Jump to content

Norton Firewall Warning

5614

By 5614
in Computer Science

 Share

Recommended Posts

5614

5614

Posted
Posted

Every time I load MSN messenger i get an error message from NIS [norton internet security] professional.

 

i thought it might be random, might be chance, might be different people/machines, but it isnt, (screen shot below) because every time it happens it is coming from the same IP address, so it must be from the same machine.

 

does anyone know who/what it is and how i could stop this? :confused:

norton help.JPG

Link to comment
Share on other sites
5614

5614

Posted
  • Author
Posted

i doubt MSN has a vulnerability because it is the latest one, and i dont know anyone else with this problem.

(all my ports are stealthed anyway)

 

if its the MSN server, then surely others would have the same thing? and they dont.

 

is there a way of tracing it? or blocking that IP?

Link to comment
Share on other sites
obduro

obduro

Posted
Posted

No vuln or anything...I made a search for the IP and it seems like it does belong to Microsoft:

 

Search results for: 64.4.12.201

 

 

OrgName: MS Hotmail

OrgID: MSHOTM

Address: One Microsoft Way

City: Redmond

StateProv: WA

PostalCode: 98052

Country: US

 

NetRange: 64.4.0.0 - 64.4.63.255

CIDR: 64.4.0.0/18

NetName: HOTMAIL

NetHandle: NET-64-4-0-0-1

Parent: NET-64-0-0-0-0

NetType: Direct Assignment

NameServer: NS1.HOTMAIL.COM

NameServer: NS3.HOTMAIL.COM

NameServer: NS2.HOTMAIL.COM

NameServer: NS4.HOTMAIL.COM

Comment:

RegDate: 1999-11-24

Updated: 2003-06-27

 

TechHandle: MSFTP-ARIN

TechName: MSFT-POC

TechPhone: +1-425-882-8080

TechEmail: iprrms@microsoft.com

 

OrgAbuseHandle: ABUSE231-ARIN

OrgAbuseName: Abuse

OrgAbusePhone: +1-425-882-8080

OrgAbuseEmail: abuse@microsoft.com

 

OrgTechHandle: MSFTP-ARIN

OrgTechName: MSFT-POC

OrgTechPhone: +1-425-882-8080

OrgTechEmail: iprrms@microsoft.com

 

# ARIN WHOIS database, last updated 2004-09-03 19:10

# Enter ? for additional hints on searching ARIN's WHOIS database.

 

 

If contact information is out of date or incorrect, please contact hostmaster@arin.net. Include all relevant information in your e-mail and ARIN will investigate the matter.

 

The traffic seems legit to me but if you are still concerned then capture all the packets from that addy and have a look at 'em.

Link to comment
Share on other sites
5614

5614

Posted
  • Author
Posted

how did you search all of that info?

 

im going to play with MSNs access rights to the internet, if this is just microsoft, then it should be fine to allow it to pass by me, what do you think?

the alternative is to keep blocking it.

Link to comment
Share on other sites
Dave

Dave

Posted
Posted
im going to play with MSNs access rights to the internet, if this is just microsoft, then it should be fine to allow it to pass by me, what do you think?

 

I'd trust Microsoft as far as I can throw them to be honest. If it works with that port being blocked, you may as well just keep it blocked.

Link to comment
Share on other sites
5614

5614

Posted
  • Author
Posted

ok thanks, i dont use the audio feature because there is a compatability problem between MSN and my microphone, although the option is there.

 

may i ask how you dissected this, the whois i knew about, just didnt have the website address, but ive seen them before, i have no idea how you learnt that, could you tell me please?

Link to comment
Share on other sites
5614

5614

Posted
  • Author
Posted

ok, im guessing thats a program which "explores" packets, however as he doesnt have the package, i do, could he still have used one?

any links, downloads, advice, names of them?

 

please and thank you!

[nice manners at least]

Link to comment
Share on other sites
Dave

Dave

Posted
Posted

I'm not sure of any packet sniffers' names, but I can tell you that a packet sniffer will effectively "sit over" a port, read the incoming packet, store it in some manner and then send it out again. It's useful to see what programs are outputting what information to the web.

Link to comment
Share on other sites
5614

5614

Posted
  • Author
Posted

ok, then my guess of what they are is correct, it also means that he could not have used one, as i have the problem not him, he's not sitting at my ports sniffing packages... so the question must be asked again:

 

how did you do it obduro?

Link to comment
Share on other sites
obduro

obduro

Posted
Posted
but nobody else i know has this problem, indeed ive never seen or heard of it anywhere.

 

I wouldn't call it a problem, it's just a UDP packet sent out to any logging in user of MSN that most likely provides it with some "necessary" info. However, since they use a UDP packet then I don't belive it's that important.

 

As dave said, I used my copy of MSN to get a hold of the packet, but to be honest I figured it has something to do with voice chat by looking at another packet from 64.4.12.200 which has a DNS name of e450.voice.microsoft.com...the packet preceeds the one you block (64.4.12.201 = echo-v2.msgr.hotmail.com)...I don't think you can gain much info out of either packet since what little they seem to carry seems encrypted (although it might just be a simple way of providing MSN client with info which so happens to be unreadable by anyone who does not know the source code of MSN. A rather common way of minimizing amount of traffic necessary.).

 

As for the sniffer, I use Ethereal

 

Also one site I can recommend is Security Focus

Link to comment
Share on other sites
5614

5614

Posted
  • Author
Posted

ok, thanks, you seem to know a lot about this kinda stuff.

 

do you happen to know how i can remotely access a friends computer [possibly via his IP] remembering that he will still have an active firewall?

Link to comment
Share on other sites
obduro

obduro

Posted
Posted

Ahhh the lure of "The dark side"... :)

All I will tell you is that the easiest way is to find and exploit a weakness in his firewall. However, you will have to read quite a bit and hope your friend is using a standard out-of-the-box OS setup. No matter what kind of OS it is, if it's easy to get your hands on and is popular enough then you can be sure there are sites that list plenty of "0-day" exploites for it (same goes for any other software). :)

 

One more thing, if he is just like the average computer user then chances are that he simply set firewall to "allow all" thus effectivly elliminating its purpose.

 

To get the most out of your firewall, after installing it set it to "always ask". This way it will popup a warning whenever something tries to access the internet and gives you the option to block it. It might be annoying in the begining but with time you'll get used to it. After all, better safe then sorry. :)

Link to comment
Share on other sites
5614

5614

Posted
  • Author
Posted

i've configured all my firewall to do it automatically, when there is not good auto figures then its set up to give me a pop-up. i find that norton is quite good for it. my friends are ok on computers, they will not allow me to do easy things coz they're firewall will stop it!

 

can you point me in the right direction, like by giving me a site or sumin. they all use XP home and zone alarm. [some use zone alarm pro]

Link to comment
Share on other sites
obduro

obduro

Posted
Posted

I just reread my last post, as well as yours and remembered something... It's called Social Engineering and constitutes around 80-90 percent of the entire "professional hacking" process, because humans are usualy the weakest link. You could try that on your frinds to gain info of their system where after you could research it all on the net for a while.

 

I'm sorry I wont be posting any links atm but I don't really have time right now. IYou can be sure however that I will provide you with some later on. For now security focus is the place to visit...go to their archives and look it trough.

Link to comment
Share on other sites
5614

5614

Posted
  • Author
Posted

i think that i know all the info about his system which i need to know.

 

OS, security, [he has SP2], IP address [traced through an email he sent me]

 

what else do i need to know?

 

i am interested in remote access, i can hack a computer when its in front of me, i've done it before. esp. windows XP home, i want remote access!?

 

what can i do with an IP? the whois searches dont come up with much usefull stuff, i know that hackers can use IP address, but i cant see what they actually do with it?

Link to comment
Share on other sites
obduro

obduro

Posted
Posted

Remote access? What you will need to do depends on what kind of remote access you want...is command line enough, or would you prefer a GUI? Do you only need to issue commands to his machine or would you prefer it to be like remote desktop? For some of the approches all the tools you need are already on your machine, for others you will have to either a) go Script Kiddy style (applies only when you don't spend time to learn how the tools do their job, after all not everyone is a programmer) and download some tools, or b) make them your self. I myself have a very limited experience from the practical side of "hacking" although I know the theory rather well. Currently I administer a small network (16 client machines, 1 admin machine and 2 servers), not much happening here so not much to learn (and I can't turn it into my sandbox). Personaly I would recommend you to make a small network (2-5 machines) of your own as that is the only place where it's not illegal to break into a system. You will learn alot more this way about how all of this stuff works. Later on you can decide if you want to use your skills to help others, harm others or go the middle way (Aristoteles style :) ).

 

Mainly it's either password guessing or exploits - and ofc DDoS. Good luck trying to get around the firewall.

 

Password guessing works only if you have some idea as to what the password might be, otherwise it's brute forcing and trust me, it's not that effective now a days :)

 

You are correct with exploits. They are still one of the most widely used methodes of gaining access to another machine, they work mainly because a) people forget to patch their software and b) some software vendors are not that fast with fixing holes.

 

DoS and DDoS are used mainly to (as their name applies) make a service unavailable to the legtimate traffic by filling the pipe with garbage packets sent from a single host (in the case of DoS) or multiple hosts (DDoS). This type of attack rarely results in buffer overflow which can in some cases grant unauthorized access to anyone. Most often it results in the OS either a) shutting down the targeted application or b) crashing itself.

 

I still don't have any links for you 5614. Sorry.

Link to comment
Share on other sites
5614

5614

Posted
  • Author
Posted

you mentioned going into script kiddy mode and downlaod some programs, the only problem is i dont know what programs to download, if i know a name i can probably find a site from it.... thanks for above post.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.