Computer Security

Page 2 of 3 Previous  1, 2, 3  Next

Go down

FREE ANTI-SPYWARE

Post  CyrusKnyghtbane on Fri Apr 16, 2010 2:29 pm

I don't deviate much in my anti-spyware. I use one, and only one, product. That is SpyBot. One of my favorite features about this anti-spyware is it lets you know if ANYTHING is trying to change the registry. That is an AMAZING feature. Deffinatly worth the download.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

Don't Surf On An Administrator Account

Post  CyrusKnyghtbane on Fri Apr 16, 2010 2:30 pm

Okay, so back to not surfing on an administrator account. I have three different accounts of the same virus, hitting two different computers.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

Virus Attack #1

Post  CyrusKnyghtbane on Fri Apr 16, 2010 2:32 pm

I had a person set up. I told this person these same things I am informing you all of now.

"Don't surf on your admin account. If you get a virus, it has the ability to install itself, and then it's over."

This person didn't listen to me. Although I had made a limited use account on their computer for them, they still surfed on their Admin. Soon, this person caught a virus, and a perticularly nasty one. It wiped out their computer.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

Virus Attack #1 Results

Post  CyrusKnyghtbane on Fri Apr 16, 2010 2:34 pm

Since the person did not listen to me, and the virus got ahold of their admin account, it locked them out of their own computer.

It was reporting that the anti-virus was a virus. You were locked out of the registry. Porn ads were popping up ever few seconds. The entire system had to be deleted and re-installed. This is a pain when using certain things, like a wireless card that is in an Expansion slot, because you have to get the drivers, but you can't download them from the internet because you can't use your wireless network. It took 3 days to recover the system to working again.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

Virus Attack #2

Post  CyrusKnyghtbane on Fri Apr 16, 2010 2:36 pm

The same person, after recovering their system from the virus. Decided that it was very unlikely to happen again. So once again, they began to go to website on their administrator account. The same virus entered the system.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

Virus Attack #2 Results

Post  CyrusKnyghtbane on Fri Apr 16, 2010 2:37 pm

This time it was even harder to find drivers, because we were unable to get the information from the system, and I didn't keep a copy of the drivers. The computer went without networking capabilites for over 3 weeks. All in all, almost 1 month of not being able to use the computer, because they could not stand to surf on a limited use account. The computer is back in working order for now, and the user is swearing to stay on the limited use account.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

Virus Attack #3

Post  CyrusKnyghtbane on Fri Apr 16, 2010 2:41 pm

This attack happened durring the recovery phase of the second virual attack on the other system. Only this time, the user was my grandmother/grandfather/niece. I had told them all the same things, and had set up their computer in the same fashion. I gave them a new broswer (Because IE sucks), installed flash and all that, and then set them on a limited use account, and gave them the admin pass incase they had to install something.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

Virus Attack #3 Results

Post  CyrusKnyghtbane on Fri Apr 16, 2010 2:43 pm

The comptuer got the virus on the limited use account. Porn ads would pop up and the system was slow to react. I logged into the Admin account, and ran the virus scan. No viruses showed up, but I was still able to reach the registry. The virus had been contained to the limited use account. I deleted the account and all it's associated files, and made a new acocunt. The computer was down for about 15 minutes.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

Re: Computer Security

Post  CyrusKnyghtbane on Fri Apr 16, 2010 2:44 pm

As you can clearly see, using the limited use account can save the computer from having to be cleaned out and started over. So there's no reason why you should still be surfing on your admin account, unless you just are asking to have to download everything all over again.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

Re: Computer Security

Post  CyrusKnyghtbane on Fri Apr 16, 2010 2:44 pm

For those of you that wish, you should probably configure your router to block certain ports, or at least block certain flags.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

Re: Computer Security

Post  CyrusKnyghtbane on Fri Apr 16, 2010 2:46 pm

Flags are TCP's (Transfer Control Protocol) way of... keeping track of things. TCP sets up a session, using a three way hand shake.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

TCP Handshake

Post  CyrusKnyghtbane on Fri Apr 16, 2010 2:46 pm

The handshake goes as follows.

Client sends server a SYN flag.
Server sends client the SYN and ACK flags.
Client sends server the ACK flag.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

Handshake Breakdown

Post  CyrusKnyghtbane on Fri Apr 16, 2010 2:48 pm

That may sound kind of weird, but if you think about it, and I break it down a bit. It may make sense.

Client says to server. "I want to SYNchronize with you"
Server says to client. "I ACKnolwdege your request to SYNchronize with me."
Client says to server "I ACKnolwdege that it is okay to begin transmissions"
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

Re: Computer Security

Post  CyrusKnyghtbane on Fri Apr 16, 2010 2:50 pm

So one thing that should never happen, is that your system should NEVER be getting SYN flags. Unless that is, you are running a server of some kind out of your basement. Hey, you wouldn't be the first person I knew to do it. But chances are you are just running a regular OS and are doing the basic things on it. Surfing, gaming, watching porn, etc.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

Re: Computer Security

Post  CyrusKnyghtbane on Fri Apr 16, 2010 2:51 pm

In that case, you need to control any SYN flags coming your way. To do that you simply tell your router to only allow SYN flags if they're accompanied by the ACK flag. Only allow someone in that YOU initiated a conversation with. This can also stop a SYN flood attack.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

SYN Flood

Post  CyrusKnyghtbane on Fri Apr 16, 2010 2:52 pm

A SYN flood is where someone floods your system with SYN requests. It's a form of a DOS attack, which is Denial of Service.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

SYN Flood Break Down

Post  CyrusKnyghtbane on Fri Apr 16, 2010 2:54 pm

Think of a SYN Flood like this. I HATE Applebee's... So I call them, and reserve a table. Over and over again. Soon, I've reserved every table in the resturant. I've rented out the place, so to speak, so that no one else can eat there. But I never show up. Applebee's loses business to keep open the tables I reserved that no one ever showed up for.
That is the basic premise of a SYN Flood attack.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

NULL Session

Post  CyrusKnyghtbane on Fri Apr 16, 2010 2:55 pm

There is an attack called the NULL Session, and this is a TCP packet with NO FLAGS. That is something that should never happen, and it can confuse your router something aweful, giving way for a hole to be created in the port of the attackers choosing.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

Christmas Tree Attack

Post  CyrusKnyghtbane on Fri Apr 16, 2010 2:57 pm

The Christmas Tree attack is a little different. It makes use of the more rarely seen flags... PSH, RST, and URG ( Push, Reset, and Urgent respectively.) It sends all these flags flying at your system, so basically the packet is... "Lit up like a Christmas Tree"... And hopes that the router will think it lost a packet and will try to "re-establish" a session with the attacker's machine.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

Routers

Post  CyrusKnyghtbane on Fri Apr 16, 2010 2:58 pm

Each router is different, so I don't have time to break down how to get into every router and configure a firewall. But it is something you should only do if you have a GOOD understanding of what you're doing.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

Example #1

Post  CyrusKnyghtbane on Fri Apr 16, 2010 2:59 pm

You may realize that port 53 is for DNS. And that 53 TCP is for DNS Zone Transfers. You're not hosting a DNS server... BLOCK THAT SNIT!
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

Re: Computer Security

Post  CyrusKnyghtbane on Fri Apr 16, 2010 3:00 pm

CyrusKnyghtbane wrote:You may realize that port 53 is for DNS. And that 53 TCP is for DNS Zone Transfers. You're not hosting a DNS server... BLOCK THAT SNIT!

OH NO! Port 53 UDP is for DNS name queries. You have just blocked the port to allow your computer to realise that www.google.com = 165.146.25.98 (No, I don't know if that's google's real IP address.)
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

Google's Real IP

Post  CyrusKnyghtbane on Fri Apr 16, 2010 3:01 pm

74.125.47.105 is Google's actual IP address. Just incase anyone was wondering.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

How I Found Out

Post  CyrusKnyghtbane on Fri Apr 16, 2010 3:01 pm

Open up your command prompt and type in "ping google.com"
It will show that you get a reply from an IP address. That's google's.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

How To Open Up Command Prompt

Post  CyrusKnyghtbane on Fri Apr 16, 2010 3:02 pm

Click your Start menu, then click "Run" and type in "cmd". It should open up a black box. That's where you type.
avatar
CyrusKnyghtbane
forum spammer

Posts : 279
Join date : 2010-03-28
Age : 31
Location : Derby City

View user profile

Back to top Go down

Re: Computer Security

Post  Sponsored content


Sponsored content


Back to top Go down

Page 2 of 3 Previous  1, 2, 3  Next

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum