obduro

by odburo definition.... bin laden and 9/11 was amazing.... the fact is that' date=' whilsts it may be good planing or programing and it might be well made and good at what its meant to do... that doesnt mean they are useful and whilsts they have a purpose they are unneeded and unwanted in society and life

 

[i']i agree with pulkit[/i]

If you would re-read my post you might notice that I do not justify virus creaters, if they release their "products" into the wild. However, I believe that releasing a virus into an isolated enviroment can be both educational and entertaining as it can teach you quite a bit about computer networks, OS in a network enviroment and so on.

By the way 5614. Comparing a virus to a terrorist attack is not that a strong argument against them. Consider for example this, do you think your government wouldn't use one if it was more or less just as effective as sending in the army, with the slight advantage of being a lot safer? Would you still call it a terrorist attack? (Although the above example is not very descriptiv it is still valid).

As for you pulkit. Writing a virus is a good way to hone your skills.

Now. I have no intention to discuss this any further as it is off topic (and I'm ill).

In general, viruses are neither pointless nor uncreative, some viruses are indeed true master pieces, others are usualy test/failed projects or remakes. Computer viruses, just like their biological counterparts simply want to multiply and the results of such actions are merely unavoidable side effects. What makes a virus a master piece then? It's simply the method by which it fulfills its purpose. I personaly admire polymorphic viruses and their creators (NOTE: In no way do I incline that they do nothing wrong. Indeed they are fully responsible for any damage their creation causes, and should these actions be against their societies established rules then they should be punished accordingly), since those are among the most difficult to stop. Simply because it's so hard to create a usefull signature of one. Even a heuristic scan has trouble detecting it.

What you described as a virus, 5614, is by my definition a malware.

FSB stands for Front Side Bus and it's used by the microprocessor to communicate with other hardware inside the computer, like memory. It is possible to overclock your machine this way but that is not recommended since with higher speeds of the bus (above 100 MHz) the possiblity for error is also higher. It does sound interesting that they were capable to get the CPU up to 5 GHz

Don't worry 5614, pretty much all I know is self learned too, and I have to agree with you about schools and what little (if anything) you can learn about computers if you had enough exposure to it before. Imagin this, I'm 18 and when I started at the business school last year the first chapter in our IT books was about how to turn on the computer. Following that the book was filled with chapters on how to use the different software you get in a Microsoft Office pack. I'm not saying that they shouldn't teach that stuff because there are many people who know nothing about computers, and couldn't care less. But I think that you should have the option to opt-out of those classes if you already know the stuff and can prove it, because for me it was a torture to sit there 60 minutes and explore schools network, for 10th time...I even made a few homepages in those classes simply to kill the time.

In my opinion this issue is caused by Zone Alarm. The same behavior can be observed with 2 3rd party software firewalls run simultanesly. The same thing goes for anti-virus software and so on. The reason for this is because both firewalls need priority access to your network card(or modem if that's what you use) in order to decide what to let trough and what not. Now you can imagine what is going on in there where both are taking over the control from each other...chaos...with unpredictable consequences

I would recommend you to turn off you windows firewall, trust me you won't miss it because Zone Alarm is far more advanced. The windows firewall is pretty much the simplest firewall you can get, it blocks all unrequest incoming traffic, just like a routers hardware firewall. the only diference is that routers firewalls can be configured while windows firewall has all options hard-coded.

I assure you 5614 that my knowledge is rather limited, and in my opinion I spend far less time learning then I should. But I hope that will change soon

The link FireDragon52 provided seems good, rather similar to what I found myself: http://www.big-bang-theory.com/

Big Bang Theory - Evidence for the Theory

What are the major evidences which support the Big Bang theory?

 

* First of all, we are reasonably certain that the universe had a beginning.

* Second, galaxies appear to be moving away from us at speeds proportional to their distance. This is called "Hubble's Law," named after Edwin Hubble (1889-1953) who discovered this phenomenon in 1929. This observation supports the expansion of the universe and suggests that the universe was once compacted.

* Third, if the universe was initially very, very hot as the Big Bang suggests, we should be able to find some remnant of this heat. In 1965, Radioastronomers Arno Penzias and Robert Wilson discovered a 2.725 degree Kelvin (-454.765 degree Fahrenheit, -270.425 degree Celsius) Cosmic Microwave Background radiation (CMB) which pervades the observable universe. This is thought to be the remnant which scientists were looking for. Penzias and Wilson shared in the 1978 Nobel Prize for Physics for their discovery.

* Finally, the abundance of the "light elements" Hydrogen and Helium found in the observable universe are thought to support the Big Bang model of origins.

If I remember/understood it correctly then it's: 1) Background radiation. 2) Expansion of the univers. 3) hmmm...Nothing seems to pop up...

a good user shoulnt have problems

Couldn't agree more.

What is Microsoft up to anywhy?

The answer is simple and you probably already know it...MONEY!!!!

Although they have to make a decent product and provide good support for it if they hope to earn anything. So although their 1st priority is to make cash, they have to balance that with spending cash first to improve their product. And with the recent increase in competition (Mac OS X, linux, etc...) they have really pulled themselves toghether(or at least they might be getting desperate, judging by some of the ridicules ideas they came up with lately ).

The script kiddy mode applies only if you won't spend time to learn how the tools you download acctualy do their job.

If that's the way you want to go you should remember that any "abnormal" activity intentionaly directed from and/or towards a machine you do not own, or have not been granted a permission if you do not, is illegal. In some cases it might cause you problems to simply use a network (the internet, or at least a part of it that belongs to an ISP, etc...), even though you have the appropiate rights for both machines. That is why I strongly suggest you build your own network to experiment on.

Having said that, make a search for a trojan server and client...install the trojan server on the target machine and the client on your own...tunnel the connection trough a firewall(if any) and that's about it. (the short, undescriptive version you could learn anywhere on the internet). A word of warning regarding trojan clients, their makers usualy include a small server into them so that they may connect to them the same way you connect to the server on the target machine. But that shouldn't make a difference if you isolate the sandbox network from the rest of the internet.

Maybe its because Windows XP is garbage...or at least I like to think so...

An out-of-the-box installation of windows might be garbage, but once you learn how to tweak and bend it to fit your needs it starts to show its beautiful side

Before anyone starts bashing me and labeling me as a Windows lover or Microsoft employee, know that I used to think as you do, that windows sucks. But then a wise person showed me the truth. There is no one OS that is better then the other. They are all equal as they all have been made to fit different roles, or to fit the same role in a different way. Besides, you can't judge what you don't understand. (NOTE: My last statement does not imply that everyone who says that any single OS sucks doesn't know anything about that particular OS)

EDIT: Forgot to mention that I also have linux on my notebook and prefer to use linux as a server on the network that I administer, as in my opinion it's much easier to configure.

which may have a router and consequently its own firewall.

The routers firewall wouldn't cause any compatibility problems with windows built-in firewall, that is why I asked him if he has a 3rd party software firewall on the same machine

How rude of me. Here I am posting around the forums without coming here to introduce myself first...

Well here it goes.

I have been lurking on SFN for quite some time now and I have already learned a lot.

When in the "real" world (I day dream whenever I can ), I am a 2nd year student at a local Business school. After my 3rd year I plan to take a quick 2½ year of a programming "course". Following that I hope to continue at a university going for the bachelor degree in Software Engineering (if by the time I get that I will still be interested in going to school, I'll look into getting myself a master degree). My level of knowledge in the area of computers is, by my own estimates, between intermediate and advanced.

I don't drink alcohol, don't smoke or take drugs. I even prefer not to take medication unless it's nesecary, usualy waiting untill headaches or other pain passes by itself (which remainds me that on average I have 1-3 headaches a year).

Well, I think that's about it. As you can see I'm a very boring person

Oh and almost forgot...I'm an 18 (soon 19) years old male

In my opinion dave is on the right track...linux is still capable of running on those ancient machines with just 66 MHz and 4 MB ram...it would make a good machine to learn on how an open source OS works, by manipulating with the kernel and stuff...see if you can break into it over the network...the possibilities are endless.

Otherwise you could frame your motherboard and hand it on a wall

A crule reminder to your existing machines of what happens when they become obsolete.

Your explanation of the problem is too vague...could you be more specific?

A better description maybe?

I would also like to know if you have any 3rd party firewall software installed?

Remote access? What you will need to do depends on what kind of remote access you want...is command line enough, or would you prefer a GUI? Do you only need to issue commands to his machine or would you prefer it to be like remote desktop? For some of the approches all the tools you need are already on your machine, for others you will have to either a) go Script Kiddy style (applies only when you don't spend time to learn how the tools do their job, after all not everyone is a programmer) and download some tools, or b) make them your self. I myself have a very limited experience from the practical side of "hacking" although I know the theory rather well. Currently I administer a small network (16 client machines, 1 admin machine and 2 servers), not much happening here so not much to learn (and I can't turn it into my sandbox). Personaly I would recommend you to make a small network (2-5 machines) of your own as that is the only place where it's not illegal to break into a system. You will learn alot more this way about how all of this stuff works. Later on you can decide if you want to use your skills to help others, harm others or go the middle way (Aristoteles style ).

Mainly it's either password guessing or exploits - and ofc DDoS. Good luck trying to get around the firewall.

Password guessing works only if you have some idea as to what the password might be, otherwise it's brute forcing and trust me, it's not that effective now a days

You are correct with exploits. They are still one of the most widely used methodes of gaining access to another machine, they work mainly because a) people forget to patch their software and b) some software vendors are not that fast with fixing holes.

DoS and DDoS are used mainly to (as their name applies) make a service unavailable to the legtimate traffic by filling the pipe with garbage packets sent from a single host (in the case of DoS) or multiple hosts (DDoS). This type of attack rarely results in buffer overflow which can in some cases grant unauthorized access to anyone. Most often it results in the OS either a) shutting down the targeted application or b) crashing itself.

I still don't have any links for you 5614. Sorry.

I just reread my last post, as well as yours and remembered something... It's called Social Engineering and constitutes around 80-90 percent of the entire "professional hacking" process, because humans are usualy the weakest link. You could try that on your frinds to gain info of their system where after you could research it all on the net for a while.

I'm sorry I wont be posting any links atm but I don't really have time right now. IYou can be sure however that I will provide you with some later on. For now security focus is the place to visit...go to their archives and look it trough.

Ahhh the lure of "The dark side"...

All I will tell you is that the easiest way is to find and exploit a weakness in his firewall. However, you will have to read quite a bit and hope your friend is using a standard out-of-the-box OS setup. No matter what kind of OS it is, if it's easy to get your hands on and is popular enough then you can be sure there are sites that list plenty of "0-day" exploites for it (same goes for any other software).

One more thing, if he is just like the average computer user then chances are that he simply set firewall to "allow all" thus effectivly elliminating its purpose.

To get the most out of your firewall, after installing it set it to "always ask". This way it will popup a warning whenever something tries to access the internet and gives you the option to block it. It might be annoying in the begining but with time you'll get used to it. After all, better safe then sorry.

What sites like http://www.try2hack.nl offer is reffered to as "War games". Sites like that are not uncommon on the internet. They are created primarly for people who would like to learn more about how server/homepage security works as well as put their knowledge to a test with out having to go trough a "long" and "costly" process of setting up their own playgrounds. A good part of what I know in that area is because of sites like that. It's true that this kind of sites is also used by individuals who intend to use that knowledge in ways that most of us do not approve of, but I can assure you that they constitute only a small fraction of all the visitors.

On a side note, pretty much all attacks against home users as well as poorly maintained servers are performed by individuals reffered to as "script kiddies" by the security community. It is a very negative word which basicly means: Someone unwilling to learn even the basics of how computers/networks/OS's work(in other words all they know is the GUI part of an OS, but even here their knowledge is limited), instead using software like BackOriffice or Brutus to vent of their frustration over something and/or to show off to their peers.

If you have any questions I will be willing to answer them, or at least point you in the right direction.

but nobody else i know has this problem, indeed ive never seen or heard of it anywhere.

I wouldn't call it a problem, it's just a UDP packet sent out to any logging in user of MSN that most likely provides it with some "necessary" info. However, since they use a UDP packet then I don't belive it's that important.

As dave said, I used my copy of MSN to get a hold of the packet, but to be honest I figured it has something to do with voice chat by looking at another packet from 64.4.12.200 which has a DNS name of e450.voice.microsoft.com...the packet preceeds the one you block (64.4.12.201 = echo-v2.msgr.hotmail.com)...I don't think you can gain much info out of either packet since what little they seem to carry seems encrypted (although it might just be a simple way of providing MSN client with info which so happens to be unreadable by anyone who does not know the source code of MSN. A rather common way of minimizing amount of traffic necessary.).

As for the sniffer, I use Ethereal

Also one site I can recommend is Security Focus

Ok. Out of curiosity I just dissected the "mysterious" packet. Tell me, do you use voice chat? The ip is apperantly that of a voice server. Not much interesting stuf in the packet, and yes it is safe to let it pass

how did you search all of that info?

http://www.arin.net

You could also try http://www.internic.net, look under registry whois.

I do realize this theared is rather "old" at the time of posting but I felt like i needed to share this:

It's not a good idea to rely only on hardware based firewalls like those found in small(home/small office) routers as they only block unrequested incoming trafic, and many of those can be bypassed using specialy forged packets that ignore the standard TCP. For maximum protection you should also have a well configured software firewall with packet filtering capabilities. Also pretty much every web-based firewall testing tool out there is highly inaccurate. The only real way to test your firewall is to do so on your own network using the same methodes a script-kiddy would use. If it passes, then you can feel safe as there is no real way (other then pulling the plug or using a hardend system) to stop a skilled and dedicated cracker from gaining enterance.

No vuln or anything...I made a search for the IP and it seems like it does belong to Microsoft:

Search results for: 64.4.12.201

 

 

OrgName: MS Hotmail

OrgID: MSHOTM

Address: One Microsoft Way

City: Redmond

StateProv: WA

PostalCode: 98052

Country: US

 

NetRange: 64.4.0.0 - 64.4.63.255

CIDR: 64.4.0.0/18

NetName: HOTMAIL

NetHandle: NET-64-4-0-0-1

Parent: NET-64-0-0-0-0

NetType: Direct Assignment

NameServer: NS1.HOTMAIL.COM

NameServer: NS3.HOTMAIL.COM

NameServer: NS2.HOTMAIL.COM

NameServer: NS4.HOTMAIL.COM

Comment:

RegDate: 1999-11-24

Updated: 2003-06-27

 

TechHandle: MSFTP-ARIN

TechName: MSFT-POC

TechPhone: +1-425-882-8080

TechEmail: iprrms@microsoft.com

 

OrgAbuseHandle: ABUSE231-ARIN

OrgAbuseName: Abuse

OrgAbusePhone: +1-425-882-8080

OrgAbuseEmail: abuse@microsoft.com

 

OrgTechHandle: MSFTP-ARIN

OrgTechName: MSFT-POC

OrgTechPhone: +1-425-882-8080

OrgTechEmail: iprrms@microsoft.com

 

# ARIN WHOIS database, last updated 2004-09-03 19:10

# Enter ? for additional hints on searching ARIN's WHOIS database.

 

 

If contact information is out of date or incorrect, please contact hostmaster@arin.net. Include all relevant information in your e-mail and ARIN will investigate the matter.

The traffic seems legit to me but if you are still concerned then capture all the packets from that addy and have a look at 'em.