Solve : Whack attack!?

1.	Solve : Whack attack!?
Answer» So, is it possible for an attacker to abuse/use your connection/inject into your PC even if it's off but the router is on and the cable is plugged into your NIC, working and transferring data from the internet? More specifically, inject into your PC and take control of it? I would think not, since it's off. What about abusing the connection itself? tip: no I'm not looking for ware-scanning solutions. It's just out of curiosity. =PThe fact that you have a router means nobody can initiate a connection from outside to in. When you go to a web site, you can receive that traffic because you requested it, and it is a response to an open socket. However, if someone from outside initiates an incoming transmission unsolicited, the firewall will drop it. This is unless you have a port forward setup.... but if you did have that, you would know about it. There is such thing as Wake on LAN to turn on a computer that is off over the network, although I have never seen anyone actually implement it. In short, noWell. 1) I have implemented Wake-on-LAN and it's censored* handy, especially when I'm bed with my laptop and I forgot to turn the PC on and need resources from it (there is a neat little WOL-GUI front end app; I even posted a blog about it). 2) YES I have ports forwarded. Can't someone portscan me and then just exploit those ports? 3) Is my Kaspersky firewall going to warn me when someone is trying to inject into a process/enter my computers?Why are people so bloody paranoid? No offense intended, of course. Quote 2) Yes I have ports forwarded. Can't someone portscan me and then just exploit those ports? I have a of ports forwarded myself. When I port scan my IP (from another off-site PC, of course), or perform one of the many online port scans it comes back with no response on every single port. A Connection with these ports can only be established if the PC that it was being forwarded to is listening to that port. it has to accept the connection. Otherwise the routers default behaviour, which is usually to completely ignore the attempt, kicks in. Quote 3) Is my Kaspersky firewall going to warn me when someone is trying to inject into a process/enter my computers? If it doesn't it's not as good as everybody seems to think (short answer: yes) Well Mr. BC-programmer, I'm the target of two HACKER groups. No, they are not noobs. One Dutch, one from the UK. They already compromised my e-mail accounts in the past, not to mention my PC. So yes, naturally I am paranoid. Not to mention there are a group of kiddies following me everyone on the internet googling my name and what I do and if I take a dump or what not and post it on a forum laughing about me. Yeah. You wouldn't want that to happen to you. If you haven't been hacked, sure, don't be paranoid. But once you are, then it's alarm time. How do I get in these situations? Let's just say I don't like society and make most people my enemy. Quote from: Treval on April 08, 2010, 01:10:12 PM Well Mr. BC-programmer, I'm the target of two hacker groups. No, they are not noobs. One Dutch, one from the UK. They already compromised my e-mail accounts in the past, not to mention my PC. So yes, naturally I am paranoid. Not to mention there are a group of kiddies following me everyone on the internet googling my name and what I do and if I take a dump or what not and post it on a forum laughing about me. Yeah. You wouldn't want that to happen to you. If you haven't been hacked, sure, don't be paranoid. But once you are, then it's alarm time. How do I get in these situations? Let's just say I don't like society and make most people my enemy. Well, I guess that makes more sense. I have a bunch of "hackers" who claim they are going to "grep" me, but given their complete misuse of the term grep I'm pretty certain they really have no idea what they're doing, hahaha. They did demonstrate their ability to grep a text file, which was somehow supposed to scare me. needless to say it provided me a SOURCE of amusement, not paranoia, heh. Quote from: BC_Programmer on April 08, 2010, 01:22:12 PM They did demonstrate their ability to grep a text file, which was somehow supposed to scare me. I had to chuckle at that Compare that to people who actually know how to write Byte hashes to exploit certain vulnerable open services and know more than a dozen different languages in mastery including: PHP, SQL, JavaScript, PERL, blablablabla ... server/client side whatever, you name it. They're just freaks.you're supposed to call it "Perl" even though it's an acronym. Otherwise Larry Wall will SLAP you. At least that's the legend. Quote Compare that to people who actually know how to write Byte hashes to exploit certain vulnerable open services and know more than a dozen different languages in mastery including: PHP, SQL, JavaScript, PERL, blablablabla ... server/client side whatever, you name it. They're just freaks. yah, I am aware of the the general expertise in this game, although I haven't attempted "hacking to learn", yet. Will get there, however. Maybe after another year of programming. Quote Otherwise Larry Wall will slap you. At least that's the legend. hee heeProgramming annoys the bananas out of me. I've been on it for 5,5 years now for 3 languages. It makes me go like this: Konane CS Quote It makes me go like this: Konane CS LOL, that was hilariousOmg, I loved the map de_dust. I can pwn so many noobs on it. Maybe today I can pwn enough noobs, that I raise my rank in the server, from 3 to 1, héé héé. lol.. That video is really, really old. Like, 6 years or something. Quote from: Treval on April 08, 2010, 07:50:04 PM Omg, I loved the map de_dust. I can pwn so many noobs on it. Maybe today I can pwn enough noobs, that I raise my rank in the server, from 3 to 1, héé héé. lol.. That video is really, really old. Like, 6 years or something. Well... only games I play online are quake 2 and Zdaemon. Only Played CounterStrike once. Needless to say rocket jumping rocket jumping doesn't work any better on that then it does on Crysis. At least the game is merciful and doesn't have quads.First of all maybe you shouldn't piss off the hackers so much? Second, don't be paranoid? Yes be paranoid! It's only the foolish thinks they are safe. Where there's a will there's a way. So long you have a active connection, there's a way in. You can pretty much just slow them down or make it hard enough they give up. Thrid, where there's Microsoft there's a hole of exploits. It's the most targeted and the easiest to find holes in. Keep your software, security and OS up-to-date as much as possible. Kaspersky Internet Security 2010 is quite good at Proactive Defense and will attempt to block network scans and attacks if setup correctly. Black Ice Anti-hacker is great to go on the revenge if you or your server is being attacked or DDOSed by reflecting it back, but only good for intrusion detection, FAILS as a complete firewall. Pro Hackers will go stealth and inject a keylogger, grabbing your passwords and personal details over and over. They don't do damage, they just watch and gather, use, hand out to others as dumps (these are the worst as then any idiot then can screw with you) or ignore. Kaspersky can detect most keyloggers, however they use a stuffer over the file to make it invisible to most anti-virus scanners. If they can't attack the computer, emails and other things are a lot easiler, depending on your password and details. The stupid secret word is the biggest security hole for email, leaving a easy backdoor. Instant Messagers like yahoo and msn are also major exploit holes.

Answer»

So,

is it possible for an attacker to abuse/use your connection/inject into your PC even if it's off but the router is on and the cable is plugged into your NIC, working and transferring data from the internet?
More specifically, inject into your PC and take control of it? I would think not, since it's off.
What about abusing the connection itself?

tip: no I'm not looking for *ware-scanning solutions. It's just out of curiosity. =PThe fact that you have a router means nobody can initiate a connection from outside to in. When you go to a web site, you can receive that traffic because you requested it, and it is a response to an open socket. However, if someone from outside initiates an incoming transmission unsolicited, the firewall will drop it. This is unless you have a port forward setup.... but if you did have that, you would know about it.

There is such thing as Wake on LAN to turn on a computer that is off over the network, although I have never seen anyone actually implement it.

In short, noWell.

1) I have implemented Wake-on-LAN and it's *censored* handy, especially when I'm bed with my laptop and I forgot to turn the PC on and need resources from it (there is a neat little WOL-GUI front end app; I even posted a blog about it).

2) YES I have ports forwarded. Can't someone portscan me and then just exploit those ports?

3) Is my Kaspersky firewall going to warn me when someone is trying to inject into a process/enter my computers?Why are people so bloody paranoid? No offense intended, of course.

Quote

2) Yes I have ports forwarded. Can't someone portscan me and then just exploit those ports?

I have a of ports forwarded myself.

When I port scan my IP (from another off-site PC, of course), or perform one of the many online port scans it comes back with no response on every single port.

A Connection with these ports can only be established if the PC that it was being forwarded to is listening to that port. it has to accept the connection. Otherwise the routers default behaviour, which is usually to completely ignore the attempt, kicks in.

Quote

3) Is my Kaspersky firewall going to warn me when someone is trying to inject into a process/enter my computers?

If it doesn't it's not as good as everybody seems to think (short answer: yes)
Well Mr. BC-programmer, I'm the target of two HACKER groups. No, they are not noobs. One Dutch, one from the UK.
They already compromised my e-mail accounts in the past, not to mention my PC.

So yes, naturally I am paranoid.
Not to mention there are a group of kiddies following me everyone on the internet googling my name and what I do and if I take a dump or what not and post it on a forum laughing about me.
Yeah. You wouldn't want that to happen to you.

If you haven't been hacked, sure, don't be paranoid.
But once you are, then it's alarm time.

How do I get in these situations?
Let's just say I don't like society and make most people my enemy.
Quote from: Treval on April 08, 2010, 01:10:12 PM

Well Mr. BC-programmer, I'm the target of two hacker groups. No, they are not noobs. One Dutch, one from the UK.
They already compromised my e-mail accounts in the past, not to mention my PC.

So yes, naturally I am paranoid.
Not to mention there are a group of kiddies following me everyone on the internet googling my name and what I do and if I take a dump or what not and post it on a forum laughing about me.
Yeah. You wouldn't want that to happen to you.

If you haven't been hacked, sure, don't be paranoid.
But once you are, then it's alarm time.

How do I get in these situations?
Let's just say I don't like society and make most people my enemy.

Well, I guess that makes more sense. I have a bunch of "hackers" who claim they are going to "grep" me, but given their complete misuse of the term grep I'm pretty certain they really have no idea what they're doing, hahaha. They did demonstrate their ability to grep a text file, which was somehow supposed to scare me. needless to say it provided me a SOURCE of amusement, not paranoia, heh.

Quote from: BC_Programmer on April 08, 2010, 01:22:12 PM

They did demonstrate their ability to grep a text file, which was somehow supposed to scare me.

I had to chuckle at that Compare that to people who actually know how to write Byte hashes to exploit certain vulnerable open services and know more than a dozen different languages in mastery including:

PHP, SQL, JavaScript, PERL, blablablabla ... server/client side whatever, you name it.
They're just freaks.you're supposed to call it "Perl" even though it's an acronym. Otherwise Larry Wall will SLAP you. At least that's the legend. Quote

Compare that to people who actually know how to write Byte hashes to exploit certain vulnerable open services and know more than a dozen different languages in mastery including:

PHP, SQL, JavaScript, PERL, blablablabla ... server/client side whatever, you name it.
They're just freaks.

yah, I am aware of the the general expertise in this game, although I haven't attempted "hacking to learn", yet. Will get there, however. Maybe after another year of programming.

Quote

Otherwise Larry Wall will slap you. At least that's the legend.

hee heeProgramming annoys the bananas out of me. I've been on it for 5,5 years now for 3 languages.
It makes me go like this:

Konane CS Quote

It makes me go like this:

Konane CS

LOL, that was hilariousOmg, I loved the map de_dust. I can pwn so many noobs on it. Maybe today I can pwn enough noobs, that I raise my rank in the server, from 3 to 1, héé héé.

lol..
That video is really, really old. Like, 6 years or something. Quote from: Treval on April 08, 2010, 07:50:04 PM

Omg, I loved the map de_dust. I can pwn so many noobs on it. Maybe today I can pwn enough noobs, that I raise my rank in the server, from 3 to 1, héé héé.

lol..
That video is really, really old. Like, 6 years or something.

Well... only games I play online are quake 2 and Zdaemon. Only Played CounterStrike once. Needless to say rocket jumping rocket jumping doesn't work any better on that then it does on Crysis. At least the game is merciful and doesn't have quads.First of all maybe you shouldn't piss off the hackers so much?

Second, don't be paranoid? Yes be paranoid! It's only the foolish thinks they are safe. Where there's a will there's a way. So long you have a active connection, there's a way in. You can pretty much just slow them down or make it hard enough they give up.

Thrid, where there's Microsoft there's a hole of exploits. It's the most targeted and the easiest to find holes in. Keep your software, security and OS up-to-date as much as possible.

Kaspersky Internet Security 2010 is quite good at Proactive Defense and will attempt to block network scans and attacks if setup correctly. Black Ice Anti-hacker is great to go on the revenge if you or your server is being attacked or DDOSed by reflecting it back, but only good for intrusion detection, FAILS as a complete firewall.

Pro Hackers will go stealth and inject a keylogger, grabbing your passwords and personal details over and over. They don't do damage, they just watch and gather, use, hand out to others as dumps (these are the worst as then any idiot then can screw with you) or ignore. Kaspersky can detect most keyloggers, however they use a stuffer over the file to make it invisible to most anti-virus scanners.

If they can't attack the computer, emails and other things are a lot easiler, depending on your password and details. The stupid secret word is the biggest security hole for email, leaving a easy backdoor. Instant Messagers like yahoo and msn are also major exploit holes.

Solve : Whack attack!?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment