if you guys run a more secure OS like Mac OS X or Linux, you don't have to worry about these things 
Happily running Mac OS X with Safari
Happily running Mac OS X with Safari
Norton's shutdown my SatGuys connection due to possible "attack"?
- Thread starter waltinvt
- Start date
- Latest activity Latest activity:
- Replies 97
- Views 7K
- Status
This is a prime example of why alot of network adminstrators hate this consumer grade crapware which claim to be IDS (intrusion detection systems), abuse depts. end up getting emails (huge logs included) from users shouting about how <insert crapware of the year here> alerted them that their (own) ISPs DNS servers are trying to 'hack' them.
I can guarantee, almost none of these types of complaints are even addressed anymore, and alot of ISPs simply send the complaints to Dave Null.
If you run a packet sniffer on your internet interface, you will see that your computer will receive hostile packets nearly constantly (usually automated, script kiddie scans, or some moron on the same subnet who binded NetBIOS to the internet interface, and the like).
These type of 'hack' alerts are a placebo for the consumer, they are useless otherwise. (since most scans/intrusions are done from comprimised machines in other countries, hi hi China, or infected windows machines, now zombies to a unknown master hidden behind some chumps comprimised XP box, all of which are from VERY HARD, to impossible to track down the true culprit, I know I've been there).
Are you being attacked online? Absolutly, constantly. Should you be worried when you get one of these alerts? probably not, since the alert also informs you it was sucessfully blocked, no harm was done.
Do I think that by informing abuse with this information is helpful to stopping this activity? Fat chance, it's a case of the boy who cried wolf, alot of admins know 90% of these complaints are misinterpreted by the originating user and are so numerous, the costs would be enormous, and the %10?, will no doubt come from some romanian, china. russian, etc, ISP, who could not care LESS about who did what to whom, and the attackers that _are_ stupid enough to use their real IP to do these attacks/scans are far too incompetent to be of any real danger in the big picture, so those types are usually not worth worrying about.
I can guarantee, almost none of these types of complaints are even addressed anymore, and alot of ISPs simply send the complaints to Dave Null.
If you run a packet sniffer on your internet interface, you will see that your computer will receive hostile packets nearly constantly (usually automated, script kiddie scans, or some moron on the same subnet who binded NetBIOS to the internet interface, and the like).
These type of 'hack' alerts are a placebo for the consumer, they are useless otherwise. (since most scans/intrusions are done from comprimised machines in other countries, hi hi China
, or infected windows machines, now zombies to a unknown master hidden behind some chumps comprimised XP box, all of which are from VERY HARD, to impossible to track down the true culprit, I know I've been there).Are you being attacked online? Absolutly, constantly. Should you be worried when you get one of these alerts? probably not, since the alert also informs you it was sucessfully blocked, no harm was done.
Do I think that by informing abuse with this information is helpful to stopping this activity? Fat chance, it's a case of the boy who cried wolf, alot of admins know 90% of these complaints are misinterpreted by the originating user and are so numerous, the costs would be enormous, and the %10?, will no doubt come from some romanian, china. russian, etc, ISP, who could not care LESS about who did what to whom, and the attackers that _are_ stupid enough to use their real IP to do these attacks/scans are far too incompetent to be of any real danger in the big picture, so those types are usually not worth worrying about.
Last edited:
bommai said:if you guys run a more secure OS like Mac OS X or Linux, you don't have to worry about these things
ARGH! Here we go again; I am not going to sacrifice 90% of all software by paying more money for system to run OS X or Linux; its ONLY more secure because it has such small retail market that a$$hole hackers don't target it.
Even will all the crap out there targeting me on WIN; I have been proudly running Windows since 95' without incident; EVER, even with IE. I do now use Firefox since it first came out simply because I like its design and usefulness better.
This thread has outlived the OP's info & seek for help.
bommai said:if you guys run a more secure OS like Mac OS X or Linux, you don't have to worry about these things
Happily running Mac OS X with Safari
I hope you are not serious, all OS' have within them the seed to be exploited, it is a numbers game, the more popular an OS, the more interest they are to would-be attackers, thus, windows being the most used OS naturally will have more exploits exposed, if you doubt that, take a look at the link below, google search results, trust me, if OSX, or Linux, or BeoS, or whatever becomes as popular as windows, you'll find they net pretty much the same results as far as exploitability goes. If you do a raw total count for those OS' of course windows will have significantly more exploits in the wild, however, if you calculate the ratio of number of systems with a particular OS to total amount of users exploited using that OS, you'll find the numbers alot more in line with each other.
The hard fact is that ANY OS can be made reasonably secure (there are mitigating factors that may impede the goal for a %100 effective security model on any given OS, no OS is %100 secure, except a PC that is unplugged. (with the possible exception of Plan9), there are a fair amount of windows systems which can give any OS a run for their money if administrated correctly, wrt security, additionally, windows-only server adminstrators tend to be of low quality click happy MSCEs who aren't worth a crap when it comes to administration beyond what was in their text books, since Microsoft is unlikely to admit to their shoddy default security model in their text books so the future MSCE has some clue, and tools to utilize to setup a secure system.
FWIW, I dislike microsoft, and am the last one to defend them, but facts are facts.
http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=mac osx exploit
Some titles from above link (about 5,340,000 for mac osx exploit):
RussellHarding.net -- Mac OS X Exploit: PhantomUpdate
Apple Mac OS X LaunchD Local Format String Vulnerability
Secunia - Advisories - Mac OS X URI Handler Arbitrary Code Execution
Last edited:
Darn right on Damaged. This reminds me of those stupid ass MAC ads running right now. Making WIN sounding like rocket science and MACs are idiot proof and do things a PC can't do. I can do everything they claim they do, just as well and CHEAPER. Just like iPOD; you can buy the same non Apple branded items to do the exact same thing cheaper, many with larger capacity. People love to buy the HYPE and refuse to do any research before they spend any hard earned cash. Then refuse to admit they overpaid.
rad said:
You should be aware that Norton and other consumer grade IDS systems use a very simplistic pattern match system which bases it's triggering on a single match, or two (read, total garbage), see, sometimes binary data (or even ascii data*) can often consist of characters that happens to match one of these simplistic patterns, which cause the so-called IDS system to trigger on that data (falsely), more robust professional IDS solutions (snort for example), have much tighter, and complex pattern matching abilities, which require multiple conditions to be present before an alert is triggered, and thusly have a much lower rate of false positives.
In other words, the LAST thing you should trust wrt this topic is Norton and their halfbaked bloated scamware.
FWIW, I am on linux and have snort running all the time, and have NEVER detected ANY intrusion attempts from satelliteguys.us.
* Norton recently had this bug in their so-called IDS code which if a Norton user was on IRC on the servers port 6667, another user could simply type:
DCC SEND "startkeylogger" 0 0 0
in the Norton users irc channel, norton would pattern match on the words alone, claming (falsely) to the user they are being attacked (by the user who typed that in the channel), and thus causing the IRC user to be disconnected by Nortons autoblocking, thus Norton has been turned against the user it was supposed to protect (denial of service), it REALLY is garbage.
See: http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=norton dcc send startkeylogger
Last edited:
charper1 said:
I find it comedic that Apple is just NOW playing on the 'virus free' aspect at a time when there are more exploits than ever for Apple compared to 10 years ago when that claim actually might have had some merit. Morons.
As for mp3 players, if it does not support ogg files, it is of no use to me. (the iPOD does not, they rather assume their customers are all criminals (music pirates) by default), Apple shall never see a penny from me spent on their iPod, I am no criminal, and I refuse to be treated as such by a company whom, when it mattered, contributed to the PC world** about as much as the Timex Sinclair 1000 contributed to hemorrhoid ointments.
**(And please, don't anyone dare bring up Apples windowing system and mouse driven interface, that was NOT an Apple invention, the Altair had both before Apple or Microsoft).
Last edited:
cebbigh said:
A great anti-malware/spyware program (non-free) to add to that list and to make up for what Ad-aware and Spybot (both awesome programs btw) misses, and, that is worth every cent, is ewido http://www.ewido.net/, it finds things Spybot and Adaware miss, and updates a LOT more often than adaware and spybot do.
Also, a note on Adaware, some time ago, they were caught doubling their signature database artificially by duplicating existing signature data [1], they also crumbled under pressure from a well-known malware company (Clarion I believe), and removed the signatures that were put in place to block and remove Clarions malware.
[1] See section 7, paragraph 3 on the following page where a user debates some of the problems: http://digg.com/software/Lavasoft_s_poorly_written,_deceptive_Ad-Aware_
Last edited:
See and my experience with Ewido software is that is misses things that spybot picks up. I have honestly never found one program for spyware that picks it all up.
As for NIS. Yep, I agree it's nothing spectacular, but it keeps my kids and wife's PC's clean without alot of intervention by me. But then again, the rulesets on my network at home keep most everything that comes in away from the secure side of the network, after that a spyware scan now and then and F-secure and now NIS have kept me from having any problems in 3 years on any of my systems. This last one from satguys was the first time ever I have seen a pop up from NIS IDS (but only had NIS installed about 2 months), which like I said, the problem was quickly addressed at the network layer after I saw the signature and have not had a problem since.
As for NIS. Yep, I agree it's nothing spectacular, but it keeps my kids and wife's PC's clean without alot of intervention by me. But then again, the rulesets on my network at home keep most everything that comes in away from the secure side of the network, after that a spyware scan now and then and F-secure and now NIS have kept me from having any problems in 3 years on any of my systems. This last one from satguys was the first time ever I have seen a pop up from NIS IDS (but only had NIS installed about 2 months), which like I said, the problem was quickly addressed at the network layer after I saw the signature and have not had a problem since.
SatinKzo said:
My post pretty much stated that ewido was a great ADDition, not a replacement. No one tool gets everything.
Do you continue to you the FREE or after the 30 days did you buy the updates? I tried the full featured trial, with no extra discoveries, but was wondering if the paid version is "stronger".
No, I realized what you wrote, I was just added my experience with it. I agree with pretty much everything you have stated. I just noticed with EWIDO that it seemed to miss alot of trackers and such when I used it. Other than that, it worked just as advertised and without the overhead that the other for-fee ones have.damaged said:
Kind of on/off topic, but has anyone here used the new F-Secure suite? Ad-Aware's spyware tech is built into it along with some other stuff. I used to use them all the time, but for a bit they fell behind on updating the product (not av sigs, just updates) and I haven't looked into their new stuff.
http://www.f-secure.com/estoreusa/fsis2006.html
Last edited:
"if you guys run a more secure OS like Mac OS X or Linux, you don't have to worry about these things "
The MAC OS X was hacked in less than 30 minutes. Hackers don't really care about MACs, they only represent a small percentage of the total number of computers in the World so why bother.
" The MAC OS X was hacked in less than 30 minutes. Hackers don't really care about MACs, they only represent a small percentage of the total number of computers in the World so why bother.
FYI, I did read the whole thread. I was using NIS 2006 WITHOUT issues when this thread began but I started to have issues when I went to a different thread that WASNT mentioned, thus my reasoning behind my post. Thats why people post to get help not just some useless post that doesnt help at all.charper1 said:
"...run a more secure OS..."
You mean like OpenVMS? I've never been hacked on OpenVMS.
All these exploits that rely on buffer-overruns make me snicker. OpenVMS has had memory protection since 1978; page tables can have memory areas marked as Execute-Only or No-Execute as well as Read-Only or Read/Write. Any attempt to write into memory past your page causes a hardware exception that the OS picks up and shuts down the offending process (if the processing isn't set up to handle the exception). Any attempt to execute code from memory that isn't marked as Executable causes a hardware exception, again shutting down the process. Any attempt to write or otherwise modify the program code pages causes a hardware exception. At the worse, a Denial-of-Service would result from poorly-coded networking code exiting.
And, as Damaged will confirm, all the excellent hardware/software security is for naught if your username/password isn't robust. OpenVMS, like Windows, can enforce complex passwords, lock an account out after a specified number of bad passwords, but OpenVMS has a Break-in detection that shuts down access from a source if so many username/password attempts fail.
Too bad Gates & Co. didn't incorporate these features into Windows from the beginning.
You mean like OpenVMS? I've never been hacked on OpenVMS.
All these exploits that rely on buffer-overruns make me snicker. OpenVMS has had memory protection since 1978; page tables can have memory areas marked as Execute-Only or No-Execute as well as Read-Only or Read/Write. Any attempt to write into memory past your page causes a hardware exception that the OS picks up and shuts down the offending process (if the processing isn't set up to handle the exception). Any attempt to execute code from memory that isn't marked as Executable causes a hardware exception, again shutting down the process. Any attempt to write or otherwise modify the program code pages causes a hardware exception. At the worse, a Denial-of-Service would result from poorly-coded networking code exiting.
And, as Damaged will confirm, all the excellent hardware/software security is for naught if your username/password isn't robust. OpenVMS, like Windows, can enforce complex passwords, lock an account out after a specified number of bad passwords, but OpenVMS has a Break-in detection that shuts down access from a source if so many username/password attempts fail.
Too bad Gates & Co. didn't incorporate these features into Windows from the beginning.
Last edited:
Actually I did post the help as Walt indicated, but with all the other people that run the same without any issues, it can't a blanket software issue or everyone would have the same problem. It is a setup specific issue.
Foxbat said:
I have no doubt you are truthful in your statement that you never been hacked on OpenVMS, but what you are observing is not the result of superior inherent security at work, rather you are seeing the results of _obscurity_ at work, as not people run OpenVMS compared to Windows, and if everyone started to run OpenVMS, it would eventually be the same story as Windows.
Exploit data on OpenVMS:
http://www.google.com/search?hl=en&q=openvms exploit
charper1 said:
Not necessarily, again, if the triggering is happening because of binary data (compression for example), two different users running the same software could load the same page, but, because the data for each page is compressed, and the data differs (things like the username displayed, cookie data, and other things unique to that user), will cause the two binary stream data to differ, so one person might get the right combination of data and get an alert, while the other one, won't.
In this case, I say it's a combination of a software issue (Nortons retarded pattern matching), falsely reacting to the dynamic content of binary data sent by the site.
- Status
