The Trackers First Review Response

Discussion in 'Computer Security' started by tracker, Sep 21, 2003.

  1. tracker

    tracker Guest

    The following is from a reviewer with the nick name of "Jack"
    True statement. Once a hacker has compromised your system the typical
    goal is to keep the system available for future use. However, this
    information is available on the Internet and has been a common practice
    for over 20 years.

    ME: As a person who was unaware of this, it was a shock. I thought of
    the many people as myself who this was happening to. Looked at all the
    hacker books written and noticed none approached it from a "basic
    computer user" skill level. All books are written by security experts
    and written so sophisticated that unless your knowledge was on their
    level a person was left out in left field wondering what are these
    people talking about. I’ve approached this in a way, simple, tested,
    results that anyone can understand. The basic computer user with no
    knowledge of these things, a first for them, but something to be
    addressed. Learning what the Internet has to offer a basic user isn’t
    an easy task to discover. Look at all the basic and simple questions
    people ask in Usenet alone.
    Well, why haven’t experts written a book and included them with new
    computers warning people about hackers and what to do to make your
    computer secure. A product is made and sold for money, never telling
    people there could be problems, how to approach it and how to prevent
    forth coming issues. Money with no thought of people is taken into
    consideration; that’s wrong. My concern is the people and how to
    prevent these problems. I experienced the shock and pain and decided to
    see if I could stop this from happening to others. Anger, frustration
    and curiosity helped me write my book.
    Typically once a system is compromised, there is little need to install
    another backdoor or a trojan that could be detected by AV software. All
    AV software will detect known trojans.

    ME: If all AV applications can detect known trojans, then how did the
    Backdoor Redwood Broker along with six or seven Trojan Horses appear on
    my computers while running PC-Cillian and Nortons? My perspective is
    this - most Windows users don’t disable a number of services, including
    file and print sharing. A hacker comes along and installs a Backdoor
    and Trojan Horse, including a Virtual Private Network(s), but the basic
    user hasn’t even installed any anti-virus application at this point and
    their computer is already hacked/owned. You can’t install anti-virus
    applications on a hacked or owned computer and expect them to function
    properly and alert you to virus attacks. There was not even a handful
    of virus alerts from either PC-Cillian or Nortons which showed any
    alerts in 2.5 years. See the firewall log below which derived from the
    hackers firewall application. While my systems were running two Virtual
    Private Networks, Steve Gibsons site and Securityspace was used to test
    for open ports. Securityspace on "one" occasion only revealed port 5000
    open while testing for over a six month period. Steve Gibsons site
    revealed port 110 opened during the same testing period. The only
    application open at the time was Netscape 4.7. This told me that a
    hacker was using an e-mail application which was on my computer at
    "the time the port scanning was being performed". Out of the "two
    years" of port scanning my computer, God decided to pick only these two
    moments to help me along the path to discover what
    "No One Else In This World Has Discovered".

    You don’t go on to explain why this happens, the cause and effect to
    users, only that it happens. This is what I’m talking about. The extra
    minute it would take to go into a little more detail and testing you’ve
    done and what these tests show you. Why can’t a man express a little
    more information when responding? It’s got my curiosity going, when
    looking at questions posted on the Internet and viewing the male and
    female responses.
    Proper configuration and operation of a firewall, awareness of the
    services running on your computer and other simple best practices for
    computer security will eliminate the ability of anyone to compromise
    your system to begin with.

    ME: My book was written mainly for the basic computer user, not high
    tech specialists. My first firewall installed was a free copy of Zone
    Alarm. Basic computer users have no reason to be aware of which Window
    services are running or to know basic practices for security. In my
    possession is a listing of 80,000+ computer victims running a million
    different Open Ports, Backdoors and Trojans. Yes, 80,000+! Them words
    should speak for themselves. Hell, "France Telecom" had two Networks or
    Servers with Backdoors or Trojans on them. I contacted CERT and then
    the FBI about this so this company could be notified and hopefully have
    them removed. The malicious hackers sure were pissed at me for
    discovering this. Their IP addresses are listed in my book. By using
    the free Zone Alarm, it was noticed that you had to leave the "Security"
    setting to medium. So what good is a firewall when your computer is
    already hacked or owned. Many of the firewall logs from victims are
    published in my book.

    MOM: I showed my mother your answer and she has only the skills to
    operate a basic computers on/off button, icons and she plays a few
    games. Jack, I like my computer for my games and your words about
    configuration and operation of a firewall are all greek to me. And may
    be to thousands of other computer users as well. We like explanations
    of what a configuration is, how it works and it’s purpose; the same with
    firewalls. People assume too much today, not all of us work on the same
    plato. If you do something in a simple way that everyone can
    understand, you have accomplished something. Thanks for listening to an
    older person who typed on a manual typewriter instead of a keyboard.

    Hackers have no need to add additional firewalls to your system. A
    firewall is designed to block traffic. Adding another layer that could
    prevent access to an already compromised system will only hinder future
    use of the system. Running multiple firewalls makes no sense whatsoever.

    ME: The additional Blackice firewall proved to me that it was probably
    connected to the Virtual Private Network(s). Granted, your answer
    should have been correct, but the Blackice firewall on my computer
    proved that one firewall was mine and another belonged to a hacker; so
    your statement that a firewall blocks traffic and could prevent access
    is wrong. It didn’t hinder future use of the system (my book shows
    resources used) and they continued to utilize this avenue. I have
    actual logs showing this and sorry you have problems understanding my
    findings. A few of the logs had other computer IP addresses which
    weren’t owned by me. I also ran a copy of Blackice Defender while Zone
    Alarm was present on a system. Here is an excerpt from the weirdest
    firewall log I’ve ever seen in my life. The date and time changes will
    "finally explain to computer users why it’s important for hackers to
    continually change these to make tracking hacker activity hard to

    ## 2001-11-16 04:08:40 8 Filter failed
    39 2001-10-29 05:11:24 2003016 RPC TCP port probe port=111&reason=Firewalled
    39 2001-08-02 00:48:34 2003001 HTTP port probe
    ESRPC18 port=80&reason=Firewalled
    59 2001-10-29 09:19:18 2003105 SubSeven port probe
    39 2001-11-19 08:43:02 2003102 TCP port probe port=10008&reason=Firewalled
    39 2001-11-26 10:26:22 2003102 TCP port probe port=515&reason=Firewalled
    39 2001-08-04 13:32:18 2003001 HTTP port probe
    magic.CS.UNLV.EDU port=80&reason=Firewalled
    19 2001-10-25 20:18:15 2000101 Trace route count=2
    39 2001-10-23 12:22:52 2003010 NNTP port probe port=119&reason=Firewalled
    39 2001-10-12 07:32:52 2003102 TCP port probe port=1214&reason=RSTsent
    39 2001-10-12 12:41:35 2003102 TCP port probe port=1214&reason=RSTsent
    39 2001-10-23 09:28:48 2003010 NNTP port probe
    39 2001-10-26 02:04:10 2003016 RPC TCP port probe port=111&reason=Firewalled
    39 2001-09-21 05:55:29 2003102 TCP port probe
    ANTONIO port=6346&reason=RSTsent
    39 2001-10-23 16:05:18 2003010 NNTP port probe POK
    A004 port=119&reason=Firewalled
    39 2001-11-29 03:51:21 2003006 Telnet port probe port=23&reason=Firewalled
    39 2001-10-27 09:06:31 2003102 TCP port probe port=515&reason=Firewalled
    39 2001-08-04 10:59:35 2003001 HTTP port probe
    BECKS port=80&reason=Firewalled
    39 2001-11-29 01:26:22 2003011 DNS TCP port probe port=53&reason=Firewalled
    39 2001-11-23 23:05:25 2003102 TCP port probe port=515&reason=Firewalled
    59 2001-11-28 02:10:22 2000103 Possible Smurf attack initiated
    59 2001-11-29 05:39:24 2000103 Possible Smurf attack initiated
    39 2001-09-21 05:58:46 2003102 TCP port probe port=6346&reason=RSTsent
    59 2001-11-09 07:27:35 2003105 SubSeven port probe
    39 2001-10-31 08:24:25 2003004 FTP port probe
    39 2001-10-07 22:35:26 2003004 FTP port probe NEO port=21&reason=Firewalled
    39 2001-10-26 03:52:30 2003004 FTP port probe
    39 2001-11-28 07:23:06 2003004 FTP port probe
    39 2001-08-17 12:59:57 2003016 RPC TCP port probe
    SERVLINMURET port=111&reason=Firewalled
    39 2001-11-22 22:10:29 2003011 DNS TCP port probe port=53&reason=Firewalled
    39 2001-09-21 05:57:17 2003102 TCP port probe port=6346&reason=RSTsent
    39 2001-09-21 05:58:40 2003502 UDP port probe port=2786&reason=Firewalled
    39 2001-10-29 02:09:19 2003102 TCP port probe port=515&reason=Firewalled
    39 2001-10-06 11:58:22 2003102 TCP port probe port=515&reason=Firewalled
    39 2001-10-29 00:26:05 2003011 DNS TCP port probe port=53&reason=Firewalled
    39 2001-11-24 00:24:50 2003006 Telnet port probe port=23&reason=Firewalled
    39 2001-11-17 00:08:44 2003102 TCP port probe port=515&reason=Firewalled
    39 2001-10-25 20:38:21 2003016 RPC TCP port probe port=111&reason=Firewalled
    39 2001-11-11 06:03:43 2003102 TCP port probe port=515&reason=Firewalled
    39 2001-10-17 09:34:22 2003001 HTTP port probe port=80&reason=Firewalled

    The method to display hidden files is not limited to ME and below. The
    option is also available in Windows 2000, XP and 2003.

    ME: All I can say is to give this method a try and anyone with basic
    skills will open their eyes to what hackers have installed on their
    computer if it’s hacked or owned. You don’t actually think hackers are
    going to reveal all their actions out there in the open on your hard
    drive, do you? Checking for running processes isn’t going to show you
    all the pornography, remailer information and e-mails others are abusing
    on your system; to name a few.
    Displaying all files in a tedious method to determine what processes are
    running on your computer. Checking the running processes and identifying
    those that are running would prove more beneficial than

    ME: See above remarks

    The following is from a reviewer with the nick name of "Jack"

    The Trackers
    tracker, Sep 21, 2003
    1. Advertisements

  2. tracker Spilled my beer when they jumped on the table and proclaimed
    in <>:

    From someone who found the right words:


    Any advice from a poster using the word 'tracker' may contain
    dangerous nonsense and should be immediately deleted from your

    Do NOT contact this person by email

    Do NOT feed the Trolls, one warning is enough, further messages
    only reinforce the desire for attention that provides motivation.

    Visit the fan club at:
    Thund3rstruck, Sep 22, 2003
    1. Advertisements

  3. tracker

    Mike Guest

    Simple, you were to stupid to keep them up to date.
    Once again you show your ignorance of how ports are used. Port 110 would be
    open at the SERVER end not the client end.
    VPNs have nothing to do with hackers.
    No it doesnt. Changing the date and time is pointless. The 'attacks' are
    still showing in the logs. If a hacker wanted to replace your firewall with
    their own, they sure as hell would not mess with the date and time in the
    log to draw attention to the fact.

    Hackers do not leave clues that someone of your limited expertise and
    knowledge could easily find.

    I'm glad you are back, I was missing your idiotic ramblings. Can't wait for
    the next 'review' abd particulary looking forward to your review of my
    review! ROFL
    Mike, Sep 22, 2003
  4. tracker

    RCH Guest

    | | | | | | |
    ( * * )
    | PLEASE DoN'T |
    | fEeD, pLonK, |
    | OR aNnOY |
    | tHe TrOlls |
    ( ) ( )
    | ( ) |
    (____) (____)

    RCH, Sep 22, 2003
  5. tracker

    n1pop Guest

    This is likely because you weren't looking at basic books. You were
    looking at a college-level trig book looking for elementary math.

    True, if you're talking about higher-level discussion. A series called
    "For Dummies" proved to me that simple can be quite effective.
    If you refer to the text we've seen to date, then what you've written is
    not easy to understand. Your thoughts wander from point to point with
    no apparent connectivity.
    But your book isn't about the wonders of the Internet, it's supposed to
    be about computer attacks and security. Don't let your awe confuse your
    readers because they may not be awed in quite the same way.
    The first reason is because the computer has evolved from a thing used
    by geeks and feared by masses to an everyday home appliance. One pays
    no more attention to the warning label that comes with their toaster
    than they do to any warnings on their computer. Worse, most warnings
    and alerts are in electronic form and are not great red tags taped to
    the power cord.

    I think the second reason is marketing. No one wants to admit that a
    user's manual and a set of warnings should be clearly presented to the
    new computer owner. Some may think that such a process might scare off
    some users: my grandmother wouldn't use a computer until I showed her
    how safe and easy it can be.

    No one bothers to tell you of the potential road hazards when you buy
    your first car, either. But consumers seem to understand their
    responsibilities when behind the wheel, yet have no concept when at the
    And you let those traits into your book, which didn't help. One must
    write a book of guidance with no bias or emotion. Write the book as you
    would teach a child; without wandering off topic or complaining about
    some silly ISP and their account policies.
    Because your AV application did not know of the trojan, or the AV
    software was not operating (few applications that run in the background
    ever tell the operator that they have terminated).

    There are several values of AV application, the correct one being
    "updated and running." Especially these days, there is no reason not to
    update your AV files daily if on broadband, no less often than weekly
    Here is a perfect example of wandering. The point was AV programs, and
    you've drifted to open ports. AV software would only inspect all
    incoming data if told to do so. Since many do not, and because I assume
    this is how the trojans made their way in, this may be why your AV
    software failed.

    But it was not for the failure of the AV software, it was the
    vulnerability of an open port.
    How do you know? At what point do you make your assertion? Most
    computers sold these days include Windows XP. Included in that package
    is usually some sort of AV package. Mine came with McAfee. Before I
    put the computer on the net, I have the opportunity to install and
    configure not only AV software but the integral firewall.
    And in that 2.5 years, how many times did you update your virus
    definition files, and how many times did you update your AV engine? If
    it's been more than one week for the former and six months for the
    latter, then your AV software is too old and incapable of defending
    against the newest viruses.
    Do you have evidence that VPNs were in fact in use and connected? What
    was the destination IP address and port?
    I think this is a misdiagnosis. When a port is open, it means there is a
    server of some kind that is listening to that port and ready to respond.
    Netscape is a client program, not a server, so it could not have been the
    program involved.

    This does not mean that port 110 was closed, or that someone was not
    using your system at the time. But it does mean Netscape was not the
    program in use.

    So why was the port open? What program answered to that port? Did you
    telnet to your machine on port 110 to find out what answered?
    Getting evangelistic doesn't help your cause. If you were otherwise
    blind for two years (lose the quotes, Debbie), and God only saw fit to
    give you two examples, why did he allow so many other resources yet
    prevent you from viewing them?
    I think your book was written for you, and not any particular audience.
    How do these three points relate? You drifted so fast I almost lost the
    second sentence altogether.

    And how did you come to the conclusion that so-called basic users have no
    reason to understand how their computer works or what's going on inside?
    But they don't. You assume we all think like you, when no one else does.
    You need to think like others to really see what's been shown to you so
    you can show others.
    So what? How does this benefit a basic user who has no reason to know?
    Anyone who is inconvenienced by those wanting to stop their progression
    will be upset at the obstacle. I fight spam all day and plenty of
    spammers are pissed at me. But I don't brag about it, and I'm certainly
    not going to include their anger in any book I write.
    Their addresses have likely changed by now. Any address you put into a
    book will be obsolete before the book is printed.
    Well, to state the obvious, it serves little or no purpose to close teh
    barn doors after the horses have run off. The point of computer security
    is to start with a hardened system. If you start off with the barn door
    closed and a good lock installed, the horses will not get out and no
    trojan horses will get in.
    Evidence? You say probably, but you also seem confident that some hacker
    is using VPN.
    What drew you to this conclusion? What is your evidence that some
    firewall belonged to a hacker?

    And the statement on its own is quite valid. A firewall does block
    traffic and can prevent access.
    Apart for the randomness of the datestamp, I see that all the access
    attempts appear to be blocked or refused.
    This goes against your earlier statement that a basic user has no reason
    to be aware of these things. And no, it won't open their eyes unless
    they know what they're looking at. Your implication that something awe-
    inspiring will be immediately obvious is wrong.
    Well, where else do you expect them to store all their toys? The
    registry? That's on the hard drive.
    This depends on how you check for running processes. Yes, if you're
    using an obsoleted OS like Windows 98 then one can hide applications from
    the apps list. But diving deeper and checking the process tree will show
    you all the programs, including the kernel, that are running. For older
    systems you may need to use a third-party application to view the process
    See above dispute. Besides, when a basic user has actually viewed all
    his or her hidden and system files, exactly what are they expected to
    see? There will be no glowing light, no "The Rabbit is in here!" sign,
    nothing that will obviously point the basic user to the malicious file.
    That's what working AV software and other malware detectors are for.
    n1pop, Sep 23, 2003
  6. tracker

    splatter Guest

    Dude quit it..... Stop replying to her it's not worth it. We all know she is
    an idiot, but your quickly lumping yourself in that same catagory.

    STOP REPLYING TO HER!! She wants the attention your giving her....

    splatter, Sep 23, 2003
  7. tracker

    n1pop Guest

    Oh, that's cold, dude. I may be a lump, but I've properly medicated today.

    Though I must admit I think I make a better looking babe than she does.
    n1pop, Sep 23, 2003
  8. tracker

    splatter Guest

    LOL Better life through chemistry I always say. Yeah well that's probably
    not hard since Debbie looks like the second place runner up in a hatchet
    juggling contest, but hey we all need standards to judge just how bad
    everyone else is. :)

    Just please in the future let her comments go.... It's really not worth it.

    splatter, Sep 23, 2003
  9. tracker

    Interlude Guest

    You pompous ass. What have this persons' looks got to do with the topic of
    this thread, let alone the group ?

    Judge this person by their knowledge, or lack thereof, not by the way they

    You should leave your 'chemistry' alone, it seems to be affecting your

    Interlude, Sep 23, 2003
  10. tracker

    splatter Guest

    "Judge this person by their knowledge"

    Like you did right? I was posting a reply to n1pop. What that has to do with
    you I don't know. If you really want to break into a conversation just to
    insult someone then go try a flame board. I won't propigate it, I'll just
    ignore you.

    BTW why don't you go see what she looks like & you decide, since your not
    above drawing conclusions & insulting me but want to defend Debbie.

    splatter, Sep 23, 2003
  11. tracker

    equalizer Guest

    They can't help it!! All these goddamn little puppets are powerless to
    respond to Tracker, who they feel superior to, yet they dance on their
    strings like her personal marionettes. LOL!!!!!!

    equalizer, Sep 27, 2003
  12. tracker

    Cap Guest

    Get stuffed. You're as clueless as Debbie is.
    Cap, Sep 29, 2003
  13. tracker

    Cap Guest

    I'll bet you know a lot about 'jerking'.
    What do you do with the other three fingers?
    Cap, Oct 4, 2003
  14. tracker

    equalizer Guest

    Heh, no homework to keep you off the computer tonite, eh?

    Go respond to Tracker and show us ALL how superior you are to her,

    equalizer, Oct 5, 2003
  15. tracker

    Cap Guest

    Dude, you just crack yourself up!

    Homework? Why would I want to cut grass when there's a perfectly good
    airplane to jump out of.
    Cap, Oct 5, 2003
  16. tracker

    equalizer Guest

    Or, you could just do what you usually do for fun -- stuff one of your
    ferrets into a plastic bag and put it up your ass.....
    equalizer, Oct 5, 2003
  17. tracker

    Cap Guest

    That's so lame. If we're going to play flame-tag at least try to be funny.

    How come you seem to know so much about jerking, and shoving things up one's

    That's relevent to what you've been posting, and funny, at least compared to
    that shoddy try.
    Try again now, and don't be afraid to take your time.
    Think it out.

    (equalizer.... heh, heh, heh...too funny...)
    Cap, Oct 6, 2003
  18. tracker

    Cap Guest

    You're right about that. You've got me laughing my ass off.
    Cap, Oct 7, 2003
  19. tracker

    equalizer Guest

    Of couuuuuuuuuuuurse I do!
    equalizer, Oct 7, 2003
  20. tracker

    Cap Guest

    Jokes on you, and it's running down the inside of your leg.
    Cap, Oct 8, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.