Who's making it and how?

[Tampa survivor]

Be careful with that link on DARPA.  I run a beastly computer with XP professional, a decent firewall, a few other nifty programs and  and that site attacked me when I started digging around on the personel page.  First it tried to run an active acrobat program, which is rare and rich according to a hacker or two I know.  That exploit has not been utilized elsewhere to my knowledge.  
Then my sys locked up for two minutes(which NEVER happens to this puter) and low and behold, as I danced the ctrl/alt/del dance, nothing would bring it back.  I finally got the taskmanager up, and low and behold, I was running a new AP from darpa on my machine.  LOVELY SHIT.
BEWARE.  These people are REAL, and they are crawling into your sys too!!
Bill

[Froderik]

One question: What do you know about this "active acrobat program?" What sort of file ends up running itself on your machine? a pdf file? I guess we definitely need to use a firewall when browsing this site, eh?

If you haven't yet, you should try using the Tiny Personal Firewall (free download)

http://www.pcworld.com/downloads/file_d ... 051,00.asp

(This link will have to be highlighted and pasted)

[ This Message was edited by: AlexL on 2002-11-22 10:02 ]

[Tampa survivor]

When I clicked a link , it started to open Acrobat reader, which failed.  I use it all the time, newer version, doesn't fail for me.  Next, I got a fail to initialize properly type windows message, followed by lockup/sys busy.  With 1 gig + AMD, I rarely get "busy" problems, but my browser wouldnt close, taskman wouldnt open, and my network traffic monitor hit the roof and stayed there, hard drive whirring away.
This kinda shit makes me nervous.
I had taskmon showing a "pdf file /Acrobat" running, but no window open or minimized.  Strange. NO installed new program or searchable new files.
I run with act X & scripting off/java off and cookies off. Was using msie 5.whatever.  Any geeks have a clue. Clay?? You're a sys guy. Anybody?
Bill

[gagesteele]

Huh.  Well.  The site simply wouldn't load anything beyond the index, here.  I tried to access all of the items in the left menu, but the buttons kept disappearing as I clicked down the list, and browser behaved as though no action had been performed.  Taskman showed no subversive launches; firewall had nothing to say to me; no record of any mischief logged; no system or browser freezes or hangs.

Win XP Pro
IE 6 [most options "prompt me"]
NPF 2002 [moderately paranoid and chatty about it]
Panicware Pop-up Stopper [enabled]


Dunno what to tell you, guys.  Something I've got set must be keeping whatever it is they're doing totally at bay.  Score one for the home team, I guess.

Sara
Amity School Founding Class, 1988

[ClayL]

Went to the DARPA Site and everything loaded fine. I think becasue you have cookies turned off and/or java disabled is the reason it failed. Seeing is this is a DOD site I would suspect they are doing IP address logging. I'm coming at things through a Cisco PIX Firewall so I don't really worry to much about port scans and such. I'm completely stealthed. When running a port scan my ports don't even report they exist. Black Ice does this also and is one of the best personal security products out there.

CL

[Froderik]

Clay, Do you know if a firewall such as TPF* is able to conceal ports at all? (Not all of us can afford to go out and buy the best.) And I'm just curious, is a 'port scan' something that can be done from the average workstation? Or just from a router?

*Tiny Personal Firewall

Thanks, FR13

[gagesteele]

Clay:  Might be JAVA, though it didn't prompt me.  Cookies were actually on at the time because I'd been fiddling at neopets.  Yes, neopets.  :razz:

Alex:  I don't think Tiny is made anymore, is it?  Seems to me I heard that a while back.  I don't know much about it anyway.  Sygate and ZoneAlarm both have free versions, and they aren't terrible.  Still, a fair lot of their stealthy stuff is only available in the "pro" versions.  You could give them a whirl; can't hurt to try.  Or, if you're into that sort of thing, there's always Kazaa.

Learn more about port scans:  Tech Target

Sara
Amity School Founding Class, 1988

[edited: that long url wouldn't post properly.]

[ This Message was edited by: gagesteele on 2002-11-25 11:22 ]

[Froderik]

This is the site where one could download a free version of TPF. I haven't tried those others yet, maybe I will. I didn't think to check techtarget...doh!...If you use Kazaa, you might want to install Ad-Aware...LOL

[ This Message was edited by: AlexL on 2002-11-25 11:39 ]

[Tampa survivor]

Hey Clay, I turned all my microsquish scripty crap on, and the darpa site is okay.  
I run BI defender (have for a year or two) and agree it works well for the price.  I just wish I had Clear Ice to go with it...
Who knows what happened.  This machine has never locked up since I pulled my Linux/win98/Xp menegerie and just run XP now. I guess life is good now.  
Bill.

[ClayL]

Yes a port scan can be run from any PC. There are scripts that are redily available that run all the most common hacker attack features. Some that run some of the more complex hacker utilities. Beware, port scans are readily detectable and the better intrusion detection systems can and will track you down and put the smack-down on you.... I don't know about you, but I like a good night's sleep without the company of the FBI.

I may be mistaken, but I think there is a personal version of black ice that is inexpensive. There is also a trial version.

I really hate the microsquash stuff because you can't really tell what it is doing in the background. Heck, the stuff could be passing all my personal information and I'd have no idea. Mac and UNIX kick the shit out of microsquash.

CL

[hedwigfan]

This computer jargon is harder to understand than quantum physics!!

[Froderik]

Clay wrote:"Beware, port scans are readily detectable and the better intrusion detection systems..."

I was under the impression that the scan would be done on one's own machine...in order to see what activity is going on in & out...so that way you could see if there was anyone 'crawling up your butt' so to speak...as far as the FBI is concerned, why the hell should I have to worry about detecting intrusion on my own PC? You're telling me that they might have a PROBLEM WITH THAT?? Also, when you speak of the MS stuff, are you referring to Firewalls? Does MS make a firewall...duh, I don't know...Heard of NPF, TPF & now Black Ice, but what are you referring to? And have you ever used TPF? Please bear with me, Clay...I'm not yet a Network admin, just a lowly tech who sets up classrooms w/ A+ & NET+ Certs...

hedwigfan - please bear with us...we'll try (at least I will) to keep things simple & in layman's terms...

[Tampa survivor]

I think a puter safety thread is in order.  
Bill

[Anonymous]

Here, here!

AlexL (not logged in)

[Anonymous]

The guy (Steve Gibson) who original wrote the "adware" program and then later sold it to the ppl who have it now, is a great guy. His site is still up and he has a port sniffer, ready to sniff you out and let you know where you may be vulnerable.

https://grc.com/x/ne.dll?bh0bkyd2

I would have atarted a new topic, but I am just tooooooo lazy