«

Maniaque <> writes:

>Thanks for the feedback!

>> > - I am running an ADSL router, "Xavi" brand, "7028r" model, and it
>> > seems to run a "GlobespanVirata" chipset. This was provided to me by
>> > my previous ADSL provider, Telefonica Spain.

>> You mention the ADSL Router and NAT LAN, but you don't tell us how the
>> NAT is implemented - is the ADSL device doing the NAT or do you have a
>> NAT Router Appliance? You sort of indicate you do, but you don't tell us
>> what device/vendor it is.

>Sorry I wasn't clear - the ADSL router is the NAT device. The ADSL
>connection uses PPPoA, which means (as I understand it) that I cannot
>operate the ADSL device in "bridged" mode with a different device
>handling the routers/NAT functions. I guess I could simply leave the
>ADSL device be, and set up a second NAT LAN behind another device - is
>there any disadvantage to double-NATing?

No you cannot. Having double NAT confuses the hell out of many routers.

t set up a firewall properly.


>>
>> You mention that you have ports forwarded for sharing - bad move.
>>

>Fair enough - why? Based on my limited understanding, this would only
>be a bad move if the file sharing program (uTorrent) had some
>vulnerability, right? Otherwise how could this be a problem?

And you know it does not? You also have port 80 open but do not tell us
which web server you run.


>To be fair, I agree that the file-sharing is probably a major
>contributing factor - first of all there is the fact that the attack
>happened while I had the file-sharing program running, which is only
>once a month or less, and secondly I have noticed that when I have it
>running it drastically increases the amount of non-legitimate-looking
>activity to my IP address, so I guess attackers monitor this activity
>closely as "clueless but ambitious home user here, let's see what we
>can do with him!" targets. There could well be an unknown
>vulnerability in uTorrent of course, but I expect if that were the
>case the attacker would have done more than access my vulnerable VNC
>server.

>> I suspect that you also have UPnP enabled and a weak password on the
>> router.

>No and No. And the router does not have outside admin access enabled.
>And the first thing I did within seconds of the attack was check the
>router configuration to make sure that they hadn't got in that way.

>>
>> I suspect that you have so many holes in your NAT that you've let the
>> person in on VNC and just don't know it.
>>

>Fair enough, but I'd love to know how!

>> Try this:
>>
>> 1) Disable UPnP
>>

>done, always was

>> 2) Change the NAT Router (assuming that you have one and it's not the
>> DSL router) to 192.168.6.1/24 and remove ALL port forwards and ALL
>> Triggers if used. Change the password to something proper.
>>

>I could do this, but that would really defeat the purpose of my asking
>the question here, as it would also prevent me from providing public
>access to specific services on the desktop. If that is totally
>impossible (to expose only specific ports to the internet and have all
>other ports be normally hidden) then I guess that's that. But it seems
>counter-inuitive.


>> 3) Run a quality Anti-Malware tool on your computer, run it in Safe Mode
>> also.
>>

>Any suggestions on quality anti-malware tools? I use AVG antivirus and
>Spybot S&D, so far they haven't missed anything that I know of (but
>then I wouldn't, would I? )

>err - how does safe mode help? you mean so I don't have any additional
>programs running?

>> 4) Do not share your computer with anything/anyone outside the LAN, stop
>> doing file sharing completely - buy what you need instead.

>If what I "need" were easy to buy, I would happily do so - I use
>uTorrent only to get stuff that I cannot find anywhere else, or for
>linux distributions (I would recommend it in fact, it is an incredibly
>fast way of getting any full multi-GB distribution you may want to try
>out, AND it makes the overall distribution much much easier/cost-
>effective for the maintainers)

>>
>> 5) Put your website on a proper web server, one protected by a real
>> firewall and on a locked down OS following the OS Vendors FULL
>> SUGGESTIONS ON HOW TO SECURE IT.

>ok, so what you're saying is that there is no way to safely run a
>simple website without paying out either professional hosting fees or
>buying all the equipment that hosting vendors require. A safe, but
>uninspiring, answer.

>>
>> Don't port forward and make sure that UPnP is disabled.

>UPnP is disabled, but I would love to understand what the problem /
>risk with port forwarding is - can you provide any information, links,
>resources to help me understand?

>>
>> Stop providing services over a residential grade DSL service.
>>

>"Services"? I run my own personal 10-pageview/month website! It's
>kind of sad if there is no way to do that using home tools... Maybe
>that's where we're at now, I'm not sure.



>Thanks again for the feedback, I'd appreciate any info you could
>provide on the port forwarding question though!

>Thanks,
>Tao

Leythos <> writes:


>You can get Linux without uTorrent, at least any quality Distro.

>uTorrent doesn't expose your VNC, but, there is any number of unknowns
>where as to what you've done in addition. The issue is that I've not see
>anyone that needs to run a file-sharing program on their computer unless
>they were pirating files of some type. Yea, not always true, but it's a
>good assumption since there are legal means and methods without using
>file sharing methods.

You talk about Linux which you almost certainly downloaded using torrent
and you say that the only use you know of for filesharing is pirated files?
Sheesh.

In article <DZEPi.11013$G25.8264@edtnps89>, unruh-
says...
> No you cannot. Having double NAT confuses the hell out of many routers.

No, what confuses users is not understanding that both LAN's must be in
different subnets or the router wont know which LAN you want to access.

Routers have NO issues with double NAT, it's only when the user doesn't
know anything about networking and sets both LAN's to 192.168.0.1/24 (or
the default subnet on both).

--
Leythos - (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS1.COM that
create filth and put it on the web for any kid to see: Just take a look
at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive.../t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

In article <r0FPi.11014$G25.349@edtnps89>, unruh-
says...
> Leythos <> writes:
>
>
> >You can get Linux without uTorrent, at least any quality Distro.
>
> >uTorrent doesn't expose your VNC, but, there is any number of unknowns
> >where as to what you've done in addition. The issue is that I've not see
> >anyone that needs to run a file-sharing program on their computer unless
> >they were pirating files of some type. Yea, not always true, but it's a
> >good assumption since there are legal means and methods without using
> >file sharing methods.
>
> You talk about Linux which you almost certainly downloaded using torrent
> and you say that the only use you know of for filesharing is pirated files?
> Sheesh.

No, I downloaded Linux (Fedora) using FTP, not a torrent, and I do not
use torrent programs, nor other PtP programs.

You also misstated my view of P2P programs, I said "I've not see anyone
that needs to run a file-sharing program on their computer unless they
were pirating files of some type." which is not the same "the only use".

Yes, people CAN use P2P software ethically, but I've not seen ANY person
that has P2P software installed that has ONLY used it ethically.

--
Leythos - (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS1.COM that
create filth and put it on the web for any kid to see: Just take a look
at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive.../t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

On Thu, 11 Oct 2007 01:16:49 -0700, Maniaque <>
wrote:

>Fair enough - why? Based on my limited understanding, this would only
>be a bad move if the file sharing program (uTorrent) had some
>vulnerability, right? Otherwise how could this be a problem?

if you are running software obtained from a bittorrent you
do not know if its been tampered with to include a backdoor
for some hacker.
--
Jim Watt
http://www.gibnet.com

Leythos <> writes:

>In article <DZEPi.11013$G25.8264@edtnps89>, unruh-
>says...
>> No you cannot. Having double NAT confuses the hell out of many routers.

>No, what confuses users is not understanding that both LAN's must be in
>different subnets or the router wont know which LAN you want to access.

>Routers have NO issues with double NAT, it's only when the user doesn't
>know anything about networking and sets both LAN's to 192.168.0.1/24 (or
>the default subnet on both).

That can certainly confuse things. But also NAT tends to work by assigning
a very high port number on the outgoing and translating those. If the port
on the inward side is also a high number, then the system can get confused.
Of course they should not, but should not and do not are different things.

Leythos <> writes:

>In article <r0FPi.11014$G25.349@edtnps89>, unruh-
>says...
>> Leythos <> writes:
>>
>>
>> >You can get Linux without uTorrent, at least any quality Distro.
>>
>> >uTorrent doesn't expose your VNC, but, there is any number of unknowns
>> >where as to what you've done in addition. The issue is that I've not see
>> >anyone that needs to run a file-sharing program on their computer unless
>> >they were pirating files of some type. Yea, not always true, but it's a
>> >good assumption since there are legal means and methods without using
>> >file sharing methods.
>>
>> You talk about Linux which you almost certainly downloaded using torrent
>> and you say that the only use you know of for filesharing is pirated files?
>> Sheesh.

>No, I downloaded Linux (Fedora) using FTP, not a torrent, and I do not
>use torrent programs, nor other PtP programs.

>You also misstated my view of P2P programs, I said "I've not see anyone
>that needs to run a file-sharing program on their computer unless they
>were pirating files of some type." which is not the same "the only use".

>Yes, people CAN use P2P software ethically, but I've not seen ANY person
>that has P2P software installed that has ONLY used it ethically.


As I pointed out, I have and almost certainly you have as well. Let me give
as an example Mandriva, which I am downloading via torrent right now from a
bunch of sites around the world, and I suspect strongly that they use
torrent only for downloading programs. Also I have a torrent running to
allow people to download the arxiv.org repostitory. That is a completely
legitimate use and the system is not used for "unethical" purposes (We have
permission from the people at arixiv.org to do so). So, now you have to
change your statement.

Jim Watt <_way> writes:

>On Thu, 11 Oct 2007 01:16:49 -0700, Maniaque <>
>wrote:

>>Fair enough - why? Based on my limited understanding, this would only
>>be a bad move if the file sharing program (uTorrent) had some
>>vulnerability, right? Otherwise how could this be a problem?

>if you are running software obtained from a bittorrent you
>do not know if its been tampered with to include a backdoor
>for some hacker.

Yes, you do. The tracker has a md5sum which tells you that what you
downloaded is the same as what you were supposed to download.
If what you meant to say is that if you download a torrent whose tracker is
controlled by some totally unknown person, you do not know whether what you
downloaded is not tampered with. But that is also true if you download via
ftp or http or whatever. And with torrent you have the MD5 checksum to
ensure that what you downloaded is what you were supposed to.

Ie, your observation is ass backwards.

>--
>Jim Watt
>http://www.gibnet.com

In article <FpUPi.9637$GO5.4175@edtnps90>, unruh-
says...
> That is a completely
> legitimate use and the system is not used for "unethical" purposes (We have
> permission from the people at arixiv.org to do so). So, now you have to
> change your statement.

You've not comprehended what I wrote - I never once said that "ALL
USES" are unethical or illegal - but I can see how someone that is
paranoid would think I said that if they didn't comprehend what I wrote.

--
Leythos - (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS1.COM that
create filth and put it on the web for any kid to see: Just take a look
at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive.../t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

Leythos <> wrote in
news::

> In article <FpUPi.9637$GO5.4175@edtnps90>, unruh-
> says...
>> That is a completely
>> legitimate use and the system is not used for "unethical" purposes
>> (We have permission from the people at arixiv.org to do so). So, now
>> you have to change your statement.
>
> You've not comprehended what I wrote - I never once said that "ALL
> USES" are unethical or illegal - but I can see how someone that is
> paranoid would think I said that if they didn't comprehend what I
> wrote.


It is you who hasn't comprehended.

You said that you had never encountered a person who used P2P exclusively
for ethical purposes. Unruh gave himself as an example of someone who only
uses P2P ethically (which he described with examples). Unless you believe
Unruh is lying, you now DO KNOW at least one person who uses P2P ethically
and, accordingly, you must (at least in future) change your statement about
never having encountered such a person.

Regards,