Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Trackers Second Review Response

Reply
Thread Tools

Trackers Second Review Response

 
 
Murray Cooper
Guest
Posts: n/a
 
      09-30-2003
Tracker wrote:

> Remember, weíre talking about Windows Platforms (excluding 2000,NT,XP)
> and my book was written for basic home computer users only. Itís has
> seen grown into a book which will help three levels of computer Windows
> users.


"It's has seen grown..."? Was this book originally
written and published in a language other than English?

 
Reply With Quote
 
 
 
 
Tracker
Guest
Posts: n/a
 
      09-30-2003
Remember, weíre talking about Windows Platforms (excluding 2000,NT,XP)
and my book was written for basic home computer users only. Itís has
seen grown into a book which will help three levels of computer Windows
users.

> HACKERS SECRET WEAPONS:
>
> A. Hackers disable your Daylight Savings Time.


As mentioned before, there is not a logical reason for a "hacker" to do
this and make themselves obvious. It poses no advantage whatsoever.

ME: Just letting people know that on occasion, my screen would ask if I
wanted to change the daylight savings time. My guess is the hacker was
just playing games with me and my computers. What reason would anyone
else request this behavior but hackers.

> B. The clock on the desktop can be one hour ahead or one hour behind,
> on occasion.


See A

ME: Tracking computer time is very important if you want to track down
a hackers malicious activity. The same applies for your clock time
changing regularly on your system. You have already seen a copy of the
hackers firewall log and how the dates and time change from month to
month. Can you imagine having an IP from Seattle appear in your log
which was posted one month prior to todayís date. Think about it!

> C. Your Network Places Icon on the desktop disappears.


Common Windows bug. Corrupted explorer file, faulty hardware (NIC card),

corrupted registry. No hacker purpose. See response to A.

ME: One day the Network Places Icon is on the desktop for a few days and
then it disappears for a few days. May be a week later this Icon again
appears for a few hours and then it disappears. We never could connect
this icon with any network mapping of drives. Itís just a sign to look
for when your computer is hacked/owned.

> D. If using a Windows platform: when you start your computer, your
> original screen will pop up, but since the hackers need to boot into
> their Networks, or Server(s), the system will quickly re-boot and the
> original screen will appear twice. But your system may re-boot twice
> instead of once when loading Windows OEM versions.


Can be caused by full logs and OS errors. System setting can force a
reboot if logs are full or if OS does not load properly. Installation of
wallpaper and images on the desktop can cause unusual activity at start
up especially if the items conflict.

ME: This activity is something to watch for because the system would
also reboot on itís own after the computer was loaded. You have to also
remember that we were changing between DHCP, PPP and dial-up every few
minutes or every few hours and the owned system was running two Virtual
Private Networks. Same applies to E!

> E. If your computer system occasionally re-boots on itís own, the
> hacker may need to update their Networks, or Servers to make their
> computer system function properly.


See D. Possible BO or Netbus installation.

> F. If you play Yahoo Games, you may find yourself being kicked out of
> the board your playing in. If your winning a game and youíre the host,


> the hacker may not let you back in to finish. This means you just lost


> a game at the hackers expense. When the computer was hacker safe, I
> went back to playing games and havenít been booted out of a game,
> since.


Software error. Communication issues between your ISP and Yahoo. The
term "hacker safe" implies that the system had been reloaded or
repaired. Reloading software would replace corrupted software allowing
normal access.

ME: As stated, when the system was hacked I found myself being booted
out of Yahoo games on occasion. After the computers hard drive was
formatted, applications installed from CD-ROM only, Windows services
disable, anti-virus and firewall installed, I wasnít booted out of any
Yahoo games from that point on.

> G. A browser application like Netscape, or Internet Explorer you use
> to filter out, or kill file certain individuals will not function
> indefinitely. When your computer system is compromised, you arenít
> able to filter out people in your browser for more then 1-2 days. A
> number of computer owners whose systems have been compromised, have
> advised me they also had the same problem. Because hackers were using
> your illegally installed Servers for posting to the Internet, this is
> why you are unable to filter or kill file them. This information was
> very apparent to myself and other ferret owners whose computer were
> compromised.


Corruption in the kill file database, erroneous entries in the database.
Email spoofing to newsgroup.

ME: All I can fess up to is that after the computers were secured,
e-mail addresses in these applications and other e-mail applications
were able to be filtered out. Other ferret owners wouldnít give me
their permission to post their e-mail addresses to verify my statement.
One ferret owner wasnít even able to filter out or block certain e-mail
addresses in their e-mail application.

> H. When you begin to see Usenet remarks, made on behalf of your
> personal life which is private information.


There is a wealth of information available about anyone on the Internet.
A bit of searching can reveal very personal info. Social engineering may
have been used as well.

ME: Believe me, there is a ton of information a person can discover
about any one who uses the Internet and posts to it. What Iíve
discovered on this topic is very "scary". Private information means -
What you type on your computer keyboard at home that "no one" in the
world would be able to view except you or your family. But, all of a
sudden you find other Internet users posting your personal adventures
and life experiences. This is in my book so I will discuss it here.
BTW- The Trackers made me write this personal information in my book and
the story written is a bit embarrassing. How
Dag & Cate (ferret owners) were discovered is because I write prisoners
and their letters are written on my computer. They made a Usenet post
about this and this is how I discovered their hacking activity.

> I. Some of your personal files are modified years before they were
> created. I have seen a number of personal files modified 7-8 years
> before they were even created. How to accomplish this maneuver: Select


> Start, Settings, Control Panel, Date/Time, where the year is, Select
> the up or down arrow and, viola. Then open up any file and Select
> Save. A new creation date is present.


No logical reason for a "hacker" to change dates on files. Serves no
purpose unless it is to prevent shareware from expiring and normally the
dates on those files are moved forward not backward. Many system files
have old dates as the dates on the files indicate when they were
originally created. MS still uses files that were created years ago and
the dates on the files were not changed. You can verify this by
exploring any MS CD.

ME: Weíre only talking about "personal files", not system files as you
mention. My only reasoning behind this is: the hackers were reading all
my personal files and they didnít want me to discover their activity.
All I can tell you is that many of my personal files, whether recently
created or older files, had creation dates which were 7-8 years prior to
them being written.

> J. You will find a number of files hidden/readable only, which is a
> common practice in the hacking world.


Windows and other software uses hidden files. Not an indicator that a
"hacker" made the changes. Also possible with a corrupted FAT table.

ME: Your correct! The hackers arenít going to allow you to see all the
Folders and Files on your drive which they are utilizing to store their
malicious activity. The hackers hid on a number of systems their
directories with pornography pictures, remailer stats, zipped files, to
name a few. If you canít see a hidden file "no one" knows why itís
there in the first place and most basic computer users donít understand
why one folder is lighter then the other. Off the top of my head I
canít totally remember the significance of the readable only files which
were discovered. There were a number of files which needed to be put in
archive mode and to remove the readable only status.

> K. When you find additional information in your boot.ini file which
> relate to a Virtual Private Network, this can be either software,
> hardware or device driver oriented.


Installing a VPN poses no advantage to a "hacker" aside from the ability
to encrypt data transfers.

ME: Believe me, Iíve physically seen more then my share of hacked/owned
computers running Virtual Private Network(s) (VPN). In my possession is
a number of victims hard drives which were owned by hackers. These
hackers have installed one or two VPNs on the these drives. I will
admit, my knowledge with VPNs is zero, but curiosity taught me a few
things after speaking with a Network dude. Select Start, Settings,
Control Panel and Network if your a basic home owner and verify if your
computer is running any VPN adapters. This is all you need to hear
about this issue, period. My words are proof enough for the basic home
user.

> L. Under Search for Files and Folders, perform a search on any file
> modified in the past month, you will see files which just donít need
> to be modified, or files you donít even recognize. For the basic
> computer user, youíll want to focus on the files which you donít
> recognize. Unless your a skilled professional, you wonít realize which


> files need to be present or modified, but give it a try anyways. [To
> perform the above you will need to see all Hidden Files and Folders.]


Files are updated constantly by using the OS and software on the
computer. Most software installations contain numerous files and a basic
Windows installation contains hundreds to thousands of files. It indeed
would be impossible for most users to recognize all of the files. This
exercise would not indicate any hacker activity.

ME: When you view the files which were accessed in the past month, it
will reveal a wealth of applications and files you have or a hacker has
opened and accessed. Say for example you see:
c:\msoffice\excel\(filename) and you havenít accessed Excel in two or
more months, this means the hackers were looking in this directory and
reading your personal files.

> M. Select Start, Settings, Control Panel and Network, and look at,
> following network components showing. If you see one AOL adapter and
> have never used AOL, then two AOL adapters, two TCP/IP, two Dial-Up
> adapters, one or two Virtual Private Network adapters, your computer
> could be compromised. A Virtual Private Network is widely used by
> hackers because it can host up to 254 users. "This applies to the
> basic Internet user who has one modem, one ISP and isnít running any
> FTP, HTTP, NNTP, PROXY, SMTP, SOCKS, SQL, or SQUID >SERVER." My skills

working with VPNs is almost zero. Every victims >system Iíve seen had
two VPNs setup and they were only using a modem >to connect to the
Internet.

AOL installs along with many applications and has been included on base
OS installations since early releases of Windows 95. VPN's serve no
useful purpose to a "hacker" beyond the ability to encrypt the data
transfer stream.

ME: The above statements are for the basic computer user, not for a
companies or corporations benefit. My point is: if your computer is
accessing the Internet though a dial-up connection and you have one
modem, you should only see "One Dial-up Adapter and One TCP/IP Dial-up
Adapter" under your Network settings, period. Windows doesnít install a
Virtual Private Network by default (I have not tested 2000,NT/XP). So
how do you think any VPN connection was set-up since Microsoft doesnít
install this by default? Itís because your computer is already
hacked/owned by malicious hackers. DUH!

> N. Next, Select Start, Run, type Regedit, Select Registry, Select
> Export Registry File, in the box type a name say 4-12-02.txt and
> Select save. Then open this file with a text editor, and you might be
> shocked to find what really is installed on your computer system.
> Check the bottom of this file because hackers love to install an array


> of applications including Network/Server files and device drivers.


No need to export the registry file to view it. Registry entries are not
added to the "bottom" of the registry. Each registry area has a purpose
and contains specific information. Making all "hacker" entries at the
"bottom" of the file would result in applications not running properly.

ME: When you load an application, the needed files to run this
application will be seen in your registry. Hardware/Application/Device
Driver information can be setup by hackers at the bottom of the file.
After viewing all "hidden" Folders and Files, what I did was
"incorporate" one registry entry at a time. You could see a major
difference. Each time you save the registry file it will create a file
called RB000.CAB and so forth, depending on how many copies that you
have saved. If you perform the backup when the hackers are abusing your
system, you might only see 30 lines of text in the registry, the next
time 100 lines, and so on. This is a clear sign that your computer is
compromised.

> O. You will have to turn your computer off by the power supply on a
> regular basis.


I assume this means you are unable to select shutdown from the start
menu. This was a common bug in 95 and 98 on some manufacturers computer.
Patches were released to repair this bug.

ME: Had to laugh at your remarks, but itís cool. One of the main
reasons the computer had to be shut down by the power supply was because
of switching from DHCP, PPP, dial-up on a regular basis. Most basic
computer users wouldnít be running three different Internet Service
Providers along with Cable. Even utilizing DHCP and dial-up also caused
the system to hang and I wasnít able to shutdown by any means except the
power supply. Not being able to shut down your system on a regular
basis is one clear sign your computer is hacked/owned, trust me.

> P. Installing a Network Interface Card will cause problems until the
> hackers configure this device into their Servers or Virtual Private
> Network they setup on your computer.


Removing and re-installing a NIC should include deletion of the drivers
and ensuring that the old card is not still bound to any protocols.
Installing a new NIC would require configuring the OS to recognize the
NIC and bind protocols and services to it.

ME: This is correct! In the case of my hacked computers, two different
Network Interface Cards were installed on a number of occasions. If an
individual configures a NIC properly, there should be no problems after
the fact. I canít remember off the top of my head all the problems we
ran into, but there were significant enough problems to mention this in
my book.

> Q. You find your CD-ROM drive opens and closes without your
> permission.


Possibly and indicator of Netbus and/or Back Orifice installation.
Potential "hacker" activity. Can also be caused by a defective drive.

> R. You could hear an annoying beep coming from your system speakers.


Possible system alert or Netbus/BO trojan installation.

> S. Your windows screen goes horizontal or vertical.


Bad video card, loose video connections, BO installation

> T. The screen saver picture changes without your permission.


Registry corruption.

> V. All of a sudden, your speakers decide to play you some music.


CD set to Autoplay or BO installation. Application running in
background.

ME: Q-T and V deals with having a Trojan Horse on your computer and some
of the tricks these Trojan Horses can play on you.

> U. On occasion your mouse is out of your control or has an imagination


> of itís own. But this could also be caused by a corrupt mouse driver.


Correct about the mouse driver. Can also be caused by lint/ dirt build
up o the mouse rollers or on the optical sensor as well as by a
defective mouse.

ME: If you find you have updated the mouse drive, cleaned the lint/dirt
build-up, but your mouse still has an imagination of itís own, your next
best bet is your computer is hacked/owned. Do your own research in
Google/Yahoo concerning the questions people ask about mouse control.
Just remember, "most" Windows users donít realize they need to disable
Windows services before they stick their computer on the Internet. By
that time, a malicious hacker has probably already infected their
system. Deal with it, learn my ways or stay the victim; itís your
choice.

> W. Installing a hardware/software firewall for the first time can
> cause a number of different problems for you to setup and configure.
> Considering you didnít have these installed from the beginning of your


> computer going on the Internet.


?? Makes no sense

ME: When your computer goes on the Internet for the first time and you
havenít installed a hardware or software firewall, expect to spend extra
time trying to get them to function properly and configure them. By
this time, the hackers have probably already installed their Virtual
Private Network(s) and they have to make the new hardware and software
function with their settings in their VPN(s). You will find at this
point that your computer will re-boot itself from time to time. Hackers
arenít all that smart and they do make their own mistakes when they try
to configure hardware and software to function with their VPN(s).
HA-HA!

> X. Your firewall logs show alerts at 12:00 then 11:22 then 12:16 and
> back to 11:59.


Sort log by time and not even type, port, etc.

ME: Zone Alarm and Blackice Defender report alerts by date and time in
order if your system isnít hacked or owned. If your Windows Platform
system is hacked or owned the hackers are abusing it to hack into other
computers, networks and servers. Other criminals are also using your
computers for their illegal activity, whether it be to set-up a murder,
purchase drugs, guns, explosives or identity theft. So they have to
change their date and time so their "tracking activity will be harder to
track down".

> Y. If using a dial-up/cable/dsl connection you see a number of pings,
> port 0, to your computer. The reason is so that the hackers can see if


> your computer is online. A system needs to be online for the hackers
> to access these Networks and Servers. What the hackers actually do is
> port scan your Internet Service Provider Block of IP addresses and
> find your computer either with file sharing enabled or a
>Backdoor/Trojan present.


Possible OS fingerprinting attempt although crude and ineffective. As
port 0 is reserved for special use as stated in RFC 1700. Coupled with
the fact that this port number is reassigned by the OS, no traffic
should flow over the internet use this port. Pings and port scans are
two separate items. Many services on the internet, including your ISP,
will ping your system to ensure your system is still online. If you
system is properly secured, port scans, at worst will result in a DOS
attack.

ME: For one, if your Internet Service Provider (ISP) pings your
computer, the IP addresses would be similar in nature. For example: my
IP address is 207.14.155.12, if your ISP pings your computer, their IP
address would be like 207.14.0.0. Your firewall log pings wouldnít come
from say 12.144.15.5, 155.19.133.10, 66.19.24.87, 12.231.57.197,
203.122.19.74, 12.231.62.18, 64.110.82.252, 24.24.17.103. My examples
deal with a hacker coming in using a Trojan Horse versus a Backdoor.
When a Backdoor is installed, certain hackers donít necessarily need to
ping your system because once itís online the Backdoor alerts the hacker
that the system is online. Hell, here is an excerpt from my book which
was one way we caught NCF, a ferret owner who was discovering what was
on our hard drives. Notice the change of the computer IP addresses and
ask yourself how a computer can go from having a 38.x address to 168.x
address. An individuals firewall log tells so many stories, but only if
you know how to read and understand them. If your on a Windows Platform
(minus 2000,NT,XP) and you didnít disable certain services then
installing a firewall isnít going to keep your computer hacker secure.
BTW- The only Newsgroup I had visited for years was alt.pets.ferrets and
NCF was the only user using Suite224.

FWIN 5/25/2000 11:46:40 AM -8:00 GMT 208.131.247.203
247-203.suite224.net 0 38.28.67.34 0 ICMP No
FWIN 5/25/2000 11:46:40 AM -8:00 GMT 208.131.247.203
247-203.suite224.net 0 38.28.67.34 0 ICMP No
FWIN 5/25/2000 11:56:48 AM -8:00 GMT 208.131.247.203
247-203.suite224.net 2037 38.28.67.34 79 TCP No
FWIN 5/27/2000 11:09:10 PM -8:00 GMT 208.131.247.221
247-221.suite224.net 0 0 ICMP No
FWIN 5/27/2000 11:09:10 PM -8:00 GMT 208.131.247.221
247-221.suite224.net 0 0 ICMP No
FWIN 5/30/2000 10:46:32 AM -8:00 GMT 208.131.247.101
247-101.suite224.net 0 0 ICMP No
FWIN 7/3/2000 11:22:56 PM -8:00 GMT 208.131.247.56 247-56.suite224.net 0
168.191.230.174 0 ICMP No
FWIN 7/3/2000 11:22:56 PM -8:00 GMT 208.131.247.56 247-56.suite224.net 0
168.191.230.174 0 ICMP No

> Z. If someone is port scanning your system, in your firewall logs the
> port assignment arenít in any type of order. You might see a probe at
> port 1,10,9,8,6,12,6,43 etc.


Most port scanning software will randomize the order the ports are
scanned. A skilled "hacker" will not scan all ports since there are not
services running on all ports nor are there potential vulnerabilities
associated with all ports.

ME: Port scanning applications normally will randomly scan port numbers
in order. In a few of the sample firewall logs shown in my book you
will see port numbers not in any random order. "The Trackers" werenít
able to figure out why a hacker would scan port number
1,10,9,8,6,12,6,43, versus having them scanned in a random order. Basic
computer users, take a closer look at your firewall logs and see if you
also have port numbers being scanned as shown above.

> AA. When you find you have to set Zone Alarm firewall on medium
> instead of high settings.


IF ZA is misconfigured, some applications may be unable to communicate
and access to external systems (the internet) may not be possible.
Indicative of poor configuration and not "hacker" activity.

ME: The only applications which were running at the time was Netscape
4.7, Nortons anti-virus and Eudora 5.1 when Zone Alarm had to be tamed
down to a "medium setting" for these applications to run. The only
exception may have been because we were also running Blackice Defender
simultaneously.

> BB. Once you can view all Files and Folders search for files named
> spool*.*.


Spooler files are used by the system. Not sure what other use you
believe they have.

ME: All I can say is that a file spool*.* was accessed on a regular
basis and it appeared on a weekly search of files accessed.

> CC. You may find another installed version of your software firewall
> application on your hard drive. You will need to Show all Hidden Files


> and Folders under your Settings, Control Panel, Folder Option and
> View, if using a Windows Platform (excluding 2000,NT and XP).


Illogical for a hacker to install a firewall that would eliminate or
limit access to your system. Possible indicator of improper installation
or a cross linked directory structure.

ME: The additional Blackice firewall proved to me that it was probably
connected to the Virtual Private Network(s). Blackice firewall on my
computer proved that one firewall was mine and another belonged to a
hacker. A few of the logs had other computer IP addresses which werenít
owned by me.

> DD. When you see too many, Pings - port 0, HTTP/Proxy - port 80, 8080,


> 3128, SMTP - port 25, FTP - port 21, NNTP - port 119 port probes. Your


> computer is probably running an illegal "VPN server"; " web server";
> "proxy"; "mail and news"; "ftp"; which hackers are attempting to
> access for their own personal use.


It is not "illegal" to run any of the servers mentioned above. The above
demonstrates a lack of understanding of the difference between a ping
and a port scan at best. It is not an uncommon occurrence to have
multiple ports scanned by multiple sources. Cure is to install an
properly configure a
firewall to block these scans.

ME: There was no mention of running these servers and them being
illegal, which wasnít my point. It was confirmed that my computer was
running one of them "anonymous remailers", but for legal purposes, most
of this information had to be removed from my book. From all the
evidence in my possession, there is no doubt in my mind that malicious
hackers install and set-up the above listed servers on innocent victims
computers. Once the computers were hacker secured, very few port scans
appeared in the firewall logs from the above listed port numbers.

> EE. If you donít see your computer node/source IP address on a
> consistent basis to the right side of your firewall log, your system
> is compromised. (See the firewall logs below.) The hackers are
> entering through your system to attack other "Networks, or Servers and


> Systems", so their identity canít be traced.


Missing firewall log so interpreation is difficult. Firewall logs may
indicate your local machine as 0.0.0.0, 127.0.0.1 as well as by the IP
address. A properly configured firewall would not permit entry to allow
"hackers" to use your system to attack others.

ME: EE is only a partial excerpt from my book which is helping computer
users learn about Computers, the Internet and Hacking. Many basic
computer users donít install a firewall until after their computer is
hacked and owned. By this time, installing a firewall is useless,
period. You were already informed that my computer was running Zone
Alarm and Blackice Defender; what good did these do for me, nothing.
Every computer on the Internet is assigned and IP address and this
address will appear on the right side of your firewall log. If your ISP
IP bank of numbers is, letís say 12.231.xx.xx, then your IP address
listed in your firewall log would be 12.231.xx.xx. If your computer is
hacked or owned you may see that your IP address to the right of your
log is say, 155.16.222.134 or 64.12.133.22. If you need a more
technical answer, visit the below Website.
http://hackingtruths.box.sk

> FF. When you perform a traceroute on an IP address and you lose your
> node/source IP address, ISP routers IP, or when you donít see your
> node/source IP address at all.


As stated above, a firewall may identify your machine in the logs in a
number of ways.

ME: A firewall has nothing to do with performing a traceroute on an
IP. I had many interesting talks with security and network techs and
they were very interested in seeing these traceroutes. In the first
example, you can see that my IP address is 12.231.38.174 and my ISP
routers used to target 64.154.60.81. In the second example, my computer
doesnít even exist at all and neither are there any routers to pass
through to get to the target IP. In the third example, my computer does
exist, but none of my ISP routers are present to get to the target IP.

address. Target: 64.154.60.81
Nodes: 15

Node Data
Node Net Reg IP Address Location Node Name
1 1 - 12.231.38.174 47.404N, 122.311W c1577824-a
2 - - 0.0.0.0 Unknown No Response
3 1 - 12.244.80.1 Unknown
4 1 - 12.244.72.10 Unknown
5 1 1 12.123.44.114 Unknown
gbr1-p60.st6wa.ip.att.net
6 1 1 12.122.5.161 Unknown
gbr4-p70.st6wa.ip.att.net
7 1 1 12.123.44.133 Unknown
ggr1-p370.st6wa.ip.att.net
8 2 2 192.205.32.206 Unknown att-gw.sea.level3.net
9 3 2 64.159.16.162 Seattle
ae0-56.mp2.seattle1.level3.net
10 3 2 64.159.1.46 Atlanta
so-3-0-0.mp2.atlanta1.level3.net
11 3 2 64.159.3.10 Atlanta
gigabitethernet11-1.hsipaccess2.atlanta1.level3.net
12 4 2 63.209.216.206 Unknown unknown.level3.net
13 3 3 64.154.61.2 Unknown
br-1-p-5-1.atl2.prod.usenetserver.com
14 3 3 64.154.60.134 Unknown
br-2-ve-2.atl2.prod.usenetserver.com
15 3 - 64.154.60.81 Unknown

Target: 198.32.128.68
Nodes: 2
Node Data
Node Net Reg IP Address Location Node Name
2 1 1 198.32.128.68 Unknown pacbell-nap.idc.ad.jp

Target: 207.115.63.142
Nodes: 2

Node Data
Node Net Reg IP Address Location Node Name
1 1 - 12.231.38.174 47.404N, 122.311W c1577824-a
2 2 1 207.115.63.142 Yonkers
newscon02-ext.news.prodigy.com


To summarize this chapter:
Many of the items here are not indicative of any "hacker" activity but
instead indicate a misconfigured or corrupt OS and/or installed
software. Some items can be attributed to faulty hardware. The couple
of items that may be indicative of "hacker" acidity involve annoyances
caused by a BO or Netbus installation. BO and Netbus have been
detectable by anti virus software for years. Proper use of AV software
to scan the local system as well as any email attachment would prevent
infection by these trojans. Numerous references display a lack of
understanding of ICMP (ping) traffic and port scans by confusing one
with the other. A lack of a basic understanding of TCP/IP and firewall
log entries are indicative in a number of the items as well. There is
also a complete lack of knowledge of registry configuration and layout
as well as the purpose for entries in the registry. Poor grammar and
sentence structure is apparent throughout this chapter.

This poster made one of "The Trackers" ****ed off and since they arenít
being paid to respond to these reviews, I donít know how willing they
will be to answer the other reviews. They only read the first six pages
and they decided to respond without reading any further.

THE TRACKERS: You know I could spend the rest of my life giving
examples of what Iíve found on a number of computers. My finds and
research on these items are at a basic computer user level. I have
proof of all the material, my research and found facts.
You review my material and come up with it could be this or that. This
is what Iíve been saying, you show no proof that in fact, it could be is
in fact the reason for the fault.
It seems that most of your remarks are your assumption of facts with no
back up of where you came to these conclusions; no backup of these
facts. Ten people can read a page of material and if two people would
agree on their finds, I would be surprised.
I wrote what I found, how I went on to discover the cause and who was
doing this. So why do I have to agree with other finds? There is no
rime or reason to facts like it could be, may be. I never wrote that
this may, could be, these are my facts, my research and my finds.
Books are written for information of certain facts. How these are used
is up to the reader. Iíve said many times before of the hacking books
Iíve read and each authorís fact start out the same and do in fact
arrive to different conclusions. Example: She found a penny, she found
an old penny, she found a 1930 penny, he found a dirty penny, he found a
rusty penny. Each describes what they found which is a penny. How a
person chooses to describe their find is up to the person. I chose to
write my finds in my own words, so why should I need to be advised how I
should state the facts by a computer expert, specialist, or engineer.
You come along and say it could be a dirty penny, but have no proof of
the condition the actual person found it in. Iím the actual person so I
felt I could write what I did with facts, the proof I found and back-up
of these. So how can what I say be called wrong? Ten hackers break
into ten computers, each using different ways, their ways. Hackers
break into hackers computers ten different ways, each method of hacking
works best for the individual. How can any one individual know all the
different tricks of the trade. I wrote of my experience in my own way.
Each authors book is his way, his findings, otherwise there would be
only one book.

ME: I gave you a key and told you the year, model and make of the car.
I told you where it was parked. I want people to approach the car on
your own level and decide what to do with it. Drive it or leave it
there!


The Best Kept Secrets of Backdoors, Cracking, Firewalls, Hacking,
Proxies, The Internet, Trojan Horses, Virtual Private Networks, Virus,
Windows and different types of Servers can be found at:
http://geocities.com/secure20032220000/

Tracker


 
Reply With Quote
 
 
 
 
Phil Weldon
Guest
Posts: n/a
 
      09-30-2003
Look, this is just sad. You shouldn't poke at it. It can't defend itself.
For shame! After all, correct seen to since, and the sentence reads as it
was meant. On the other hand, "Windows Platforms (excluding 2000, NT,XP)"
doesn't leave much, does it?

Phil Weldon, http://www.velocityreviews.com/forums/(E-Mail Removed)




"Murray Cooper" <(E-Mail Removed)> wrote in message
news:bvleb.10349$(E-Mail Removed) link.net...
> Tracker wrote:
>
> > Remember, weíre talking about Windows Platforms (excluding 2000,NT,XP)
> > and my book was written for basic home computer users only. Itís has
> > seen grown into a book which will help three levels of computer Windows
> > users.

>
> "It's has seen grown..."? Was this book originally
> written and published in a language other than English?
>



 
Reply With Quote
 
Michael Cecil
Guest
Posts: n/a
 
      09-30-2003
On Tue, 30 Sep 2003 21:42:31 GMT, "Phil Weldon"
<(E-Mail Removed)> wrote:

>Look, this is just sad. You shouldn't poke at it. It can't defend itself.
>For shame! After all, correct seen to since, and the sentence reads as it
>was meant. On the other hand, "Windows Platforms (excluding 2000, NT,XP)"
>doesn't leave much, does it?
>
>Phil Weldon, (E-Mail Removed)


Yay! Finally a new book to help my secure the Trumpet Winsock on my
Windows 3.0 machine!

--
Michael Cecil
(E-Mail Removed)
http://home.comcast.net/~macecil/howto/
http://home.comcast.net/~antiviruscd/
 
Reply With Quote
 
David Postill
Guest
Posts: n/a
 
      09-30-2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <(E-Mail Removed)>, on Wed, 01 Oct 2003 01:24:38 +0400,
Tracker
<"snailmail(removevalid)222000"@yahoo.com> wrote:

<snip crap>

USENET POST WARNING
- -------------------

The User by the name "Tracker" aka Debbie, regularly posts incorrect,
misleading and damaging information.

Reliance on the advice presented may result in irrepairable damage to
your system and you are warned not to take anything seriously that
this person posts.

Exercise caution and DO NOT DISCLOSE YOUR E-MAIL under any
circumstances whatsoever.

To rely on the advice of this person could result in irreparable damage
to your system.

<davidp />

- --
David Postill

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com
Comment: Get key from pgpkeys.mit.edu:11370

iQA/AwUBP3n6CXxp7q1nhFwUEQIwZQCePx7T4z0ngJTD0D7tuiGIBn 4Cn2oAnjlz
NIvo45MFfxjrM885ZJPmUuWe
=6pZq
-----END PGP SIGNATURE-----

 
Reply With Quote
 
Mike
Guest
Posts: n/a
 
      09-30-2003

"Tracker" <"snailmail(removevalid)222000"@yahoo.com> wrote in message
news:(E-Mail Removed)...
> Remember, we're talking about Windows Platforms (excluding 2000,NT,XP)


Remember also that most users are using the very versions of the operating
system you choose to ignore. Also remember that there are less security
problems with Windows 9x and more with 2000 & XP and this makes your book
worth even less. It is pointless to ramble on about VPNs in Windows 9x dial
up networking etc. when the vast majority of users with new computers will
be using XP. Your out of date advice will only serve to further muddy the
waters for the new user you claim to be helping.

> and my book was written for basic home computer users only. It's has
> seen grown into a book which will help three levels of computer Windows
> users.


What three levels? Dumb, Dumber and The Trackers?

>remember that we were changing between DHCP, PPP and dial-up every few


Hilarious! Do you even know what these terms mean? Please explain how you
might use DHCP to connect to the Internet or how you might establish the
same connection without PPP? A proper explanation in your own words might
just give you some credence around here.



 
Reply With Quote
 
Cap
Guest
Posts: n/a
 
      10-01-2003
Idiot.....
http://www.sand-n-sea.us/debbiesdrival.htm


"Tracker" <"snailmail(removevalid)222000"@yahoo.com> wrote in message
news:(E-Mail Removed)...
> Remember, we're talking about Windows Platforms (excluding 2000,NT,XP)
> and my book was written for basic home computer users only. It's has
> seen grown into a book which will help three levels of computer Windows
> users.
>
> > HACKERS SECRET WEAPONS:

: rest of the stupid bullshit snipped :


 
Reply With Quote
 
Lars M. Hansen
Guest
Posts: n/a
 
      10-01-2003
On Wed, 01 Oct 2003 01:24:38 +0400, Tracker spoketh

>Remember, weíre talking about Windows Platforms (excluding 2000,NT,XP)
>and my book was written for basic home computer users only. Itís has
>seen grown into a book which will help three levels of computer Windows
>users.


Only 15 people still uses Windows 95/98 ... and I know their names.

>
>> HACKERS SECRET WEAPONS:
>>
>> A. Hackers disable your Daylight Savings Time.

>
>As mentioned before, there is not a logical reason for a "hacker" to do
>this and make themselves obvious. It poses no advantage whatsoever.
>
>ME: Just letting people know that on occasion, my screen would ask if I
>wanted to change the daylight savings time. My guess is the hacker was
>just playing games with me and my computers. What reason would anyone
>else request this behavior but hackers.
>


Your computers' cmos battery might be running out of juice. Considering
you're still running Windows95, it's not uncommon for computers that
"old" to experience trouble with their cmos battery.

>
>> B. The clock on the desktop can be one hour ahead or one hour behind,
>> on occasion.

>
>See A
>
>ME: Tracking computer time is very important if you want to track down
>a hackers malicious activity. The same applies for your clock time
>changing regularly on your system. You have already seen a copy of the
>hackers firewall log and how the dates and time change from month to
>month. Can you imagine having an IP from Seattle appear in your log
>which was posted one month prior to todayís date. Think about it!
>


See above. You're the only person who believes that whacky timekeeping
on a computer indicates that the computer is hacked.

>
>> C. Your Network Places Icon on the desktop disappears.

>
>Common Windows bug. Corrupted explorer file, faulty hardware (NIC card),
>
>corrupted registry. No hacker purpose. See response to A.
>
>ME: One day the Network Places Icon is on the desktop for a few days and
>then it disappears for a few days. May be a week later this Icon again
>appears for a few hours and then it disappears. We never could connect
>this icon with any network mapping of drives. Itís just a sign to look
>for when your computer is hacked/owned.


Again, it has been explained to your that a disappearing Network
Neighborhood icon could indicate that something on your computer has
been corrupted. Normally when this occurs, a re-install of all the
network components are warranted. If problem does not go away, a
re-format and re-install of the OS is needed. There's absolutely no
indications that "malicious hackers" are causing this. Other than your
own personal "experience", you have no data to back this ridiculous
claim up...
>
>> D. If using a Windows platform: when you start your computer, your
>> original screen will pop up, but since the hackers need to boot into
>> their Networks, or Server(s), the system will quickly re-boot and the
>> original screen will appear twice. But your system may re-boot twice
>> instead of once when loading Windows OEM versions.

>
>Can be caused by full logs and OS errors. System setting can force a
>reboot if logs are full or if OS does not load properly. Installation of
>wallpaper and images on the desktop can cause unusual activity at start
>up especially if the items conflict.
>
>ME: This activity is something to watch for because the system would
>also reboot on itís own after the computer was loaded. You have to also
>remember that we were changing between DHCP, PPP and dial-up every few
>minutes or every few hours and the owned system was running two Virtual
>Private Networks. Same applies to E!


Honey, you have to give up on this VPN trip you are on. VPN adapter are
NOT a sign that your computer is hacked! Considering how screwed up your
computer is (see all my previous comments regarding CMOS battery and
corrupted files), its a wonder your computer boots at all.

>
>> E. If your computer system occasionally re-boots on itís own, the
>> hacker may need to update their Networks, or Servers to make their
>> computer system function properly.

>
>See D. Possible BO or Netbus installation.
>
>> F. If you play Yahoo Games, you may find yourself being kicked out of
>> the board your playing in. If your winning a game and youíre the host,

>
>> the hacker may not let you back in to finish. This means you just lost

>
>> a game at the hackers expense. When the computer was hacker safe, I
>> went back to playing games and havenít been booted out of a game,
>> since.

>
>Software error. Communication issues between your ISP and Yahoo. The
>term "hacker safe" implies that the system had been reloaded or
>repaired. Reloading software would replace corrupted software allowing
>normal access.
>
>ME: As stated, when the system was hacked I found myself being booted
>out of Yahoo games on occasion. After the computers hard drive was
>formatted, applications installed from CD-ROM only, Windows services
>disable, anti-virus and firewall installed, I wasnít booted out of any
>Yahoo games from that point on.


I'm sure there's hundreds of hackers out there that has nothing better
to do than to monitor your Yahoo gaming, and kick you out when you're
doing good.

You have absolutely no data substantiate this claim. There could be a
million reasons why your game "crashes". The reason you weren't booted
out from Yahoo after you re-installed everything wasn't because you got
rid of the (imaginary) hacker, but because you resolve your corruption
problem!

>
>> G. A browser application like Netscape, or Internet Explorer you use
>> to filter out, or kill file certain individuals will not function
>> indefinitely. When your computer system is compromised, you arenít
>> able to filter out people in your browser for more then 1-2 days. A
>> number of computer owners whose systems have been compromised, have
>> advised me they also had the same problem. Because hackers were using
>> your illegally installed Servers for posting to the Internet, this is
>> why you are unable to filter or kill file them. This information was
>> very apparent to myself and other ferret owners whose computer were
>> compromised.

>
>Corruption in the kill file database, erroneous entries in the database.
>Email spoofing to newsgroup.
>
>ME: All I can fess up to is that after the computers were secured,
>e-mail addresses in these applications and other e-mail applications
>were able to be filtered out. Other ferret owners wouldnít give me
>their permission to post their e-mail addresses to verify my statement.
>One ferret owner wasnít even able to filter out or block certain e-mail
>addresses in their e-mail application.


Yeah ... the evil ferret owners really messed up my kill-file as well.

"malicious hackers" couldn't care less who you kill-file or not. They
rather not do anything to attract any attention to the fact that they've
gained access to the system...

>
>> H. When you begin to see Usenet remarks, made on behalf of your
>> personal life which is private information.

>
>There is a wealth of information available about anyone on the Internet.
>A bit of searching can reveal very personal info. Social engineering may
>have been used as well.
>
>ME: Believe me, there is a ton of information a person can discover
>about any one who uses the Internet and posts to it. What Iíve
>discovered on this topic is very "scary". Private information means -
>What you type on your computer keyboard at home that "no one" in the
>world would be able to view except you or your family. But, all of a
>sudden you find other Internet users posting your personal adventures
>and life experiences. This is in my book so I will discuss it here.
>BTW- The Trackers made me write this personal information in my book and
>the story written is a bit embarrassing. How
>Dag & Cate (ferret owners) were discovered is because I write prisoners
>and their letters are written on my computer. They made a Usenet post
>about this and this is how I discovered their hacking activity.
>
>> I. Some of your personal files are modified years before they were
>> created. I have seen a number of personal files modified 7-8 years
>> before they were even created. How to accomplish this maneuver: Select

>
>> Start, Settings, Control Panel, Date/Time, where the year is, Select
>> the up or down arrow and, viola. Then open up any file and Select
>> Save. A new creation date is present.

>
>No logical reason for a "hacker" to change dates on files. Serves no
>purpose unless it is to prevent shareware from expiring and normally the
>dates on those files are moved forward not backward. Many system files
>have old dates as the dates on the files indicate when they were
>originally created. MS still uses files that were created years ago and
>the dates on the files were not changed. You can verify this by
>exploring any MS CD.
>
>ME: Weíre only talking about "personal files", not system files as you
>mention. My only reasoning behind this is: the hackers were reading all
>my personal files and they didnít want me to discover their activity.
>All I can tell you is that many of my personal files, whether recently
>created or older files, had creation dates which were 7-8 years prior to
>them being written.


See previous comment regarding CMOS battery. If the hardware clock
fails, your system time may re-set to 1972 ...

>
>> J. You will find a number of files hidden/readable only, which is a
>> common practice in the hacking world.

>
>Windows and other software uses hidden files. Not an indicator that a
>"hacker" made the changes. Also possible with a corrupted FAT table.
>
>ME: Your correct! The hackers arenít going to allow you to see all the
>Folders and Files on your drive which they are utilizing to store their
>malicious activity. The hackers hid on a number of systems their
>directories with pornography pictures, remailer stats, zipped files, to
>name a few. If you canít see a hidden file "no one" knows why itís
>there in the first place and most basic computer users donít understand
>why one folder is lighter then the other. Off the top of my head I
>canít totally remember the significance of the readable only files which
>were discovered. There were a number of files which needed to be put in
>archive mode and to remove the readable only status.
>
>> K. When you find additional information in your boot.ini file which
>> relate to a Virtual Private Network, this can be either software,
>> hardware or device driver oriented.

>
>Installing a VPN poses no advantage to a "hacker" aside from the ability
>to encrypt data transfers.
>
>ME: Believe me, Iíve physically seen more then my share of hacked/owned
>computers running Virtual Private Network(s) (VPN). In my possession is
>a number of victims hard drives which were owned by hackers. These
>hackers have installed one or two VPNs on the these drives. I will
>admit, my knowledge with VPNs is zero, but curiosity taught me a few
>things after speaking with a Network dude. Select Start, Settings,
>Control Panel and Network if your a basic home owner and verify if your
>computer is running any VPN adapters. This is all you need to hear
>about this issue, period. My words are proof enough for the basic home
>user.


You have no evidence substantiating your claims! I've asked over and
over again to see any evidence or any link to any other source that
backs up your claim that hackers installs VPN adapters! Put up or shut
up!

>
>> L. Under Search for Files and Folders, perform a search on any file
>> modified in the past month, you will see files which just donít need
>> to be modified, or files you donít even recognize. For the basic
>> computer user, youíll want to focus on the files which you donít
>> recognize. Unless your a skilled professional, you wonít realize which

>
>> files need to be present or modified, but give it a try anyways. [To
>> perform the above you will need to see all Hidden Files and Folders.]

>
>Files are updated constantly by using the OS and software on the
>computer. Most software installations contain numerous files and a basic
>Windows installation contains hundreds to thousands of files. It indeed
>would be impossible for most users to recognize all of the files. This
>exercise would not indicate any hacker activity.
>
>ME: When you view the files which were accessed in the past month, it
>will reveal a wealth of applications and files you have or a hacker has
>opened and accessed. Say for example you see:
>c:\msoffice\excel\(filename) and you havenít accessed Excel in two or
>more months, this means the hackers were looking in this directory and
>reading your personal files.


Some applications may change the access date on files. This could be
something as simple as a virus scanner, or even one MSOffice application
accessing files belonging to another MSOffice application. There's
plenty of reasonable reasons (sic) why the access time on a file has
changed... And, there's little reason for a "malicious hacker" to access
someone elses computer to use Excel...


>
>> M. Select Start, Settings, Control Panel and Network, and look at,
>> following network components showing. If you see one AOL adapter and
>> have never used AOL, then two AOL adapters, two TCP/IP, two Dial-Up
>> adapters, one or two Virtual Private Network adapters, your computer
>> could be compromised. A Virtual Private Network is widely used by
>> hackers because it can host up to 254 users. "This applies to the
>> basic Internet user who has one modem, one ISP and isnít running any
>> FTP, HTTP, NNTP, PROXY, SMTP, SOCKS, SQL, or SQUID >SERVER." My skills

>working with VPNs is almost zero. Every victims >system Iíve seen had
>two VPNs setup and they were only using a modem >to connect to the
>Internet.
>
>AOL installs along with many applications and has been included on base
>OS installations since early releases of Windows 95. VPN's serve no
>useful purpose to a "hacker" beyond the ability to encrypt the data
>transfer stream.
>
>ME: The above statements are for the basic computer user, not for a
>companies or corporations benefit. My point is: if your computer is
>accessing the Internet though a dial-up connection and you have one
>modem, you should only see "One Dial-up Adapter and One TCP/IP Dial-up
>Adapter" under your Network settings, period. Windows doesnít install a
>Virtual Private Network by default (I have not tested 2000,NT/XP). So
>how do you think any VPN connection was set-up since Microsoft doesnít
>install this by default? Itís because your computer is already
>hacked/owned by malicious hackers. DUH!


See previous comments regarding VPNs.

>
>> N. Next, Select Start, Run, type Regedit, Select Registry, Select
>> Export Registry File, in the box type a name say 4-12-02.txt and
>> Select save. Then open this file with a text editor, and you might be
>> shocked to find what really is installed on your computer system.
>> Check the bottom of this file because hackers love to install an array

>
>> of applications including Network/Server files and device drivers.

>
>No need to export the registry file to view it. Registry entries are not
>added to the "bottom" of the registry. Each registry area has a purpose
>and contains specific information. Making all "hacker" entries at the
>"bottom" of the file would result in applications not running properly.
>
>ME: When you load an application, the needed files to run this
>application will be seen in your registry. Hardware/Application/Device
>Driver information can be setup by hackers at the bottom of the file.
>After viewing all "hidden" Folders and Files, what I did was
>"incorporate" one registry entry at a time. You could see a major
>difference. Each time you save the registry file it will create a file
>called RB000.CAB and so forth, depending on how many copies that you
>have saved. If you perform the backup when the hackers are abusing your
>system, you might only see 30 lines of text in the registry, the next
>time 100 lines, and so on. This is a clear sign that your computer is
>compromised.
>


The registry is a hierarchy, you can't just "add stuff at the bottom".
If you had ever taken a good look at the registry, you should be able to
figure this out. I've provided the bottom few lines of my registry to
you before, and you still haven't told me if I'm hacked or not ...

>
>> O. You will have to turn your computer off by the power supply on a
>> regular basis.

>
>I assume this means you are unable to select shutdown from the start
>menu. This was a common bug in 95 and 98 on some manufacturers computer.
>Patches were released to repair this bug.
>
>ME: Had to laugh at your remarks, but itís cool. One of the main
>reasons the computer had to be shut down by the power supply was because
>of switching from DHCP, PPP, dial-up on a regular basis. Most basic
>computer users wouldnít be running three different Internet Service
>Providers along with Cable. Even utilizing DHCP and dial-up also caused
>the system to hang and I wasnít able to shutdown by any means except the
>power supply. Not being able to shut down your system on a regular
>basis is one clear sign your computer is hacked/owned, trust me.


That's because your system is messed up, not because it's hacked. My
computer won't reboot (it'll shut down windows, but won't actually shut
off or restart), but that doesn't mean I'm hacked. It means something
got messed up really bad when I had a really bad crash... Don't blame
your incompetence and messed up system on hackers...

>
>> P. Installing a Network Interface Card will cause problems until the
>> hackers configure this device into their Servers or Virtual Private
>> Network they setup on your computer.

>
>Removing and re-installing a NIC should include deletion of the drivers
>and ensuring that the old card is not still bound to any protocols.
>Installing a new NIC would require configuring the OS to recognize the
>NIC and bind protocols and services to it.
>
>ME: This is correct! In the case of my hacked computers, two different
>Network Interface Cards were installed on a number of occasions. If an
>individual configures a NIC properly, there should be no problems after
>the fact. I canít remember off the top of my head all the problems we
>ran into, but there were significant enough problems to mention this in
>my book.
>


There's a number of reasons why installing NICs may screw things up;
none of them have to do with "hackers needing to configure the device
into their VPN". It's all about properly removed and installed drivers.

>
>> Q. You find your CD-ROM drive opens and closes without your
>> permission.

>
>Possibly and indicator of Netbus and/or Back Orifice installation.
>Potential "hacker" activity. Can also be caused by a defective drive.
>
>> R. You could hear an annoying beep coming from your system speakers.

>
>Possible system alert or Netbus/BO trojan installation.
>
>> S. Your windows screen goes horizontal or vertical.

>
>Bad video card, loose video connections, BO installation
>
>> T. The screen saver picture changes without your permission.

>
>Registry corruption.
>
>> V. All of a sudden, your speakers decide to play you some music.

>
>CD set to Autoplay or BO installation. Application running in
>background.
>
>ME: Q-T and V deals with having a Trojan Horse on your computer and some
>of the tricks these Trojan Horses can play on you.


Trojan Horses doesn't "play tricks on you." They simply wait for
instructions from someone else. Sudden "music" or sounds could be junk
from a web page...

>
>> U. On occasion your mouse is out of your control or has an imagination

>
>> of itís own. But this could also be caused by a corrupt mouse driver.

>
>Correct about the mouse driver. Can also be caused by lint/ dirt build
>up o the mouse rollers or on the optical sensor as well as by a
>defective mouse.
>
>ME: If you find you have updated the mouse drive, cleaned the lint/dirt
>build-up, but your mouse still has an imagination of itís own, your next
>best bet is your computer is hacked/owned. Do your own research in
>Google/Yahoo concerning the questions people ask about mouse control.
>Just remember, "most" Windows users donít realize they need to disable
>Windows services before they stick their computer on the Internet. By
>that time, a malicious hacker has probably already infected their
>system. Deal with it, learn my ways or stay the victim; itís your
>choice.


Actually, if the mouse is still "whacky", either the mouse, the cable or
the driver are shot. The fact that you installed a new "driver" doesn't
mean it's the right one, or that it'll resolve the problem.

>
>> W. Installing a hardware/software firewall for the first time can
>> cause a number of different problems for you to setup and configure.
>> Considering you didnít have these installed from the beginning of your

>
>> computer going on the Internet.

>
>?? Makes no sense
>
>ME: When your computer goes on the Internet for the first time and you
>havenít installed a hardware or software firewall, expect to spend extra
>time trying to get them to function properly and configure them. By
>this time, the hackers have probably already installed their Virtual
>Private Network(s) and they have to make the new hardware and software
>function with their settings in their VPN(s). You will find at this
>point that your computer will re-boot itself from time to time. Hackers
>arenít all that smart and they do make their own mistakes when they try
>to configure hardware and software to function with their VPN(s).
>HA-HA!


See numerous comments regarding VPNs ... You are right about one thing
though: It is a good idea to install a firewall before going on the
internet. Unfortunately, this is often a catch-22, as you may have to go
to a website to download the firewall.

>
>> X. Your firewall logs show alerts at 12:00 then 11:22 then 12:16 and
>> back to 11:59.

>
>Sort log by time and not even type, port, etc.
>
>ME: Zone Alarm and Blackice Defender report alerts by date and time in
>order if your system isnít hacked or owned. If your Windows Platform
>system is hacked or owned the hackers are abusing it to hack into other
>computers, networks and servers. Other criminals are also using your
>computers for their illegal activity, whether it be to set-up a murder,
>purchase drugs, guns, explosives or identity theft. So they have to
>change their date and time so their "tracking activity will be harder to
>track down".
>


See numerous comments regarding failing CMOS battery.

>
>> Y. If using a dial-up/cable/dsl connection you see a number of pings,
>> port 0, to your computer. The reason is so that the hackers can see if

>
>> your computer is online. A system needs to be online for the hackers
>> to access these Networks and Servers. What the hackers actually do is
>> port scan your Internet Service Provider Block of IP addresses and
>> find your computer either with file sharing enabled or a
>>Backdoor/Trojan present.

>
>Possible OS fingerprinting attempt although crude and ineffective. As
>port 0 is reserved for special use as stated in RFC 1700. Coupled with
>the fact that this port number is reassigned by the OS, no traffic
>should flow over the internet use this port. Pings and port scans are
>two separate items. Many services on the internet, including your ISP,
>will ping your system to ensure your system is still online. If you
>system is properly secured, port scans, at worst will result in a DOS
>attack.
>
>ME: For one, if your Internet Service Provider (ISP) pings your
>computer, the IP addresses would be similar in nature. For example: my
>IP address is 207.14.155.12, if your ISP pings your computer, their IP
>address would be like 207.14.0.0. Your firewall log pings wouldnít come
>from say 12.144.15.5, 155.19.133.10, 66.19.24.87, 12.231.57.197,
>203.122.19.74, 12.231.62.18, 64.110.82.252, 24.24.17.103. My examples
>deal with a hacker coming in using a Trojan Horse versus a Backdoor.
>When a Backdoor is installed, certain hackers donít necessarily need to
>ping your system because once itís online the Backdoor alerts the hacker
>that the system is online. Hell, here is an excerpt from my book which
>was one way we caught NCF, a ferret owner who was discovering what was
>on our hard drives. Notice the change of the computer IP addresses and
>ask yourself how a computer can go from having a 38.x address to 168.x
>address. An individuals firewall log tells so many stories, but only if
>you know how to read and understand them. If your on a Windows Platform
>(minus 2000,NT,XP) and you didnít disable certain services then
>installing a firewall isnít going to keep your computer hacker secure.
>BTW- The only Newsgroup I had visited for years was alt.pets.ferrets and
>NCF was the only user using Suite224.
>
>FWIN 5/25/2000 11:46:40 AM -8:00 GMT 208.131.247.203
>247-203.suite224.net 0 38.28.67.34 0 ICMP No
>FWIN 5/25/2000 11:46:40 AM -8:00 GMT 208.131.247.203
>247-203.suite224.net 0 38.28.67.34 0 ICMP No
>FWIN 5/25/2000 11:56:48 AM -8:00 GMT 208.131.247.203
>247-203.suite224.net 2037 38.28.67.34 79 TCP No
>FWIN 5/27/2000 11:09:10 PM -8:00 GMT 208.131.247.221
>247-221.suite224.net 0 0 ICMP No
>FWIN 5/27/2000 11:09:10 PM -8:00 GMT 208.131.247.221
>247-221.suite224.net 0 0 ICMP No
>FWIN 5/30/2000 10:46:32 AM -8:00 GMT 208.131.247.101
>247-101.suite224.net 0 0 ICMP No
>FWIN 7/3/2000 11:22:56 PM -8:00 GMT 208.131.247.56 247-56.suite224.net 0
>168.191.230.174 0 ICMP No
>FWIN 7/3/2000 11:22:56 PM -8:00 GMT 208.131.247.56 247-56.suite224.net 0
>168.191.230.174 0 ICMP No


Geez, so you got pinged! No big deal. There's millions of pings floating
around there, and by themselves, they're pretty harmless.

>
>> Z. If someone is port scanning your system, in your firewall logs the
>> port assignment arenít in any type of order. You might see a probe at
>> port 1,10,9,8,6,12,6,43 etc.

>
>Most port scanning software will randomize the order the ports are
>scanned. A skilled "hacker" will not scan all ports since there are not
>services running on all ports nor are there potential vulnerabilities
>associated with all ports.
>
>ME: Port scanning applications normally will randomly scan port numbers
>in order. In a few of the sample firewall logs shown in my book you
>will see port numbers not in any random order. "The Trackers" werenít
>able to figure out why a hacker would scan port number
>1,10,9,8,6,12,6,43, versus having them scanned in a random order. Basic
>computer users, take a closer look at your firewall logs and see if you
>also have port numbers being scanned as shown above.


Irrelevant. The order the ports are probed has absolutely no relevance
whatsoever. It doesn't make a system more or less secure, it doesn't
make it more difficult to detect the scan; it's just more meaningless
drivel from you...

>
>> AA. When you find you have to set Zone Alarm firewall on medium
>> instead of high settings.

>
>IF ZA is misconfigured, some applications may be unable to communicate
>and access to external systems (the internet) may not be possible.
>Indicative of poor configuration and not "hacker" activity.
>
>ME: The only applications which were running at the time was Netscape
>4.7, Nortons anti-virus and Eudora 5.1 when Zone Alarm had to be tamed
>down to a "medium setting" for these applications to run. The only
>exception may have been because we were also running Blackice Defender
>simultaneously.
>


Still, that is not an indication that your computer were hacked, rather
it indicative of your failure to understand how your firewall works.

>
>> BB. Once you can view all Files and Folders search for files named
>> spool*.*.

>
>Spooler files are used by the system. Not sure what other use you
>believe they have.
>
>ME: All I can say is that a file spool*.* was accessed on a regular
>basis and it appeared on a weekly search of files accessed.
>


Did you print anything during this time period?

>> CC. You may find another installed version of your software firewall
>> application on your hard drive. You will need to Show all Hidden Files

>
>> and Folders under your Settings, Control Panel, Folder Option and
>> View, if using a Windows Platform (excluding 2000,NT and XP).

>
>Illogical for a hacker to install a firewall that would eliminate or
>limit access to your system. Possible indicator of improper installation
>or a cross linked directory structure.
>
>ME: The additional Blackice firewall proved to me that it was probably
>connected to the Virtual Private Network(s). Blackice firewall on my
>computer proved that one firewall was mine and another belonged to a
>hacker. A few of the logs had other computer IP addresses which werenít
>owned by me.
>


More unsubstantiated claims regarding VPNs ...

>
>> DD. When you see too many, Pings - port 0, HTTP/Proxy - port 80, 8080,

>
>> 3128, SMTP - port 25, FTP - port 21, NNTP - port 119 port probes. Your

>
>> computer is probably running an illegal "VPN server"; " web server";
>> "proxy"; "mail and news"; "ftp"; which hackers are attempting to
>> access for their own personal use.

>
>It is not "illegal" to run any of the servers mentioned above. The above
>demonstrates a lack of understanding of the difference between a ping
>and a port scan at best. It is not an uncommon occurrence to have
>multiple ports scanned by multiple sources. Cure is to install an
>properly configure a
>firewall to block these scans.
>
>ME: There was no mention of running these servers and them being
>illegal, which wasnít my point. It was confirmed that my computer was
>running one of them "anonymous remailers", but for legal purposes, most
>of this information had to be removed from my book. From all the
>evidence in my possession, there is no doubt in my mind that malicious
>hackers install and set-up the above listed servers on innocent victims
>computers. Once the computers were hacker secured, very few port scans
>appeared in the firewall logs from the above listed port numbers.


The fact that you may see such connection attempts in the logs are in no
way indicative that you are running any such servers. It's fairly normal
to get scans for web servers (code red and nimda are still very active)
and mail servers (spammers are always looking for open relays).

Repeat after me: a probe does not mean a server is running, it means
someone are testing if your running one.

>
>> EE. If you donít see your computer node/source IP address on a
>> consistent basis to the right side of your firewall log, your system
>> is compromised. (See the firewall logs below.) The hackers are
>> entering through your system to attack other "Networks, or Servers and

>
>> Systems", so their identity canít be traced.

>
>Missing firewall log so interpreation is difficult. Firewall logs may
>indicate your local machine as 0.0.0.0, 127.0.0.1 as well as by the IP
>address. A properly configured firewall would not permit entry to allow
>"hackers" to use your system to attack others.
>
>ME: EE is only a partial excerpt from my book which is helping computer
>users learn about Computers, the Internet and Hacking. Many basic
>computer users donít install a firewall until after their computer is
>hacked and owned. By this time, installing a firewall is useless,
>period. You were already informed that my computer was running Zone
>Alarm and Blackice Defender; what good did these do for me, nothing.
>Every computer on the Internet is assigned and IP address and this
>address will appear on the right side of your firewall log. If your ISP
>IP bank of numbers is, letís say 12.231.xx.xx, then your IP address
>listed in your firewall log would be 12.231.xx.xx. If your computer is
>hacked or owned you may see that your IP address to the right of your
>log is say, 155.16.222.134 or 64.12.133.22. If you need a more
>technical answer, visit the below Website.
>http://hackingtruths.box.sk


That gives me a DNS error. The rest of this section is erroneous as
well.

>
>> FF. When you perform a traceroute on an IP address and you lose your
>> node/source IP address, ISP routers IP, or when you donít see your
>> node/source IP address at all.

>
>As stated above, a firewall may identify your machine in the logs in a
>number of ways.
>
>ME: A firewall has nothing to do with performing a traceroute on an
>IP. I had many interesting talks with security and network techs and
>they were very interested in seeing these traceroutes. In the first
>example, you can see that my IP address is 12.231.38.174 and my ISP
>routers used to target 64.154.60.81. In the second example, my computer
>doesnít even exist at all and neither are there any routers to pass
>through to get to the target IP. In the third example, my computer does
>exist, but none of my ISP routers are present to get to the target IP.
>


Oh no, my IP address never shows up when I do traceroutes... I must be
hacked!

This is what a traceroute should look like:
traceroute to 4.2.2.1 (4.2.2.1), 30 hops max, 38 byte packets
1 firewall (192.168.0.1) 0.83 ms 0.78 ms 0.72 ms
2 10.209.136.1 (10.209.136.1) 9.64 ms 9.68 ms 9.45 ms
3 ...attbb.net (24.128.190.201) 9.43 ms 20.31 ms 8.10 ms
4 24.147.0.217 (24.147.0.217) 8.75 ms 9.14 ms 10.39 ms

It shows the LAN address of my firewall, but not the address of my
computer, nor does it show the WAN address of my firewall; and that's
the way its supposed to be. It doesn't mean you're hacked...

>
>
>The Best Kept Secrets of Backdoors, Cracking, Firewalls, Hacking,
>Proxies, The Internet, Trojan Horses, Virtual Private Networks, Virus,
>Windows and different types of Servers can be found at:
>http://geocities.com/secure20032220000/
>
>Tracker
>


Debbie, I'm not saying your computer wasn't hacked, only that 99% of the
"signs of a hacked computers" that you're spewing here are wrong.

Lars M. Hansen
www.hansenonline.net
 
Reply With Quote
 
Thund3rstruck
Guest
Posts: n/a
 
      10-01-2003
Tracker Spilled my beer when they jumped on the table and proclaimed
in <(E-Mail Removed)>:
<snip>


From someone that found the right words:

GENERAL COMPUTER HEALTH WARNING
-------------------------------

Any advice from a poster using the word 'tracker' may contain
dangerous nonsense and should be immediately deleted from your
computer.

Do NOT contact this person by email

Do NOT feed the Trolls, one warning is enough, further messages
only reinforce the desire for attention that provides motivation.

Visit the fan club at:
http://www.sand-n-sea.us/debbiesdrival.htm

 
Reply With Quote
 
Tim H.
Guest
Posts: n/a
 
      10-01-2003

"Tracker" <"snailmail(removevalid)222000"@yahoo.com> wrote in message
news:(E-Mail Removed)...
>

<Snip Junk>

> > D. If using a Windows platform: when you start your computer, your
> > original screen will pop up, but since the hackers need to boot into
> > their Networks, or Server(s), the system will quickly re-boot and the
> > original screen will appear twice. But your system may re-boot twice
> > instead of once when loading Windows OEM versions.

>
> Can be caused by full logs and OS errors. System setting can force a
> reboot if logs are full or if OS does not load properly. Installation of
> wallpaper and images on the desktop can cause unusual activity at start
> up especially if the items conflict.
>
> ME: This activity is something to watch for because the system would
> also reboot on it's own after the computer was loaded. You have to also
> remember that we were changing between DHCP, PPP and dial-up every few
> minutes or every few hours and the owned system was running two Virtual
> Private Networks. Same applies to E!


I don't understand how you "switch" between DHCP, PPP and Dial-Up every few
minutes? That's like saying I switch between driving, the trunk and the
wheels every few minutes. This is all so funny it makes me feel sorry for
you....it'll be #1 on book lists....under "Comedy."

-Tim

>
> Tracker
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Trackers LilAbner Computer Information 0 07-11-2011 01:41 AM
Package trackers for asp.net framework 2.0 Blasting Cap ASP .Net 1 06-06-2007 06:38 PM
A more comprehensive look at Trackers book (you wanna read this) Mimic Computer Security 8 01-20-2004 05:56 PM
The Trackers First Review Response tracker Computer Security 31 10-10-2003 02:10 AM
USENET WARNING ABOUT TRACKERS/ TRACKER / DEBBIE splatter Computer Security 13 09-29-2003 02:21 AM



Advertisments