Attention! You do not need antivirus!

[Ice Czar]

haha, so he's not even installing the windows updates which he deemed the needed step in preventing infections?

I just read back in the thread
pretty sure hes not infected, or at least by that, he is on Redhat
he is however hosting infected files for his "friends"

provided hes not just trolling, and that he was truthful
he has indeed provided enough information to be compromised
and since he is under the dillusion that he can actually spot an infection or rootkit
he may already be compromised, as I pointed out before, once a rootkit has been run on you
all "evidence" be it signiture or huristic based activity is generally removed
anything that might tip the hand

http://www.honeynet.org/ > http://www.honeynet.org/papers/index.html > Know Your Enemy: III - 27 March, 2000
What happens after the script kiddie gains root. Specifically, how they cover their tracks while they monitor your system. The paper goes through step by step on a system that was compromised, with system logs and keystrokes to verify each step. NOTE: This paper is no longer maintained and is considered out of date.

 

[Token User]

haha, so he's not even installing the windows updates which he deemed the needed step in preventing infections?

I'm not going to defend DigitalisAkujin, but if you read the thread, he is running RH Linux v7.3 (unless that is just FUD), so the fact that his ftp site is open, and files infected with windows based virii is beside the point - he wont get infected AND he will only get infected if he runs the file on a windows based machine (or one of his dumbass friend downloads it, and wonders why HE is now infected). Actualy, his friend wouldn't know probably - because he is such an expert, and has probably disabled the anti virus software, and taken down the firewall so his friend can get an extra 2 FPS in D3.

I dont drop to name calling that often - not many people piss me off, but DigitalisAkujin is a loser who doesn't deserve to be behind a keyboard.

[EDIT: Sniped by Ice Czar while typing my reply ... umm, yeah, what Ice Czar said. BTW - adding DigitalisAkujin's IP address to any form of blocker is irrelevant, because it is a virtual DNS entry. His IP address is dynamicaly allocated.]

 

[Stugots]

I just read back in the thread
pretty sure hes not infected, or at least by that, he is on Redhat
he is however hosting infected files for his "friends"

no, that was a different site, i went back and checked myself also...

the system on mach1.DigitalisAkujin.com is running serv-u, and thats a windows only program i believe.

 

[Stugots]

www.digitalisakujin.com, the site from his previous post, its server hosting site. http://www.uapi.net/. yea its running linux but im sure its behind some sort of firewall, my 'scans' show its behind a checkpoint firewall. this site has MANY open vulnerable ports open.

mach1.digitalisakujin.com, his personaly computer on a comcast cable modem, the computer i proved had the worm. its most likely a windows machines (99.5% confident in that) because he's running serv-u ftp which is a windows only ftp server.

 

[Stugots]

like i said before, its probobly behind a firewall of that hosting company. i didnt want to post any portscan results or ip's cause i didnt want to get in trouble by any mods. like i said before, mach1.digitalisakujin.com is his home system, thats the fun one.

aahh, gotta love nmap

 

[Wolf-R1]

Or how about their DNS servers? They actually show much of the same results.

 

[Wolf-R1]

like i said before, its probobly behind a firewall of that hosting company. i didnt want to post any portscan results or ip's cause i didnt want to get in trouble by any mods. like i said before, mach1.digitalisakujin.com is his home system, thats the fun one.

aahh, gotta love nmap

As far as I am concerned it's public info. Anyone can get to it at any time and for any reason. That is partly the basis of this thread. And if his stuff is as secure as he says it is then it won't matter anway because he's protected.
If any mods object to it they need to let me know and I won't do it anymore.

but yes...Nmap is my friend and yours.

 

[Stugots]

its kinda funny that i actually found a virus on his system because it just goes to show that if your not running any antivirus or firewall, you probobly allready have a virus on your system but just because its not rebooting your machine ever 30 seconds or doing something you cant see right away your under the illusion that your not infected. with new viruses or new variants of viruses practically coming out each day i think an antivirus program is necessary. another good note is that amd and intel are both coming out with processors that have NX (NoeXecute) technology that is supposed to stop some viruses from executing. windows xp sp2 allready supports this but only some a64 cpu's have this feature built in. intel p4's are coming out with this soon, if i remember reading it correctly there will be a J on the model name to designate those with NX enabled.

 

[Wolf-R1]

LOL I think it's funnier that you got into his system.

Anyway, the latest statistic is that it takes an unpatched Windows system 8-10 minutes of Internet connection to contract a virus. If you don't patch your machine, run AV, and a firewall you're asking to be kicked in the ass. It's only a matter of time.

And given the way M$ handles patch management it's a guarantee that hacks, cracks, and virus writers already know about the exploits as well.

 

[Token User]

mach1.digitalisakujin.com, his personaly computer on a comcast cable modem, the computer i proved had the worm. its most likely a windows machines (99.5% confident in that) because he's running serv-u ftp which is a windows only ftp server.

True ... definately Windows

C:\>ftp 68.85.86.35
Connected to 68.85.86.35.
220 Serv-U FTP Server v5.0 for WinSock ready...
User (68.85.86.35:(none)):

I haven't played with this stuff for a LONG time (since doing penetration testing at a previous company). Just went out to update my foundstone.com apps - and discovered they were bought by McAfee. Interesting (though not a surprising) combination.

 

[Stugots]

LOL I think it's funnier that you got into his system...

he's got anonymous ftp access on both of those sites.

watch when he comes back here he'll say something like he purposely enables anonymous access to test us or some shit.

 

[starhawk]

what an idiot.

i say somebody drop him a wake-up call, like the portalsearching spyware, or some virus that's mostly harmless (no permanent damage) but is annoying and screws things up temporarily... just enough to convince him that maybe norton is a good idea.

 

[Wolf-R1]

he's got anonymous ftp access on both of those sites.

watch when he comes back here he'll say something like he purposely enables anonymous access to test us or some shit.

LOL Ok so you didn't break in...just knocked on the door and it opened.

 

[The_Mage18]

I'm almost affraid to post in this thread for fear of someone attacking me for it but here goes...

Personally, I don't like software firewalls on my machine. Windows just wasn't designed with network security and integration in mind. That and the network components initialize before any software firewall, even service based ones, initialize.

For a server, I got my hands on a Cobalt Qube 3 that I've upgraded hardware-wise and installed all the updates. I've turned off a lot of the unecessary services that I don't use and blocked outside access to all but a couple of ones I do use. I rotate the password on it monthly with alphanumeric passwords to keep password crackers from breaking in too easily.

Wireless is handled by a router with DHCP turned off but the firewall still enabled. Only certain IPs are allowed on certain ports which the server itself dictates who gets what IP by MAC. WEP is enabled as is no SSID broadcast, nonstandard channel communications and MAC filtering for the only 3 devices on my network.

Remote access is possible with the right port and VPN user/password that is also rotated.

All my machines use Norton. I don't like McAffee's solution and have never been impressed with its virus cleaning abilities. I've shyed away from PCCillian after earlier versions that did not detect as many virii as Norton or McAffee. I also do a routine inspection of my main rig (the only one that is powered on consistantly) weekly, sometimes daily, for unusual files, hi CPU usage, RAM usage spikes and unknown running processes, run Ad Aware and Spybot and have a weekly complete NAV scan of all drives.

I haven't had any issues that I've detected to date and have been virus free. Even still, I found a trojan running in Kazaa a year or so back that disabled NAV and caused a memory leak.

My suggestion to scotty8 is simple, cut off his access. I don't know exactly how your network is setup but it's pretty simple really, just block his MAC from your router/server and tell him if he doesn't listen and won't run antivirus, he can't have access to the network because you're tired of trying to clean up his PC and keep it from hosing the other systems on the network.

 

[Ice Czar]

As far as I am concerned it's public info. Anyone can get to it at any time and for any reason. That is partly the basis of this thread. And if his stuff is as secure as he says it is then it won't matter anway because he's protected.
If any mods object to it they need to let me know and I won't do it anymore.

but yes...Nmap is my friend and yours.

well this is not "my" forum, however till Bob shows up
I think we'll forgo the specifics
an anonymous ftp access is one thing,
publishing nmap results is another

its entirely possible this thread has transgressed several boundaries
but since Im not up on the specifics of this forum's culture and exactly where Bob has draw the line,
Ive leaned towards the permissive, he may alter that
I did however make that post go bye bye


in addition

what an idiot.

I will assume that is directed at sc0tty8's miscreant LAN mate
(which seems likely) and since he isnt in this thread
it aint a problem,
of course if such an acolade where addressed to a participant of this thread...
we have very draconian flaming rules forum wide
always best to be "clear" when throwing such epitaphs into a hot thread

 

[mosin]

It is better then that nutscrap/firefox crap, and there is nothing wrong with it, I have never had a problem with it, so, why would I change it out? Can you tell me it has cause you problems? Firefox is not as secure as most seem to think, either. As it gains popularity, there will be more probs with it. My friend is a linux/opensource guru, and he does not use it, tells me something...

...and your other friend doesn't use an antivirus program. hmm...

 

[Wolf-R1]

Well, I stand by my initial assertion that it's public information and easily attainable with the right tools.

I will not however go against the judgement of the [H] Forum moderators and post that stuff anymore if you don't want it seen.

In the end, the deletion of the contents of my post proved a very valid point. You need a firewall to cover your ass. All of you do. I don't care what you think Windows is or isn't made for. What it will or will not handle and why.

If you can't afford an external, hardware based firewall then get a free one to run on your machine until you can. A good one won't significantly impact your ping times in games anyways.

As far as AV is concerned...I think the deletion of my post served the same purpose. Worm viruses work by exploiting open ports with vulnerable processes listening to them. A firewall such as the one protecting that one that I Nmap'ed might not catch a worm as it doesn't generally port scan so much as it send out to random IP addresses on specific ports.

Anyways...I know the lot of you that don't run AV or firewalls have your reasons. I'll be blunt and tell you that they're stupid. After all...most of you are now afraid of posting here for fear of an attack on your systems. You wouldn't need a quarter of the fear if your systems were protected.

 

[Stugots]

damn it, im dying here with anticipation of mr no antivirus/firewall to post again...

 

[DigitalisAkujin]

the exes on my FTP where made by me..... so if ur virus scan detects them they are mine

Like i said I have the source code to worms.

O btw....

VNC limits it's passwords to 8 characters due to a software limitation.

Even if you type in 11 characters it will cut off the last 3. Most people won't notice because when u type the password in it will cut off the characters as well and only count the first 8.

This is for ALL versions of VNC (with possibly the exception of Ultra, I never used Ultra so I wouldn't know).

 

[DigitalisAkujin]

I'm not going to defend DigitalisAkujin, but if you read the thread, he is running RH Linux v7.3 (unless that is just FUD), so the fact that his ftp site is open, and files infected with windows based virii is beside the point - he wont get infected AND he will only get infected if he runs the file on a windows based machine (or one of his dumbass friend downloads it, and wonders why HE is now infected). Actualy, his friend wouldn't know probably - because he is such an expert, and has probably disabled the anti virus software, and taken down the firewall so his friend can get an extra 2 FPS in D3.

I dont drop to name calling that often - not many people piss me off, but DigitalisAkujin is a loser who doesn't deserve to be behind a keyboard.

[EDIT: Sniped by Ice Czar while typing my reply ... umm, yeah, what Ice Czar said. BTW - adding DigitalisAkujin's IP address to any form of blocker is irrelevant, because it is a virtual DNS entry. His IP address is dynamicaly allocated.]

Actually RH Linux v7.3 is my website's server which is not maintained by me. I do have shell access but limited and I only use it to edit the ZONES files which brings me to another point. Though yes my IP is dynamic it's ussually static and changes very rarely. Actually if I spoof my router's MAC address comcast will dish out another IP address. The subdomain "mach1.digitalisakujin.com" was added into the zones file by me manually.

 

[DigitalisAkujin]

Also since you guys are very sceptical that I have this source code. Here's the config.h file of rBot_(rXbot)_DoS_Mod_Ita_Version(1)


DELETED

 

[Ice Czar]

Error

You will not do that again, irregardless of whatever perceived provocation

the exes on my FTP where made by me..... so if ur virus scan detects them they are mine.

(18) You will not discuss, suggest, engage, or encourage any ILLEGAL ACTIVITIES.
Links provided to locations that deal with any such activity are also expressly forbidden.

even a portion of source code for malware obviously falls under that category

there is a limited amount of slack given new members to learn the ropes
and you just used up most of it
and like in life, failure to learn is generally terminal

 

[Mister X]

Did anyone call the sig cops on DigitalisAkujin?

 

[technofox]

I believe people should run AVG anti-virus if you are so concerned about performance. I have used AVG for quite some time and I have had norton for as long as I can remember. Norton has gotten worse over the past few years and AVG to my surprise has detected more trojens on my clients computer than their norton antivirus 2004. I have actually benchmarked my machine with 3dmark04 and have roughly a 20 mark difference with vs without avg running. Norton 2004 has definitely become more intrusive than previous generations inlcuding mcafee, both of which btw causes your machine to slow down to a crawl. Any how, if you want protection of an antivirus without sacraficing performance too much, AVG works great. I have installed AVG on an old P150Mhz machine just recently with windows 98 on it and only 24mb of RAM and it still zipped along pretty quickly, until you start opening IE 6 browser windows I gave it away to my cousin because his gf needed her own computer. As for a firewall I don't bother with software firewalls if I am behind a NAT router on my own network, other than that I like the built in firewall of Windows XP SP2.

 

[technofox]

Actually RH Linux v7.3 is my website's server which is not maintained by me. I do have shell access but limited and I only use it to edit the ZONES files which brings me to another point. Though yes my IP is dynamic it's ussually static and changes very rarely. Actually if I spoof my router's MAC address comcast will dish out another IP address. The subdomain "mach1.digitalisakujin.com" was added into the zones file by me manually.

I think you may want to do a little research before posting such info. Especially when there are a lot of people on a message board and you don't know the culture or the type of people here.

I run a fedora linux server, I usually get a lot of hackers from several areas trying to break in through my secure shell server. Unfortunately for them I disabled the login for root, which I still have the logs that I could post to humor everyone here on this message board. My favorite one was this one person who tried logining into root several times while receiving a message that said access denied several times. Sure enough I used putty to this individual's machine and they were running ssh as well, so this was obviously another linux user. I left a cute little message as my username and the password duh! to mess with them. I don't bother hacking into other people's machines as it is a waste of my time.

If any of you try to ssh into my server good luck doing it with out a port scan I changed the port number to something pretty high, which btw has prevented other occurances of hackers and script kiddies from trying to get in.

If any of you are curious on creating a sendmail server with a dynamic ip, I have documentation on how to get around spam blockers that happen to block dynamic ip addresses. I don't spam but I hate getting bounced emails when I try to email friends through my mail server. The doc I have is pretty good. I also have this link to help out those who have dynamic ips and a domain name www.dnsexit.com this company provides free dynamic nameservers and update clients. I use it personally, just run a dig on technofox.net for an example. I have a dynamic ip and every time my isp changes it, it sends it to dnsexit's nameservers and they change the ip in almost real time. No more waiting 24 hours for higher level nameservers to update to a changed ip, which eliminates down time and a need for your own personal name server.

I am still experimenting with virtual hosting by name (I was used to using by ip), so if you get any info about what version of apache I am running, its because I haven't had the time to fix it.

If any of you want some info on linux servers running on dynamic ips, just email me any questions and I'll gladly send the information. I have done thorough research on it, because of my situation with a dynamic ip. I don't mind sharing knowledge.

 

[Stugots]

...
VNC limits it's passwords to 8 characters due to a software limitation.

Even if you type in 11 characters it will cut off the last 3. Most people won't notice because when u type the password in it will cut off the characters as well and only count the first 8.

This is for ALL versions of VNC (with possibly the exception of Ultra, I never used Ultra so I wouldn't know).

im still amazed that your provoking attacks.

btw, there are 68210 viruses on symantecs "threat" list, thats well over 1 a day since you we were even born. the really ub3r smart people know the behavior of each and every one of those.

 

[Tex Arcana]

Wow, some of you guys should really just not say things like this in a security forum.

<snip>

The bottom line is, use some sort of AV and firewall. Even if the firewall is just in your DSL/Cable router or even if your AV is something small and free like Antivir. At least use something...because if you don't, you have no one to blame but yourself if something bad happens.

Well said, I definitely couldn't say it better myself.

People who don't run some form of protections are complete fools. There are so many threats that come in ALL forms, it's not funny. Latest one I heard of: JPEG vulnerability in IE. And I've seen it in action, on a friend's PC, that I had set up running AntiVir (www.free-av.com), to scan ALL files and report all contacts--and the attempted trojan loads were coming THROUGH Jpegs on the dang JUNO portal page!! I set it up to report that way, so my friend could learn exactly how bad infections can get, and to teach him to do the updates regularly.

ANY system I set up these days, I do this:

**AntiVir, set to scan ALL files (if your machine isn't powerful enough to do it, then you need a new machine), with full heuristics, automatic repair or delete, and logging;

**Spybot: Search & Destroy, set to maximum scan and protection, and automatic updates (the new version stays resident to improve its blocking abilities);

**SpywareBlaster, set to block all known bad sites and vulnerabilities, for both Mozilla and IE--it also integrates with S:S&D to maximize protection; and,

**McAffee Stinger, a specialized scanner that must be run manually, but catches some of those worms and virii that get past the rest of the protections.

I'm sitting behind a firewall on both the store and home machines, and when this stuff is doing their things, we get no problems. Older son tends to get into sites that are infected, so his machines are usualyl riddled, but beyond that, it stays quarrantined.

I also love the preceding because they are ALL FREE!!

So, those of you who aren't protected... yer all fools. Pull yer collective heads out, and get protected. That is all.

 

[Stellar]

I have not read or participated in this entire thread, but for those who may be looking for the best a/v s/w with the smallest possible footprint, I HIGHLY recommend NOD32.

http://www.nod32.com/home/home.htm

 

[sultan_emerr]

BitDefender AvtiVirus - Free Edition 7 = http://www.bitdefender.com/bd/site/downloads.php?menu_id=21

 

[Jitsu]

I never used antivirus or firewalls until I got on the virus-ridden network at my university.

So many fucking noobs on this network.

I have never gotten a virus on my personal computers before coming to college.

In one day at college, I recieved three different viruses.

Next year I'm not connecting to the network for at least three days after the fall semester starts.

 

[Token User]

I never used antivirus or firewalls until I got on the virus-ridden network at my university.

So many fucking noobs on this network.

I have never gotten a virus on my personal computers before coming to college.

In one day at college, I recieved three different viruses.

Next year I'm not connecting to the network for at least three days after the fall semester starts.

... and the noobs will continue to have virii, and the enlightened will be running a virus scanner, and a personal firewall.

This is the crux f the argument. If you can maintain a clean environment behind a local firewall, the usefulness of virus scanners and personal firewalls is diminished. The minute you attach to a public network, you absolutely must protect yourself. Your locked down personal network suddenly becomes useless if you take your laptop that you have been running in a public environment, and "jump" the firewall to plug back in at home - suddenly exposing all the machines you might have behind your firewall.

For the minimal CPU hit, not running a antivirus software is like having unprotected sex. You mightn't catch anything, you mightn't spread something to anyone else (especially those payload virii that infect your bank accounts for 18 years or more ), but the risks aren't worth it.

 

[scoob8000]

If any of you try to ssh into my server good luck doing it with out a port scan I changed the port number to something pretty high, which btw has prevented other occurances of hackers and script kiddies from trying to get in.

Set iptables to only open that port for the IP's you specify. Not foolproof, but a little extra protection..


Anyway, of course I didnt read all 18,000 pages of this thread. Just 1, 2, 3, and the last two. Not to add to the flames, but anyone who connects to the public internet and isn't behind at LEAST a nat firewall (only very basic protection) is just plain stupid.

You don't have an AV or have never done a full system scan, how the hell do you know you don't have virus(es) laying dormant in your system?

At work we setup a windows 2000 workstation, and I argued we should put a firewall or AV on it before assigning it a public IP. Within 10 minutes of being connected (in the middle of downloading windows updates) it contracted the blaster!

As not running A/V because it's a resource hog, I don't blame you. Thats why I don't use Norton 2003 and up. Seems like the newer it is, the more resource intensive.

In the workplace I like Symantec 9, uses very little resources.

The free home options would be Avast! or AVG.

That will be $.02 (and don't paypal it, the fee will be more than 2 cents )

-scoob8000

 

[Ice Czar]

Within 10 minutes of being connected (in the middle of downloading windows updates) it contracted the blaster!

or sasser
again from Help Im infected with...
----------------------------------------------------------------------------------------------
rampant paranoia 101 for W2K\XP
(still adding moduals to this)

a personal checklist
---------------------------------------------------------------
install Service Pack and hotfixes
close the vulnerable NetBIOS ports and cleanup bindings
Cofigure IPSec
Retrict access to LSA info

disable unecessary services

disable Guest account
setup my user account
rename Administrator account
create fake Administrator account (disabled)
enable network lockout of the true Administrator account
Limit the number of logon accounts

remove the "Everyone" group and replace with "Authenticated Users" shares
disable default hidden shares, administrative shares, IPC$

disable HTML in e-mail
disable ActiveX
disabling or limiting WHS\VB\Java\Java Scripts (install HTAstop, Script Defender, noscript.exe)
rename shscrap.dll to shscrapold;
Unhide File extensions, protected files, all files and folders

Enable Encrypted File System
Encrypt the Temp Directory
setup to clear the paging file at shutdown
lockdown the registry

disable dumpfile creation
remove insecure subsystems (OS/2 and POSIX)

protect or remove: arp.exe \ at.exe \ cacls.exe \ cmd.exe \ Command.com \ cscript.exe \ debug.exe \ edit.com \ edlin.exe \ finger.exe \ ftp.exe \ pconfig.exe \ Issync.exe \ nbtstat.exe \ net.exe \ Net1.exe \ netstat.exe \ netsh.exe \ nslookup.exe \ ping.exe \ posix.exe \ qbasic.exe \ rcp.exe \ regedit.exe \ regedt32.exe \ regini.exe \ rexec.exe \ rsh.exe \ route.exe \ Runas.exe \ runonce.exe \ telnet.exe \ tftp.exe \ tracert.exe \ Tlntsvr.exe \ wscript.exe \ xcopy.exe
remove the .reg file association from the registry editor
these all make it much harder for someone that has already compromised your computer
it there is a brain behind the attack (a hack or trojan) then they would need to reenable these if they can, which might tip their hand, the same goes for an automated attack like a worm, if it could manage it at all, and many more minor peices of malware\spyware, rely on some of these for infection or more accurately reinfection like runonce.exe, regedit, ect or as the vector for infection in more serious malware like ftp or telnet

Install and schedual trojan scanner, anti virus and intrusion detection
Install and configure Worm Guard and Process Guard

configure security policy control
enable auditing (logon, object, privilege, account management, policy, system)
set permissions on the security event log
set account lockout policy
assign user rights
set security options
configure firewall

Test
> connect to the internet
Run NessusWX (freeware) Baseline Security Analyzer (freeware)


Do additional remote Port Scans

Its extremely rare any one box would get all of those
but I consider all of them
-------------------------------------------------------------------------------------------------------


Edited order
the Baseline Security Analyzer (requires your connected to the internet)

 

[scoob8000]

rampant paranoia 101 for W2K\XP
(still adding moduals to this)
a personal checklist

Very nice..

-scoob8000

 

[Wolf-R1]

wholly chit?!

Is this piece of crap thread still around?!

Ice Czar - EXCELLENT!! I'll be perusing your sticky in that other forum for the info you've collected. Thanks bro!