Jump to content

Recommended Posts

Posted
My computer got attacked by a person several times.

DCOM Exploit attack

from 61.238.114.208:135

What should I do?:"

 

Do an IP trace, find their ISP and contact them.

Otherwise report them to your ISP and have them do a speicalist trace and bloc kit at the source :)

Do you have a good firewall? A good firewall block these types of attacks. What oen do you use?

 

Not the only methods but those are the most legal other thna hakcing the person back yourself. (I don't reccomend it by the way)

 

Cheers,

 

Ryan Jones

Posted

I use avast.

I hope it has a good firewall.

By the way, I don't think I will contact my local provider as I think it is too inconvenient.

Thanks for your information

Posted
I use avast.

I hope it has a good firewall.

By the way' date=' I don't think I will contact my local provider as I think it is too inconvenient.

Thanks for your information[/quote']

 

Did the hack actually succeed? I use a modified version of Zonealarm, you should try it too as it is quite effective!

 

Cheers,

 

Ryan Jones

Posted

Port 135 is an inherent exploit in Windows. Your guy probably didn't do anything, at all, but was checking to see if any DCOM-related services were exploitable.

 

Btw the guy's probably from hong kong. I wouldn't bother because your computer could have said that for a number of reasons but you can run whois IP to get the abuse email.

Posted

Err, Avast is an AV (anti virus) only... there is no firewall in Avast. Do you mean Avast32? That is a firewall made by the same people that make Avast (a company called Alwil).

 

If not then you wanna get something like ZA (zone alarm) or if you want to pay I like the Symantec Norton Firewall.

 

And there was a major DCOM exploit discovered, but that was a long time back now and patches have been made ages ago now. Run Windows Updates and instal all Critical Updates just in case you have not got the update.

Posted
Err' date=' Avast is an AV (anti virus) only... there is no firewall in Avast. Do you mean Avast32? That is a firewall made by the same people that make Avast (a company called Alwil).

 

If not then you wanna get something like ZA (zone alarm) or if you want to pay I like the Symantec Norton Firewall.

 

And there was a major DCOM exploit discovered, but that was a long time back now and patches have been made ages ago now. Run Windows Updates and instal all Critical Updates just in case you have not got the update.[/quote']

 

I presonally use A modified version of Zone Alarm so I cna tell you its one of the best ones out there, Symantec Norton Firewall is another one that is actually ptobably better again.

 

A good firewall is a must today, without one you are basiclaly asking to get hacked :-(

 

Cheers,

 

Ryan Jones

Posted

Agreed.

 

One simplistic way to look at it is:

 

No firewall = you're hacked

 

Windows or hardware firewall only = You might stop some script kiddies but otherwise you're quite vulnerable.

 

Respectable software firewall (ZA or Norton) = That's as good as you are gonna get, not even the FBI can stop every single determined and proffesional hacker, but you are doing your best and it is enough.

Posted
That's as good as you are gonna get, not even the FBI can stop every single determined and proffesional hacker, but you are doing your best and it is enough.

 

True, even they use something simmilar to a Zone Alarm Notron intergrated complex although they added and cahnged a few thing sbut the idea of a Firewall is the same so the code is baiscally the same.

Everyone things government agencies use these hi-tech advanced software which they do but thwn it comes down to a firewall you can only do so much so the codes we have and the codes they have are basically the same!

 

Cheers,

 

Ryan Jones

Posted
Agreed.

 

One simplistic way to look at it is:

 

No firewall = you're hacked

 

Windows or hardware firewall only = You might stop some script kiddies but otherwise you're quite vulnerable.

 

Respectable software firewall (ZA or Norton) = That's as good as you are gonna get' date=' not even the FBI can stop every single determined and proffesional hacker, but you are doing your best and it is enough.[/quote']

 

 

I'm pretty sure a dedicated hardware firewall, if configured correctly, is going to be superior to a software firewall.

Posted
I'm pretty sure a dedicated hardware firewall, if configured correctly, is going to be superior to a software firewall.

 

You'd be wrong, hardware firewalls are not afs effective nor flexible as a firewall, thats why most people have a software firewall on the computer rather than a hardware one over the router.

 

There are ways in which the hardware one is better but for the most part a software one if much better.

 

Cheers,

 

Ryan Jones

Posted

Zone alarms and Nortan kind of take over your system. I have a windows computer over there that works pretty fine (just reformated) but it's always complaining about one thing or another. When I installed SP2, for example, McAfeee stoped working right and blamed Nortan for it's problems! The irony is that XP did something to screw it up.

 

Everything in windows just gets jammed and jumbled in there. I always like to think that the developers just started typing with out any framwork until they got it aranged in the only possible way it could work. On the spot, "It works! Don't tough anything; you're shjipping it exactally like this!" Hardware is much more convinient if you don't mind web bassed configurations but routers only block requests from the Internet and nothing else. This works well but the problem is that a router cant block applications and calls from the computer like a firewall does.

Posted
The irony is that XP did something to screw it up.

 

Don't worry I already HATE XP... its a useless pile of junk if you ask me.

 

Everything in windows just gets jammed and jumbled in there. I always like to think that the developers just started typing with out any framwork until they got it aranged in the only possible way it could work. On the spot' date=' "It works! Don't tough anything; you're shjipping it exactally like this!" Hardware is much more convinient if you don't mind web bassed configurations but routers only block [i']requests[/i] from the Internet and nothing else. This works well but the problem is that a router cant block applications and calls from the computer like a firewall does.

 

You have a point there, firewalls cna be hard to maintain and configure though I can say on my OS and on this computer I have never had any probelms with the modified version of Zone Alarm :)

 

Cheers,

 

Ryan Jones

Posted
did you modify it your self?

 

Yes I did.

 

Its not that big of a modifcation but it adds something that I felt it was lacking and fixed some security holes too.

 

Cheers,

 

Ryan Jones

Posted
RyanJ what mod did you make to ZA?

 

One of the thigns I did was change the way it scanns the ports for rogue information, this was not difficult to do but it significantly sped up the process and also it improved its funcitonality, In have submitted this modification to the good people at Zone Labs and maybe one day it will be intergrated fully :)

The method I used was a bit too complicated to go into here (And I'm not giving away all my secrets ;)) but it basiclaly makes it more efficient by using a single dimensional array to store the ports scanned and are being scanned rather than an inefficient multiple array system it currently uses.

 

Another thing I did was alter the code so that instead of just scanning the content of the page as it normally does it now intergrates with my virus scanner (Which ZA does not nativley support, this was a hell of a job to fix) and scans the pages with that as it gos along too. This lead to a slight decrease in overall efficency but it was minimal for what I got back :)

 

Cheers,

 

Ryan Joens

Posted

So in theory if ZA decided to release an update which altered one of the things you've moded it would either screw it up or just rewrite your coding.

 

Bare that in mind... it's an annoying thing I came across when modding winXP and then getting an update for a moded part.

 

Someone I know had this issue. The update didn't fully rewrite the coding, probably just added a line or something, the problem was that it was adding a line into the moded coding and not the original coding it should be edited into. Net effect was a screwed up winXP! You know, stick some code into where it isn't meant to be and it won't work kinda thing.

Posted
So in theory if ZA decided to release an update which altered one of the things you've moded it would either screw it up or just rewrite your coding.

 

Bare that in mind... it's an annoying thing I came across when modding winXP and then getting an update for a moded part.

 

Someone I know had this issue. The update didn't fully rewrite the coding' date=' probably just added a line or something, the problem was that it was adding a line into the moded coding and not the original coding it should be edited into. Net effect was a screwed up winXP! You know, stick some code into where it isn't meant to be and it won't work kinda thing.[/quote']

 

Thats always a problem but fortunatly I can get access to the modified codes in advance so I can try and anticipate any probematic changes before they happen, not always the case but I try me best :D

 

Cheers,

 

Ryan Jones

  • 2 weeks later...
Posted

Sorry, but here's a bit of problem. ;x The guy could have been running an IP spoofer. I know some that run 20-120 dollars, and you can use them to change your IP on the internet. (Or at least mask it.) One way to know if you've been hacked is this. On XP, go to Start<Run<then type Command, and then type Net Statistics Server. Now, look at "Sessions Accepted" If it says "1" you should be okay. If it says 2 or more "OMG U GOT H4X0R3D". (Or at least your PC was.) Seriously, it should only say 1. Everything else should probably be 0. (there are exceptions to this, but it does help.)

Posted
Sorry, but here's a bit of problem. ;x The guy could have been running an IP spoofer. I know some that run 20-120 dollars, and you can use them to change your IP on the internet. (Or at least mask it.) One way to know if you've been hacked is this. On XP, go to Start<Run<then type Command, and then type Net Statistics Server. Now, look at "Sessions Accepted" If it says "1" you should be okay. If it says 2 or more "OMG U GOT H4X0R3D". (Or at least your PC was.) Seriously, it should only say 1. Everything else should probably be 0. (there are exceptions to this, but it does help.)

My computer is in this superb condition.

One 1, all other 0

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.