Error - template LAYOUT-DATA-WRAPPER not found

A configuration error was detected in the CGI script; the LAYOUT-DATA-WRAPPER template could not be found.

Error - template STYLE-SHEET not found

A configuration error was detected in the CGI script; the STYLE-SHEET template could not be found.

Error - template SUB-TOP-BANNER not found

A configuration error was detected in the CGI script; the SUB-TOP-BANNER template could not be found.
Subject:
Re: Hacked...
From:
David Gillett <[log in to unmask]>
Reply To:
PCSOFT - Personal Computer software discussion list <[log in to unmask]>
Date:
Mon, 30 Nov 1998 10:56:27 -0800
Content-Type:
text/plain
Parts/Attachments:
text/plain (63 lines) 
On 29 Nov 98 at 15:16, Alan Bentley wrote:

> Hello......  Sorry for the lack of information. This is what I know bout
> his system.
>
>                 Windows 95
>                 An Internet server
>                 No network involved
>                 TCP/IP

  An Internet server needs to be connected about 24 hours a day, 7
days a week, on a static IP address.  This makes it an easy target.
Win95 is not a sufficiently secure platform for this without AT LEAST
the addition of a firewall.

> He has been posted by an unknown person several times while using
> ICQ. This happens in the message box that he is typing in.  The
> intruder starts typing into the same window at the same time.

  Even if he was on an intermittent connection with a dynamic IP
address, ICQ would blow his cover by announcing "I'm connected now,
at this IP"....

> He has a program that detects Back Orifice installed on his
> computer.  This has alerted him several times and has given him the
> message that B.O. was detected and deleted.  Yet the intruder
> persists.

  Back Orifice is apparently pretty good at hiding itself; I've heard
reports that NO program yet achieves 100% detection and elimination
of it.

> He also has the box in ICQ checked that says "do not allow others
> to see my IP address".

  NetBus, similar in concept to Back Orifice (but works on NT as well
as 9x...) comes with a "utility" to obtain such addresses from ICQ
even if the box is checked.

> Would be very interested in ways to track the intruder down.

  First things first:

1.  Install a firewall -- ISP may help with this.  Configure it to
only allow the traffic you know you need.

2.  Clean BO off the machine.  This is a case where a reformat and
clean install may be the only way to be sure.  Consider running NT
instead of 9x; NT makes it much easier to shut off stuff you don't
need.

3.  Most firewalls will produce a log of blocked traffic, which will
probably include the IP address of someone out there trying to talk
to Back Orifice on this server.  Or, more likely, of some other Win
9x server that they already have Back Orifice on and are using to
launch further attacks....

David G

             PCSOFT maintains many useful files for download
              on our web site - visit our download page at:
                     http://nospin.com/pc/files.html

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG Secured by F-Secure Anti-Virus CataList Email List Search Powered by LISTSERV