About 3-4 months ago I downloaded a security product called Internet ALERT from BONZI as I was already familiar with thier other products. Today was the 1st time the alarm kicked in(it is supposed to do this whenever an "intruder" is "attacking" your computer while you are on the web. It has never activated until today.I'm on TB2000 several times/day,everyday.The alarm went off when I tried to read the post below entitled "Hopi Elder Speaks". Is this just me, or could this post have security issues? Any of you lot have the technical ins ands outs of how this works? The IP address was209.233.14.98.Thanks

on de rock

-- Walter (on de rock@northrock.bm), December 18, 1999

Answers

Walter,
Someone posted using my name and address in the
thread "My ISP is down". It's the last post that
says "Thanks Michael". Just a warning to others.

-- spider (spider0@usa.net), December 18, 1999.

Walter,

According to the bonzi.com web site you can track down his ISP location (it even gives you a map.) You can also use the log data of the attack to complain to the ISP re: the attack.

Where is this guy's ISP located?

-- curious (curious@nowhere.net), December 18, 1999.

I'll see what I can see. "My" problem is spelled out here...

Interesting: I Just Got To Test The Greenspun Ping

http://18.24.3.72/bboard/q-and-a-fetch-msg.tcl?msg_id=0022a8

Diane

-- Diane J. Squire (sacredspaces@yahoo.com), December 18, 1999.

So what?

-- I Really (donotc@are.com), December 18, 1999.

Sorry Curious, I'm outta here for now. abut the same time you replied I just got hit again.As IT is not my specialty,I'm not stickin'around to find out what's going on.I'll check back later today or tomorrow. Adios! PS. Thanks spider, I had actually responded last night to the thread you mentioned! Later!

on de rock

-- Walter (on de rock@northrock.bm), December 18, 1999.

Walter,

I have a program called Jammer on my computer. The little alarm goes off once every hour or so. What is happening (probably) is that someone is running a port scanner on your computer. This doesn't necessarily mean that they are interested in you particularly. In fact these port scanner programs can run through tens of thousands of IP address in a matter of an hour or less.

Make sure you don't leave your terminal unattended, and if you notice someone trying to mess around in your C:\ drive then I suggest immediatley pulling out the phone cable to your modem.

Other wise download a version of the Jammer program that I mentioned, which automatically shuts down communications from the would be hacker, and sends a nasty message as well. You can even customize the message to read soemthing really profane!! :o)

I hope that helps. Good security is of utmost important these days. Take it from someone who been on the inside of OTHER people's computers using the same port scanner/cracking methods I just described.

You ought to do some some research on port security for your PC and maybe even look up some of the newer trojans and virii desgined to gain access to your network, like Back Orifice, and L0phtCrack 2.5.

-- (trying@to.be helpful), December 18, 1999.

To help you get started...

Output from ARIN WHOIS

Pacific Bell Internet Services,Inc. (NETBLK-PBI-NET-5) PBI-NET-5 209.232.0.0 - 209.233.255.255 RPC Financial Services, Inc. (NETBLK-SBCIS23211) SBCIS23211 209.233.14.96 - 209.233.14.103

Source: http://www.arin.net/whois/arinwhois.html

Or for regular DNS whois: http://www.internic-host.com/whois.htm

;)

Frank

-- Frank (chip@tarc.org), December 18, 1999.

trying@to.be helpful,

Where can we download Jammer software?

What would "someone trying to mess around in your C:\ drive" look like?

TIA

-- curious (curious@nowhere.net), December 18, 1999.

Um, try doing a search for any kind of "Jammer", and you'll probably come up with it. I'll see if I can find the web site after I post this message.

As far as knowing someone is messing around with your C:\ drive, well what does it look like when YOU mess around in your C:\ drive? If you get strange TELNET boxes popping up, or your regedit.exe suddenly is activated I'd be worried. I would imagine there are ways to do this kind of stuff without being noticed, but you'd really have to be a super-techo-communications-geek to know how.

Hang on a minute and I'll see if I can dig up a URL for Jammer.

-- (trying@to.help), December 18, 1999.

Walter,

I can't find anything on that thread that would cause a problem... other than typical trolls. And no one was using that ISP you referenced.

;-D

Diane

-- Diane J. Squire (sacredspaces@yahoo.com), December 18, 1999.

Okay, this versin of Jammer will prtect against NetBus, Back Orifice 1x and BO2K.

Here is the URL:

http://shareware.netscape.com/computing/shareware/software_title.tmpl? p=PC&category_id=37&subcategory_id=49&id=66580

(I'm sorry about that. I don't actually know how to hotlink without my CoffeeCup html editor which isn't installed on this PC. I'm so embarassed..)

My version is shareware, meaning you have to send them 10$ at the end of thirty days to get the code to reactivate the software. But I *think* this is a link to the free version.

There are other version of "Jammer" than can disable windows until a correct password is entered. You might want to look into something like that if you work in an office that you suspect contains some people that would want to get into your PC.

-- (trying@to.help), December 18, 1999.

Jammer at Netscape Shareware

-- spider (spider0@usa.net), December 18, 1999.

trying@to.be helpful,

I did a search before posting using two different search engines and different search parameters. Of course I came up with a gazillion search hits. The WWW is a big place and gets bigger by the second. Without detail re: the company or site your looking for it can literally take hours to find the right url.

Any more details re: Jammer appreciated if you can't locate the site in your own search.

-- curious (curious@nowhere.net), December 18, 1999.

This is definatley the right URL:

http://shareware.netscape.com/computing/shareware/download.tmpl? p=PC&category_id=37&subcategory_id=49&id=66580

-- (trying@to.help), December 18, 1999.

trying to help, i went to that URL; it came up with most of the screen blank and a Netscape directory on the bottom of the page. ??

-- sarah (sarahlyao@aol.com), December 18, 1999.

Just installed Jammer. It said that is was
free but it is a 30 day demo.

-- spider (spider0@usa.net), December 18, 1999.

Pacific Bell Internet Services,Inc. (NETBLK-PBI-NET-5) PBI-NET-5 209.232.0.0 - 209.233.255.255 RPC Financial Services, Inc. (NETBLK-SBCIS23211) SBCIS23211 209.233.14.96 - 209.233.14.103

From their website at :RPC Financial Services, Inc.

Company Profile

RPC Financial Services was founded in 1989 as a financial services consulting firm, specializing in providing property tax appeal representation to California property owners and creative lease financing packages for equipment acquisition.

I wonder why they would be running a port scanner on someone's computer?

-- (RUOK@yesiam.com), December 18, 1999.

Hold on a sec RUOK, before you go making allegations like that.

It could very well be just some bored person who downloaded some warez and decided to give it a go. It's probalby just a coincidence that this person worked (?) at the company you made reference to.

And another point, I said that it was probably a port scanner. Like I said my little alarm goes off once every hour or so. I even had a person in Sweden run a port scan on my computer.

But there are programs that automatically try to hack you when you click on a web page. Some of you might even know that you get a virus just from going to a foreign site. I REALLY doubt this is the case for that thread that walter was having problems with. More than likely it was just a coincidence that he got that alarm the moment he clicked on that thread link.

-- (trying@to.help), December 18, 1999.

Oh yeah, and Sarah, just keep trying to get to that page. I was having the same trouble when I tested the URL I gave and I'm sure if you just keep tring to get there you will. Otherwise if for some reason your ISP just isn't loading it properly then you might want to just try a search for Jammer on dogpile, or some such search engine. You'll find a good download link eventually.

Good Luck! Happy Security Planning!

-- (trying@to.help), December 18, 1999.

I'm having difficulty accessing the Jammersoft site as well. I've tried it through the link and url on the thread as well as here:

http://davecentral.com/8568.html

which gives a link to Jammer 1.95

-- curious (curious@nowhere.net), December 18, 1999.

I'm overwelmed! That's what I love about this forum,the wealth of knowlege and the sharing of same. Thanks to all,this will keep me occupied for awhile.I do believe that it was a coincidence that the alarm sounded when I hit that post.Now that I know where it came from,I do not believe it was random, however. Many, many thanks, I'm your typical management type, I guess, that appreciates the wonders of technology, but could use an education into the wokings of it. All the best, enjoy your weekend!

on de rock

-- Walter (on de rock@northrock.bm), December 18, 1999.

I suspect that PacBell is the ISP, and the IP that raised the flags is from one of their subscribers.

-- (wildassguesses@are.us), December 18, 1999.

wildassguesses, (lol)

That is what I was trying to say. Just because PacBell maintains that certain block of IP addresses doesn't mean they had anything to do with the behavior of the users. No more than AOL had anything to do with the kid who got arrested (while using AOL as an ISP) for making terrorist threats to Columbine just the other day.

-- (trying@to.help), December 18, 1999.

hey Tryin To Help --- can you indentify the packets sent with Jammer? If it's similar to NOBO, it can also act like a server. Do you get any HTTP enable packets? Had some friends check out my computer remotely cause I was having ALOT of activity awhile back, and they were able to GET in. They found no evidence of a trojan, but we realized that NOBO was letting them in.

If you're getting more than a port scanner pinging you, you got trubbles.

-- farf (madeupguy@hotmail.com), December 18, 1999.

I don't know about identifying packets that are being sent, but I know you can route the packets in a certain way to avoid the Ping of Death. You may be able to route them in such a way to verify identity but if there is a method it is unbeknownst to me. I know that there is also a site on the web somehere that will scan your ports and look for open doors. I don't know the address for that service off hand but it's definatley something worth looking into if you're security concious.

-- (trying@to. help), December 18, 1999.

To get your ports scanned go here: Scroll down to Probe my Ports> Don't have to mess with their shareware to do it.

-- farf (madeupguy@hotmail.com), December 18, 1999.

Farf & tryingtohelp: That site is called "shields Up",but sorry, don't remember it's URL..........and thanks again for all the interest shown here today.

on de rock

-- Walter (on de rock@northrock.bm), December 18, 1999.

I think some of our Pollyanamous enemies out there are doing a bit of creative hacking and jamming on this forum that started late last night. I saw a thread yesterday posted by one of them (since deleted) that said he was going to have a whole team here by today. The response from the server has been erratic to say the least. Sometimes it is very slow, and many times it just doesn't load the threads at all, and then other times they just pop right up. Somebody is up to no good and we need to trace to the ISP of the origin of these attacks and get them shut down.

-- Hawk (flyin@high.again), December 18, 1999.

Good afternoon Hawk! I think you are so right.It's been screwy all day and I was starting to think it was just me.Another thing...Has anyone else had the experience of going back to an older thread(towards the bottom, but still posted) and been greeted with a musical background score? Today was not the first time this has happened. Just annoying, that's all.

on de rock

-- Walter (on de rock@northrock.bm), December 18, 1999.

Crazylady,

I never said you were involved did I?

Someone did make a threat yesterday, and it appears they are making good, although it doesn't seem to be too destructive. I hope the sysops have a record of that post yesterday and they can find the culprits.

-- Hawk (flyin@high.again), December 18, 1999.

I'm sorry, Walter, that your problems surfaced while reading my post. I've been semi-regular contributor here for years and have never had nor caused a problem. That Hopi Elder post was copied from an e-mail from an old friend and pasted here, much as I've done many times before.

If nothing else, I'm glad it served as a springboard for this discussion on security.

Let's all be careful out there.

-- (First=Last@last=.first), December 18, 1999.