Join the Sager IRC Chat. Instructions inside (Adam come in!) - Page 2

crud.


still trying to revive my firewall problems (assuming that is the problem)

Unless anyone can help me, I guess I can only chat in the evenings...

*bump*

Yeah, a lot more people are talkin now, but generally during the night, no one's there...everyone's sleeping.

Investorguy, a lot of firewalls block the ability to enter a chat forum. Chat software opens up a whole can of worms on the security side and it is much safer and easier to just block all of it. I refuse to use it on my personal computers. Although, I do like the idea of being able to talk with people here in more real time, the security issue just doesn't make it worth it to me. The problem isn't the people on the board, its the scum on the side that stumbles into your open ports. It all seems unreal until your computer gets hit. Sometimes you never find all of the damage that has been done to your machine. I run behind 3 firewalls (2 hardware and 1 software) plus I run memory resident anti-virus, anti-trojan and anti-worm software while on line. I also run anti-pop-up (is there such a thing as a double hyphenated word?) and ad blocking software. I do at least a weekly update on my other security software, 3 anti-trojans and 2 anti-worms in addition to what I have mentioned above. I have had to fix machines of friends who didn't properly protect their computers on the net. You wouldn't believe all of the damage that has been done to some of them. I'm not saying you shouldn't use chat at all, its just what I choose to do. But, you should disable it when not using it. You probably won't be able to get around it at work without help from the person who administrates your firewall.

this is one reason that many people dont like IRC, insecurities.

3 firewalls??? geez..cant get enough protections??? someone must be hating you and has made you a target.

anyhoo.. for those who are at work or school, more than likely, they blocked the known IRC ports, 6667-6669~ at least those..so no way you can connect to IRC.
it would either say.. Connection Refused, or Unable to Resolve Server.

i dont know if irc.damaged.net server uses other ports..but port 8888 might work..i know i can connect to Dalnet server at school with that port.

also, for the securit minded people.. get a Firewall. software is enough.. I use Norton Security firewall 2003 and it is great.
Go to Fserve settings in in MIRC Options and turn it off..

standard options is sufficient enough..just dont try to receive files from someone you dont know. or just dont.. just chat, and do nothing else.

oh yeah.. it would be nice to have more than 5 people in the channel at a time..

so come in and join us...

I have Norton Firewall 2003 (it comes in the NIS package) and you would be surprized at what gets through it. I don't use it. I disabled it, along with the XP standard firewall and use Look'nStop as my software firewall. Norton has some good features in NIS that I want, but their firewall isn't one of them. If you make a visit to GRC.com you will see where there is a need for both hardware and software firewalls. The hardware firewall protects you and the software firewall protects others from anything that may have made it onto your computer through the hardware firewall. If you have administrative access to your firewall, you can open the ports for the time you are on IRC and then close them again when you finish. That is the only semi-safe way of using IRC. I'm not saying don't use it, but I am saying you have an obligation to protect your computers and those of others. I think telephones are more time efficient than IRC and I really don't have an interest in it, but for those of you that do, please CYA. f1ipm0dsqd, read the log on a hardware firewall sometime if you don't think you get probed on a regular basis. With the robotic probes available, there are times my netwwork gets hit hundreds of times per day.

well I think the IRC room is dead or something...that or I'm just here at the wrong time.

ehh.. it even detect this one.. it blocked my Sager from accssing this computer thru an http port. (running a quick HTTP/FTP server for file transfer)

Details: Attempted Intrusion "PHF_CGI" against your machine was detected and blocked
Intruder: 192.168.0.3(4379)
Risk Level: Low
Protocol: TCP
Attacked IP: 192.168.0.2.
Attacked Port: http(80)

and i just got this a second ago..

Details: Trojan attempt detected from address 24.28.64.109 by rule "Default Block Back Orifice 2000 Trojan horse".
Blocked further access for 30 minutes

oh yeah.. i do get port scanned at least twice in 30mins..

i scan my computer for trojans, Adware crap, BDE, and other crap. i use 3 different software to scan, i just get mostly Adware crap, gee i really hate kazaa..
im glad my router blocks 70% of the ads. i would hate seeing them popping up all the time...

even if they did get to my computer.. they can get all the crap they want.. more than likely.. it's the same stuff they already have, or not interested in them.

I completely agree about Kazaa. I've had over 100 hits per hour for several hours before because of them. I've even had one firewall think I was being hit with a denial of service attack from Kazaa hits. Norton may have made sufficient updates to their firewall since the last time I used it. I had it completely quit on me for no reason for a couple of times and I gave up on it then. After cleaning up a few computers for friends of mine, it made me kind of paranoid.

Are you using Kazaa Lite? Or the spyware version?

Try the lite version - that and a custom hosts file really cuts down on the crap you'll get from the net.

-myrkat

I don't use Kazaa at all. Never have and never will. The problem comes from the computers of the people who do use Kazaa going out and searching for other computers with data to download. What makes it worse is having a dynamic DSL address. The people who set up their computer to advertise their address as a pseudo server get the address listed as a spot to ping. When they disconnect or for other reasons their address changes, it takes days or weeks for that address to be de-listed. Then I end up with that address assigned to me when for what ever reason my connection was lost and reaquired. Then thousands of computers start hitting my new address looking for data. It is actually against the policy of my provider to use such services, but they don't seem to enforce it even though I have contacted them to complain about it. Once a large number of addresses have been used in this manner, it is almost impossible to get one that hasn't been listed this way. The advantage of a dynamic address over a static one is that if you are being attacked, you can just reboot your DSL modem and get a new address assigned and the attacker can't relocate you very easily.

check to see if you can set up ip address ranges to exempt.. if exempt all 192.168.0.* addresses since those are all local addresses usually assigned by a gateway and not from the internet, basically except for the details which im assuming that address is your real ip address at the time, what its saying is that 1 computer in your tried to attack the other computer in your house..

oh BTW.. that first log.. was from my laptop..

i was transferring files from the desktop to the Sager. have a WWWFileserver on the computer.i got to access it once.. after transferring.. then i transferred another file.. it blocked it..
i think it is just a bug...or something..

well i just got this one a while ago.. i have the WWWFileserver open for a while..so i can post pics for some people on the #sager irc channel.

Details: Attempted Intrusion "Nimda_Propagation" against your machine was detected and blocked
Intruder: 12.239.106.144(4990)
Risk Level: High
Protocol: TCP
Attacked IP: f1ipm0dsqd(12.xxx.xxx.xxx).
Attacked Port: http(80)

Norton Firewall is set on Maximum setting.

Why no longer a sticky... the channel is starting to take off, we have quite a few regulars/idlers (and apparently I am a lurker according to vash :P)

It's a great, handy resource and I think it should be in an obvious spot so that new sagerites can join us


NeoCORE

Antivirus

Umm, cool, glad it works, but hey, Antivirus are made on databases. I mean if it is the first ever of a newq kind ya meet.....anyhow, it is terrible. Im am a sysadmin in a Cyber Cafe, and everyday i remove SO MUCH, web crawlers, email spiders, sub7, backOrifice, Opaserv ( nasty that one ) and more. Fortunately i have my made images of windows on ghost but hey, really terrible. Lets hope it gets safer soon.

*bump*

We need more people, although I should be in there more often as well. I'll see what I can do about idling a lot.

Anyway, we've got 5 right now, hopefully get more?