Caution Eplaya Hacked Again

We're doing it wrong...we know

Caution Eplaya Hacked Again

Postby Apollonaris Zeus » Fri Nov 07, 2008 7:13 pm

I was wondering were my computer was getting hacked into and discovered it was eplaya.

If you run "noscript" and haven't allow scripts to run, you might have noticed the setting being changed while on eplaya.

The site was named "ne terror" or "na terror" from eplaya.

The script knocked out .net framework 1.1.

and you find out by running the windows update. Its an old update so you should had have it by now on your system if you regularity update your system.

This has been a problem and the source is eplaya!

So visit with "Noscript" set as "untrusted" until one of our great techs can figure out where or what is happening.

Bye everyone see you on the playa someday!

Apollonaris Zeus
User avatar
Apollonaris Zeus
 
Posts: 3716
Joined: Sun Sep 14, 2003 11:17 am

Postby DVD Burner » Fri Nov 07, 2008 7:19 pm

Uuummmm,

I never had any problems and I'm an MIS/IS/IT guy.

And how come you didn't put this in the eplaya bugs thread?

I'm sure it can be fixed if a problem really does exist that is.
Image

"The art is in the digit!"

The Original Digiman
User avatar
DVD Burner
 
Posts: 9741
Joined: Fri Dec 12, 2003 4:09 am

Re: Caution Eplaya Hacked Again

Postby wedeliver » Fri Nov 07, 2008 7:38 pm

Apollonaris Zeus wrote:I was wondering were my computer was getting hacked into and discovered it was eplaya.

If you run "noscript" and haven't allow scripts to run, you might have noticed the setting being changed while on eplaya.

The site was named "ne terror" or "na terror" from eplaya.

The script knocked out .net framework 1.1.

and you find out by running the windows update. Its an old update so you should had have it by now on your system if you regularity update your system.

This has been a problem and the source is eplaya!

So visit with "Noscript" set as "untrusted" until one of our great techs can figure out where or what is happening.

Bye everyone see you on the playa someday!

Apollonaris Zeus


What?

We all run different versions of windows so updates might not be the answer. If you think someone is hacking YOU, Perhaps set your settings to not display when you are online.
I'm a topless shirtcocking yahoo hippie

www.eaglesnestrvpark.com
User avatar
wedeliver
 
Posts: 1866
Joined: Thu Sep 16, 2004 11:10 am
Location: Tionesta, CA
Burning Since: 1998

Postby Dork » Fri Nov 07, 2008 7:40 pm

I moved the thread to bug reports. In the remote chance that there actually is a problem - what browser are you using and what exactly are you seeing that leads you to these conclusions? I can't start from a wild accusation and work my way backwords.
User avatar
Dork
 
Posts: 2066
Joined: Tue Jan 06, 2004 7:01 pm
Location: Las Vegas

Postby wedeliver » Fri Nov 07, 2008 7:46 pm

We have all gotten the emergency call from the customer. "My monitor has failed, it is on but the screen is black". Experience will have a tech reconnecting video and power cables, when what really happened is the keyboard rubbed on the contrast or brightness knobs on the bottom of the monitor and thats why the screen is black. Now would you please move your mouse around on the screen! I hope you understand I am not asking you to pick your mouse up and place it on the screen. no that is not what is needed...

I wonder why AZ thinks his machine is being hacked?
I'm a topless shirtcocking yahoo hippie

www.eaglesnestrvpark.com
User avatar
wedeliver
 
Posts: 1866
Joined: Thu Sep 16, 2004 11:10 am
Location: Tionesta, CA
Burning Since: 1998

Postby Dork » Fri Nov 07, 2008 8:03 pm

wedeliver wrote:I wonder why AZ thinks his machine is being hacked?

It's not the first time we've been down this road - it will turn out to be paranoia fed by some misinterpretation of something he saw. I just can't correct him until I know what exactly he saw.
viewtopic.php?t=17126
User avatar
Dork
 
Posts: 2066
Joined: Tue Jan 06, 2004 7:01 pm
Location: Las Vegas

Postby DVD Burner » Fri Nov 07, 2008 8:08 pm

LMFAO!

OH SHIT! That's the first I've seen that thread. HILARIOUS!


:lol:
Image

"The art is in the digit!"

The Original Digiman
User avatar
DVD Burner
 
Posts: 9741
Joined: Fri Dec 12, 2003 4:09 am

Postby wedeliver » Fri Nov 07, 2008 8:59 pm

Az, have you gone to Gibson Research and have your ports checked?
Steve Gibson is like Jesus to me, I highly recommend

www.grc.com



Also here is some info you might like to look through.

Hacking P2P Users Tutorial

Hacking P2P Users Tutorial

Hacking a desktop using netstat and ftp by The real Tim shady
--------------------------------------------------------------------------------
Hacking a Desktop using netstat and ftp

I've noticed while on this site that although there are plenty of tutorials on netstat, there's nothing on how to hack a system using it. This is one way which I rather like, as it is especially useful on systems using stuff like Kazaa which leave ports open on your system. This won't work on more secure systems, as they won't generally have foreign ports open. Oh and by the way, this is my first article so feel free to post below any and all problems with it!


Finding an open port

First we need to know the target's IP. There are lots of ways of doing this, which I'm not going to go into here. After all, I usually do this on ppl who I know and who give me their IPs (I'm a white hat hacker not some pathetic little script kiddie cracker). Once you know their' IP, open a DOS prompt. In Windows XP that's

start->programs->accesories->command prompt

Now type the following into the command prompt:

netstat [target's IP] -a

and press <enter>. What this does is look at all open ports on the target system. This means that you'll be shown a list of all the open ports. We aren't interested in the local ports, so look straight at the second column and for a port number that looks promising. If the target has a trojan on their system, a port number of 49000-63000 roughly should be about right. If not, look for Kazaa or WinMX or whatever's open port.

Now open another command prompt and type:

ftp <enter>
open [target's IP] [Port number]

You've now got a connection to their machine! From here you can browse around and modify their file system using DOS. These commands are especially useful when doing this:


CD REMOTE-DIRECTORY Change Directory on a remote system. Type this and the directory you want to change to. you probably need to understand how the Windows filesystem is organised for this to work.

DIR Display directory. Shows all the files and folders in this directory.

PWD Prints the name of the current remote directory.

CD .. Go up one level in directory.


-----------------------------------------------------------
thx to Bloodvessel for the follwing commands:

Transferring files

get test Copies file "test" from remote to local host (from current remote directory to current local directory).
mget test.* data.dbf Copies files beginning with "test" and the file named data.dbf from remote to local host.
put test Copies file "test" from local to remote host. You musth have write access to the remove host for this to work.
mput test.* data.dbf Copies files beginning with "test" and the file named data.dbf from local to remote host.
quit Closes connection and terminates FTP session
If a file name contains spaces (e.g. on your Windows system) you should type the file name in quotation marks " ", but it is strongly recommended to rename such files before FTPing them.

Other Commands

get test "| more" - displays file "test"
To make sure you want a document, you can display it with the more command and see the file screen by screen (using the space bar) BEFORE you get a file. To exit out of more , type q.

prompt Turns off prompting for individual files when using the mget or mput commands.

If you have mistyped your username or password, use the user command to re-login.

For a list of all FTP commands type ? at the ftp> prompt.
For a brief explanation of a command, type help, leave a space,and type the command itself.

-----------------------------------------------------------

Why does this work?

When we use the netstat command on a machine, it searches for open ports. This means that if, for instance, the target machine is connected to Kazaa, there will be a port opened with Kazaa. There are different kinds of ports, the most common being TCP and UDP. Most things on a computer have their own port; for instance, a printer and a scanner have their own port, though these are generally unhackable as they are in local ports, not foreign ones.

So, supposing the target does have an open port, it is possible to connect to them using ftp, or File Transfer Protocol. This is what is used when downloading off people, and is another reason why file sharing desktops (running Kazaa,WinMX etc) are so easy to hack when using this method; they already have a port or more open, downloading, which means that the their firewalls must be pretty much non-existant.

By typing the ftp command, we make our system an ftp server. This operates the same way basically as a web server. Once we are an ftp server, we can open a link with another computer through an open port. This literally means that we are sharing files with this computer, so if the target was alert to the attack, it could do what it wanted back. Still, this is unlikely, so on with the article!

Once we've opened a file transfer protocol with the target, we can do what we want using DOS commands in the prompt. how about leaving a text file on the desktop saying 'Hacked by...' That's sure to get the target to update their security!


Well, I hope that this article was helpful. As I said at the top, feel free to post below modifications to whats in here, as it may not all be completely correct. This process seems to work for me, but tell me your own experiences with it.

Thanks, The Real Tim Shady

EDITS

Finding target's IP

Did you know that you can find out people's IPs using netstat? If you're connected to them via ICQ, AIM and possibly MSN, then a quick Netstat check on your own system will show an open port to their machine along with their IP address! Simply use that IP address and you can hack their machine!


Portscanners

Another point that I have noticed is that it is possible to use a portscanner to check for open ports if the remote netstat command doesn't work. I'm not going to give you the addresses of where you can download them, but I reccomend Portscan Plus, because its easier to use. I know I say in the description that you shouldn't need to use any programs, but this one is optional, and I personally don't bother.

A little tip

Look for port 139 if you wanna ftp without netstat or a portscanner, as they may have a printer and file share.


Another way to find ports to go through

I find that a very useful way of finding ports to go through is to run a file like Kazaa on yourself and check netstat on your own machine. This will show you the ports Kazaa or whatever program you're using goes through, and the chances are that they'll be the same on your target's computer.







Now thats tuts good,but when i try and connect to them via windows ftp it dont work,so i tried using my ftp client and it says

Connecting......
Connected
Socket connected waiting for logon sequence...

And thats all it says.


Normally I don't bite - but after a 26hr stint at a downed exchange server, I'm a bit touchy...

quote: netstat [target's IP] -a

My versions (on Linux, XP, 2K, NT, AIX) of netstat are not capable of portscanning a remote machine... fine to show me what I have connected or listening though.

quote: ftp <enter>
open [target's IP] [Port number]

You've now got a connection to their machine! From here you can browse around and modify their file system using DOS

Err, only if the port you pick has an unsecure ftp server listening on the other end - otherwise [as long as it's still an ftp server] you'll still need a username and password. And the command language is not DOS. It's ftp. It won't allow access to the whole file system - onyl what they've exposed. It won't allow you to run applications, but might let you copy [exposed] files off or even might let you out some files on their server.

quote: When we use the netstat command on a machine, it searches for open ports

No It shows you what your local machine has open.

quote: By typing the ftp command, we make our system an ftp server.

No by running an application like IIS, ftpd, Warftpd etc - we make our system into an ftp server. By typing ftp, you open up the ftp client.

quote: Once we've opened a file transfer protocol with the target, we can do what we want using DOS commands in the prompt. how about leaving a text file on the desktop saying 'Hacked by...'

No ftp clients don't use DOS, and I doubt very much that anyone would leave an unsecured ftp server on an unspecified port with full access to the whole system. If you 'owned' someone elses machine, would you leave it a a free-for all for all the script kiddes? or harden it leaving a secure encrypted back channel for your own personal use?
I'm a topless shirtcocking yahoo hippie

www.eaglesnestrvpark.com
User avatar
wedeliver
 
Posts: 1866
Joined: Thu Sep 16, 2004 11:10 am
Location: Tionesta, CA
Burning Since: 1998

Re: Caution Eplaya Hacked Again

Postby Toolmaker » Sat Nov 08, 2008 2:38 pm

Apollonaris Zeus wrote:The site was named "ne terror" or "na terror" from eplaya.


NA Terror is an anti-druggie hacker group that is targeting certain eplaya users known to consume narcotics and get paranoid. You will most likely have to re-install windows to get rid of the exploit. I got hacked too so dont feel to bad.
This account has been closed as demanded by Wedeliver.
Toolmaker
 
Posts: 2512
Joined: Wed Sep 27, 2006 12:44 pm

Re: Caution Eplaya Hacked Again

Postby wedeliver » Sat Nov 08, 2008 2:42 pm

Toolmaker wrote:
Apollonaris Zeus wrote:The site was named "ne terror" or "na terror" from eplaya.


NA Terror is an anti-druggie hacker group that is targeting certain eplaya users known to consume narcotics and get paranoid. You will most likely have to re-install windows to get rid of the exploit. I got hacked too so dont feel to bad.


I just go where it takes me.


Lyrics to N.E. Terror :
Wake up to face another day of
Madness, the modern world at play.
Corruption, from white and blue alike,
Serenity is jeopardised.

Envoys are delt their hands.
Barter with their deadly plans for
Power they deal and trade
Compare the guns they made - big gun.

Secrets held from humanity.
Errors kept under lock and key
Mistrust, another people lost.
Red atomic double cross - twisted cross.

Famine, plagues the lands they rape,
As they spoon feed tv tape.
Bustling nations horde their rotting wheat,
Bloated tribesmen wither in the heat.

Spotlight on the innocent,
Kiddnapping extortion oil money spent.
Justice bent the eastern way,
Stand up for freedom with your life you'll pay.

Hijackers, terror in the sky
Crackpot colonel spits it in your eye.
Shiite dies to pick a fight,
New mercedes packed with dynamite.

Torture from the hooded nations
Heads of state decapitation.
Control is their ultra plan,
Sacred blood spills upon their hands

Madman don't waste any time,
Murder inside david's shrine.
Bullets riddle wailing wall,
On bloody broken knees they crawl.

[chorus:]
Hooded madmen make your move,
Tell me something, what you're trying to prove?
Why won't you let me see your face?
My fire's bigger, I'll put you in your place.

Third world, deep freeze hostage plot,
Pray to your God you get caught.
All the world will hear your name,
As you proudly claim your blame.

Struggle behind the murky face,
Panic fronts the world wide race.
At random choose the blood they smear,
Thermo global fear.

Blindman leading the blind,
Mercy gets left behind.
Hopeless victims beg and plead,
Peace is what you need.

My patience is tried and worn,
The number of the flags you've torn.
I've delt with your many threats,
Faceless creature, I'll get you yet.

[repeat chorus]
[ N.E. Terror Lyrics on http://www.lyricsmania.com/ ]
I'm a topless shirtcocking yahoo hippie

www.eaglesnestrvpark.com
User avatar
wedeliver
 
Posts: 1866
Joined: Thu Sep 16, 2004 11:10 am
Location: Tionesta, CA
Burning Since: 1998

Postby Simon of the Playa » Sun Nov 09, 2008 5:54 pm

try here

http://asparavind.wetpaint.com/

az, dork et al..
I'd rather Burn on my Feet, than Rave on my knees

Frida Be You & Me

A gift for the Playa

THIS YEARS POSTERS

2015 posters
User avatar
Simon of the Playa
 
Posts: 16150
Joined: Thu Sep 06, 2007 6:25 pm
Location: Rochester, Nevada.
Burning Since: 1996
Camp Name: La Guilde des Hashischins

Postby wedeliver » Sun Nov 09, 2008 7:00 pm

Just noticed Simon's skull and bones avatar.. I would have guessed Simon to be a Harvard man...
I'm a topless shirtcocking yahoo hippie

www.eaglesnestrvpark.com
User avatar
wedeliver
 
Posts: 1866
Joined: Thu Sep 16, 2004 11:10 am
Location: Tionesta, CA
Burning Since: 1998

Postby Simon of the Playa » Mon Nov 10, 2008 6:45 am

i'm not, but my Daughter is, she is in Lampoon, and lives in the castle.

she's not a bonesman, but she is a world class fencer.
I'd rather Burn on my Feet, than Rave on my knees

Frida Be You & Me

A gift for the Playa

THIS YEARS POSTERS

2015 posters
User avatar
Simon of the Playa
 
Posts: 16150
Joined: Thu Sep 06, 2007 6:25 pm
Location: Rochester, Nevada.
Burning Since: 1996
Camp Name: La Guilde des Hashischins

Postby Apollonaris Zeus » Wed Nov 26, 2008 10:10 pm

I was wondering where this thread was. i though it was deleted.

yes, I did thing the problem was eplaya as the source or held code to take advantage of a weakness.

But I did have something going on within my machine because I had a tunneling adapter set up. I don't use tunneling, peer to peer or teredo set up. At this time, I do think there might be a device. When I went to uninstall the tunnel driver it disapeared before I could.

I been doing a visual route check on my internet connection and I have 4 hops that lie right after my internet server that are reporting no IP address and information. They are just blanked out. If anyone knows what might be occuring, I would greatly appreciate it. Please limit the jokes to a minimum.

AIIZ
User avatar
Apollonaris Zeus
 
Posts: 3716
Joined: Sun Sep 14, 2003 11:17 am

Postby Toolmaker » Wed Nov 26, 2008 10:37 pm

Apollonaris Zeus wrote:I was wondering where this thread was. i though it was deleted.

yes, I did thing the problem was eplaya as the source or held code to take advantage of a weakness.

But I did have something going on within my machine because I had a tunneling adapter set up. I don't use tunneling, peer to peer or teredo set up. At this time, I do think there might be a device. When I went to uninstall the tunnel driver it disapeared before I could.

I been doing a visual route check on my internet connection and I have 4 hops that lie right after my internet server that are reporting no IP address and information. They are just blanked out. If anyone knows what might be occuring, I would greatly appreciate it. Please limit the jokes to a minimum.

AIIZ


In all honesty 4 is a lil excessive. I only have 2, have you considered that maybe a law enforcement agency might be monitoring you. To my knowledge only law enforcement and government can go without IP addresses and hand you off to your destination IP address.

Try getting WiFI and just use your nextdoor neighbors wireless router for an access point. Its legal AND anonymous!
This account has been closed as demanded by Wedeliver.
Toolmaker
 
Posts: 2512
Joined: Wed Sep 27, 2006 12:44 pm

Postby ygmir » Wed Nov 26, 2008 10:50 pm

I wish I understood what the heck you guys are discussing, sounds interesting.......hops and no IP addresses....dang......
YGMIR

Unabashed Nordic
Pagan
User avatar
ygmir
 
Posts: 27802
Joined: Thu Sep 20, 2007 8:36 pm
Location: nevada county
Burning Since: 2017
Camp Name: qqqq

Postby Apollonaris Zeus » Thu Nov 27, 2008 1:32 am

One could go to visualroute.com and use their demo to see what we are talking about. It traces your internet route to an ip destination.

there's raptor, predator or what ever that scans for terroristic messages in emails.

I remember when you didn't see any of these blank hops in your connections
User avatar
Apollonaris Zeus
 
Posts: 3716
Joined: Sun Sep 14, 2003 11:17 am

Postby DVD Burner » Thu Nov 27, 2008 1:40 am

I wish the Geekster were here to see this. :lol:
Image

"The art is in the digit!"

The Original Digiman
User avatar
DVD Burner
 
Posts: 9741
Joined: Fri Dec 12, 2003 4:09 am

Postby Apollonaris Zeus » Thu Nov 27, 2008 1:48 am

DVD Burner wrote:I wish the Geekster were here to see this. :lol:


You're the pro. What would cause VPN or other tunneling adapters to connect on someone computer. isatap, teredo or others to start/
User avatar
Apollonaris Zeus
 
Posts: 3716
Joined: Sun Sep 14, 2003 11:17 am

Postby DVD Burner » Thu Nov 27, 2008 1:55 am

teredo? what do you know about that?


And I aint sayin anything but that I am impressed with you knowing something about IPV6.

Or do you?

Where did you pick that up anyway? :shock:
Image

"The art is in the digit!"

The Original Digiman
User avatar
DVD Burner
 
Posts: 9741
Joined: Fri Dec 12, 2003 4:09 am

Postby Apollonaris Zeus » Thu Nov 27, 2008 2:20 am

DVD Burner wrote:teredo? what do you know about that?


And I aint sayin anything but that I am impressed with you knowing something about IPV6.

Or do you?

Where did you pick that up anyway? :shock:


So now we're playing games!

If anyone wants to know about teredo, the best thing to do is disable it on your computer.
Go to My Computer>properties>Hardware>Device Manager> view>show hidden devices

Here you can look for Tunneling adapters such asyncmac, teredo, peer to peer and isatap. You don't need these and you should at least disable them. Many delete them from the system since they are used by hackers.

Here's a good site for making your computer run faster without unnecessary drivers and devices running in the background slowing it down and giving malware exploits see part 8 on removing driver but read the whole guide don't delete files you will need later and create a restore points- because you are learning and even pro fuck up:

http://www.wincert.net/forum/lofiversio ... ?f122.html
User avatar
Apollonaris Zeus
 
Posts: 3716
Joined: Sun Sep 14, 2003 11:17 am

Postby Apollonaris Zeus » Thu Nov 27, 2008 2:31 am

Oh, if you use xp you need to boot up in safe mode F8 other wise prefetch will just recreate it. In vista, you could do so without safe mode, but have to take owner ship of the file.

If you have questions just ask DVD he's the pro

OH Again, use norton ghost to make a full backup image of your system. Restore does only so much. If you get hacked or just fuck up your OS Ghost can restore everything. Even Windows restore won't replace files that are changed by malware. It just see that the file exists not that its size has changed or manipulated
User avatar
Apollonaris Zeus
 
Posts: 3716
Joined: Sun Sep 14, 2003 11:17 am

Postby Toolmaker » Thu Nov 27, 2008 5:18 pm

Image
This account has been closed as demanded by Wedeliver.
Toolmaker
 
Posts: 2512
Joined: Wed Sep 27, 2006 12:44 pm

Postby DVD Burner » Fri Nov 28, 2008 7:53 am

HAPPY THANKSGIVING!

I am having too much fun right now. :o

Talk later.
Image

"The art is in the digit!"

The Original Digiman
User avatar
DVD Burner
 
Posts: 9741
Joined: Fri Dec 12, 2003 4:09 am

Postby Elderberry » Fri Nov 28, 2008 10:09 am

Apollonaris Zeus wrote:If anyone wants to know about teredo, the best thing to do is disable it on your computer.


Why would you want to disable Teredo?

IP Addresses are to the internet as phone numbers are to us humans. Without one, nobody would be able to contact you.

The original number of four digit phone numbers began to run out as more and more people got phones, the numbers migrated eventually to seven digits and then to area codes plus seven digits--and they are adding area codes all the time to accomodate the added number of phones/faxes/etc.

This is what is happening with the current IPv4 System of IP addresses; so to accomodate this, they are switching to IPv6 System of addressing.

Teredo is a transitional technology that will allow computers on the IPv4 system to communicate with the new IPv6 technology.

Microsoft and others have been pioneers and early adaptors of this technology and are running Teredo routers.

Without this installed on your computer, you might not be able to communicate with sites as they start to convert.

You can also think about this like the upcomming conversion from Analog to Digital TV signals--in February you won't be able to get TV signals from older sets without a converter box.

You can think of Teredo as a converter box for your computer.

Here is my simple formula for keeping your computer safe on the internet.

1. Always apply all the hot fixes and service packs issued by the manufacturer of your operating system.

2. Never open or read any emails from anyone you don't know--especially if it has an attachment.

Violating those two rules is what gets the VAST majority of people in trouble.

Next in importance...

3. Install a virus detection program and make sure that the virus definitions are updated.

4. Use a firewall and make sure you read and understand any pop-up warnings they generate before just clicking 'allow'.

Unless you are a terrorist or work in a sensitive area or for a very large and controversial business, THERE IS NO REASON TO WORRY AND CONTINUE RUNNING CHECKS ON YOUR COMPUTER WITH TESTS THAT YOU DO NOT UNDERSTAND.

JK
JK
Image
http://www.mudskippercafe.com
When I was a kid I used to pray every night for a new bicycle.
Then I realised that the Lord doesn't work that way so I stole one and asked Him to forgive me.
User avatar
Elderberry
Moderator
 
Posts: 13288
Joined: Tue Jul 17, 2007 10:00 pm
Location: Palm Springs
Burning Since: 2007
Camp Name: Mudskipper Cafe

Postby Captain Goddammit » Fri Nov 28, 2008 12:04 pm

Your internet safety rules are numbered incorrectly; those are rule numbers 2, 3, 4, and 5. Internet safety rule number 1 is use a Mac!
GreyCoyote: "At this rate it wont be long before he is Admiral Fukkit."
Delle: Singularly we may be dysfunctional misfits, but together we're magic.
User avatar
Captain Goddammit
 
Posts: 6381
Joined: Sat Sep 06, 2003 9:34 am
Location: Seattle, WA
Burning Since: 2000
Camp Name: First Camp

Postby Elderberry » Fri Nov 28, 2008 1:15 pm

Captain Goddammit wrote:Your internet safety rules are numbered incorrectly; those are rule numbers 2, 3, 4, and 5. Internet safety rule number 1 is use a Mac!


That might have been true a few years ago, but because of the popularity of MACs they are also starting to be targets of hackers and viruses.

The days of protection by obscurity are gone.

JK
JK
Image
http://www.mudskippercafe.com
When I was a kid I used to pray every night for a new bicycle.
Then I realised that the Lord doesn't work that way so I stole one and asked Him to forgive me.
User avatar
Elderberry
Moderator
 
Posts: 13288
Joined: Tue Jul 17, 2007 10:00 pm
Location: Palm Springs
Burning Since: 2007
Camp Name: Mudskipper Cafe

Postby DVD Burner » Sat Nov 29, 2008 2:54 am

jkisha wrote:
Captain Goddammit wrote:Your internet safety rules are numbered incorrectly; those are rule numbers 2, 3, 4, and 5. Internet safety rule number 1 is use a Mac!


That might have been true a few years ago, but because of the popularity of MACs they are also starting to be targets of hackers and viruses.

The days of protection by obscurity are gone.

JK


Thank you very much. I'm impressed. :o
Image

"The art is in the digit!"

The Original Digiman
User avatar
DVD Burner
 
Posts: 9741
Joined: Fri Dec 12, 2003 4:09 am

Postby Apollonaris Zeus » Sun Nov 30, 2008 12:19 am

jkisha wrote:
Apollonaris Zeus wrote:If anyone wants to know about teredo, the best thing to do is disable it on your computer.


Why would you want to disable Teredo?



Teredo increases the attack surface by assigning globally routable IPv6 addresses to network hosts behind NAT devices, which are otherwise mostly unreachable from the Internet. By doing so, Teredo potentially exposes any IPv6-enabled application with an open port to the outside. It also exposes the IPv6 stack and the Teredo tunneling software to attacks should they have any remotely exploitable vulnerability.

Teredo is just an temporary fix for old non-compliant IPv4 NAT routers. You also don't need it to connect anywhere in the US. When everyone has a new IPv6 routers, you won't even need Teredo and no one needs to have tunneling drivers unless you need it to connect to your business network.

Again read this article. If you know about Black Hat you should take this seriously:

Black Hat 2007: Vista users urged to beware of IPv6

By Bill Brenner, Senior News Writer
02 Aug 2007 | SearchSecurity.com

LAS VEGAS -- Vista users would be wise to turn off the Teredo IP tunneling system that is enabled by default in Microsoft's newest operating system, since attackers may be able to exploit it for phishing, pharming and other mischief. James Hoagland, principal security researcher for Symantec Corp., issued that warning Thursday during a presentation at the Black Hat 2007 conference.

Hoagland -- along with fellow researchers Matt Conover, Tim Newsham and Ollie Whitehouse -- conducted an extensive analysis of Vista. They found that while Microsoft has significantly improved security in the latest version of Windows, new vulnerabilities were likely created in the process.

Hoagland said the best example may be Vista's default enabling of Teredo. The software giant has embraced Teredo as a way to help users transition from IPv4, the long-standing protocol that is quickly running short on IP address space, to IPv6, a more advanced protocol that vastly increases the number of IP addresses available to networked devices.

He said Microsoft loves IPv6 because, among other things, it eases the process of setting up peer-to-peer (P2P) gaming programs. But on the down side, IPv6 can also double Vista's possible attack surface -- at least until IPv4 is eliminated. Furthermore, many network security controls may not be ready for IPv6.

Hoagland noted that the Cupertino, Calif.-based Symantec has already discovered one Teredo/IPv6-related flaw in Vista, which Microsoft patched in the MS07-038 security update released last month. According to the researchers, the Teredo interface in Vista was not properly handling certain network traffic, allowing remote attackers to bypass firewall-blocking rules and obtain sensitive information via crafted IPv6 traffic.

Disabling IPv6 in Windows Vista -- Pros and cons: Disabling IPv6 in Windows Vista could prevent performance and security problems, but there are pros and cons. "There are some serious security implications with Teredo," Hoagland said. "This includes the potential for unexpected host accessibility, phishing and pharming threats and possible peer address disclosure."

Attackers could also exploit Vista's implementation of Teredo to bypass such network security controls as firewalls and intrusion detection-prevention (IDS/IPS) systems. To correct this, Hoagland said security tools need to be reprogrammed so they are specifically aware of Teredo.

"Because it can be so difficult to inspect Teredo, a consensus has been reached [in the information security community] that Teredo should not be used in managed networks," Hoagland said.

To be fair, he said, there are some positives with Teredo. It requires a lot of packet-sanity checks, which can prevent a number of attacks. The program also includes some decent anti-spoofing mechanisms. But for Hoagland, that's not much of a silver lining.

"Disable Teredo and block it on the network," Hoagland instructed, "upgrade your security controls and beware of Teredo tunneling through your network."
End of Article

Another thing is you don't need to connect to the internet!

As far unidentified hops in your tracerts other then your private network, you have a security problem. I've never seen this before on my internet connections.

AIIZ
User avatar
Apollonaris Zeus
 
Posts: 3716
Joined: Sun Sep 14, 2003 11:17 am

Postby Captain Goddammit » Sun Nov 30, 2008 8:47 am

jkisha wrote:
Captain Goddammit wrote:Your internet safety rules are numbered incorrectly; those are rule numbers 2, 3, 4, and 5. Internet safety rule number 1 is use a Mac!


That might have been true a few years ago, but because of the popularity of MACs they are also starting to be targets of hackers and viruses.

The days of protection by obscurity are gone.

JK

The days of using "obscurity" to explain superior Mac security are gone!
GreyCoyote: "At this rate it wont be long before he is Admiral Fukkit."
Delle: Singularly we may be dysfunctional misfits, but together we're magic.
User avatar
Captain Goddammit
 
Posts: 6381
Joined: Sat Sep 06, 2003 9:34 am
Location: Seattle, WA
Burning Since: 2000
Camp Name: First Camp

Next

Return to ePlaya Feedback

Who is online

Users browsing this forum: No registered users and 1 guest