed with a piece of software, available on the net, to take down
Steve Gibson's (the security guru) website GRC.com
and there was little he could do about it.
It all started on the evening of
the 15th of May and continued for several days. For the full story goto "The
strange tale of the Denial of Service attacks against GRC.com".
It can be heavy reading but well worth the effort and time. You may
also like to read the "open
letter to the internet hackers". It is not complete yet but
it will give you an idea of the way things are going and will continue to go
unless everyone who accesses the internet protects themselves.
So you don't want, or
can't afford to buy a firewall or antivirus software. Don't worry, you
will be pleased to know that the best firewall and a very good antivirus is
free of charge. Go here for the
firewall (ZoneAlarm) and here for the
antivirus (AVG).
Steve Gibson took a look
at ZoneAlarm and BlackIce defender to find out which would protect your
computer, and sites like his, the best. Below is what he wrote;
Personal Firewalls and IRC Zombie/Bot
Intrusions
ZoneAlarm v2.6
(Free) —
The last of my testing was to see whether the
firewall I keep telling everyone to use: ZoneAlarm — either FREE or
Pro — would be effective in stopping the IRC Zombie/Bot and the Sub7
Servers that had taken up residence in my poor "Sitting Duck"
laptop.
I downloaded the current, completely free,
version of ZoneAlarm 2.6 from the ZoneLabs web site and installed it on the
"Sitting Duck" laptop. Upon restarting the machine I was gratified
to receive immediate notification that the Zombie/Bot was attempting to make
an outbound connection to its IRC chat server.
Meanwhile, the Sub7 Trojan was sitting
quietly waiting for someone to connect to it. So I used another machine to
"Telnet" to the port the Sub7Server Trojan was listening on. Up
popped ZoneAlarm asking whether the nonsense-looking random character name
the Sub7Server had chosen for itself should be allowed to accept a
connection from the Internet.
Perfect performance from ZoneAlarm.
Then I had a thought: What would Network
ICE's BlackICE Defender do under the same circumstances?
BlackICE Defender v2.5
($39.95) —
I did not have a current copy of BlackICE
Defender around, but I felt that this was an important test. So I laid out
$39.95 through Network ICE's connection to the Digital River eCommerce
retailer and purchased the latest version (v2.5) of BlackICE Defender hot
off the Internet. I had already removed all traces of ZoneAlarm and
restarted the machine, so I installed BlackICE Defender, let everything
settle down, and restarted the machine with my packet sniffer running on an
adjacent PC.
As far as I could tell, BlackICE Defender
had ABSOLUTELY NO EFFECT WHATSOEVER on the dialogs being held by the
Zombies and Trojans running inside the poor "Sitting Duck" laptop.
I knew that BlackICE Defender was a lame personal firewall, but this even
surprised me.
The Zombie/Bot happily connected without a
hitch to its IRC chat server to await further instructions. The Sub7 Trojan
sent off its eMail containing the machine's IP and the port where it was
listening. Then it connected and logged itself into the Sub7 IRC server,
repeating the disclosure of the machine's IP address and awaiting port
number. No alerts were raised, nothing was flashing in the system tray. The
Trojans were not hampered and I received no indication that anything wrong
or dangerous was going on.
I took a lot of grief
after my LeakTest
utility cut right through BlackICE Defender. Network ICE told everyone
that LeakTest was "being allowed through" because it was a
completely benign Trojan. I knew that was a load of bull (and they must have
too), but it didn't really matter to me, and I had no affirmative means of
proving otherwise.
Well . . . I have that now, and so do you.
I performed one final test: As I had
with ZoneAlarm, I attempted to connect to the Sub7Server Trojan running
inside the "Sitting Duck" machine on the IP and listening port
number the Trojan was advertising all over the Internet . . .
and it worked perfectly. I received Sub7's "PWD" prompt asking me
to login.
Anyone want an "only used
once"
copy of BlackICE Defender?
I certainly have no use for it.
To
anyone who is still stubborn enough to insist that BlackICE
Defender is actually good for something: PLEASE do not
write to me. I don't want to hear it. I'm a scientist who
will not find your mystic beliefs to be compelling. I
respect your right to your own opinions, no matter how
blatantly they fly in the face of logic and reality. That
is, after all, the nature of faith. Happy computing. I
suggest prayer.
|
|
Windows 2000 and Windows XP
The
machines which attacked Steve were all security compromised windows based
machines. Thankfully Microsoft has not implemented the full Unix socket
specifications in windows 95,98,NT or ME, but now, for some inexplicable
reason, MS have implemented the full Unix socket specifications in Windows
2000 and the future release of Windows XP.
It is
impossible for any machine running Windows 95,98,NT or ME to generate
malicious TCP packets or even spoof its source IP.
Forging the IP address of an attacking machine (spoofing) is such a trivial
thing to do under any of the various UNIX-like operating systems, and it is
so effective in hiding the attacking machines, that no hacker would pass up
the opportunity if it were available. Windows 2000 and
Windows XP have this capability.
Please Remember;
the reason Burning
Issues was formed was due to a security problem at a forum that all the
administrators used to post heavily at. It was quite a shock, to us
all, that our computers were being hacked. Most of us knew very little
about security, at that time, but you can bet your bottom dollar we soon
learnt. Securing a computer completely is difficult, virtually
impossible with windows 95/98, but the basics are easy. The basics
will keep most of the kids away.
We will bring you more
on security in the near future, meantime, if you want to learn how to keep
safe on the net, a good place to start is our own Forum
and GRC.com
We
learnt, so can you and so must you!
|