by Amazing 31 Replies latest jw friends
Ignore "Hmmm" who is downplaying it.
Don't you take that tone with me!
Hillary,
I am not very familiar with XP's firewall... my interest went only as far as figuring out how to deactiviate it. I would tend to trust Zone Alarm's firewall above one integrated into an operating system that doesn't have a stellar reputation for security (talking about XP here, not MS in general.)
Hey, for $400 you can get a PIX firewall that will work terrifically for a home network.
Hmmm
The built in XP one seems ok but doesn't have some of the features that the 3rd party ones like Norton have (you can configure all the basic stuff but it's designed for a certain user-level so hides more complicated options).
I have that on as well though ... belt and braces. Means I have 3 firewalls which helps to explain why it takes me so long to get things setup for FTP and the like.
For general internet access I tend to use an 'expendable' setup ie. a crash-n-burn setup that won't cause me too much grief if it has to be re-installed.
One of my favorites is
Did someone at WTS attempt to hack me today? I don't know, but here is the summary from my event log and Domain trace. This afternoon I received an "Alert" on my Firewall with an IP Address. I ran a trace on 26 events over a 20 minute period, and found 21 hops coming from the WTS into my system. I found the Network server ran through Verio, Inc. in Englewood, Colorado.
Could be someone with computer access at Bethel did a port scan of your system. It kind of all depends on what ports on your system shows as being 'hit.' If 21 of the 26 events show as coming from watchtower.net, were they all on different ports or the same one? Were they lower numbered ports, higher, or scattered? It could be a port scanner set up to check only vulnerable open ports. Trojans such as Netbus use port 12345 as a default. Once it is installed on your computer somehow, all that a hacker needs to do is run a wide IP range port scan searching for only port 12345 to find a computer which has it running. If the hacker has the Netbus client, then he simply connects to the infected computer, and then has full access and control.
I'm not sure what you mean about the network server running through Verio in Englewood, but I'm guessing if you did a traceroute, that is one of the hops of the traceroute that you saw? The watchtower.net server is located in Sterling, VA. As a matter of fact, all three of the watchtower.com, net, and .org are virtually mapped to the same IP address in the Verio hosting facility in Sterling, VA.
It does not make much sense for the Watchtower to backhaul an internet link from NY to VA for general internet access(as that would be the starting point of an ip trace coming from them). It would be much cheaper for them to find a local ISP for access. If that is the case, then someone with rather technical computing skills could have telneted to a shell account which Verio most likely has given them along with their web hosting provisions. From the shell account(typically some flavor of *nix), they can do just as much damage as from a Windows based computer.
Another source could be a proxy server for the wt through verio. I just did another scan in the 8k range and saw exactly that running on port 8080. This of course masks their true local ISP(if they are using one in NY) as all of their http requests go through the proxy server in Sterling, VA.
Just my .02
From: Toni Lassila ([email protected])
Subject: [email] Recap Report
Newsgroups: news.admin.net-abuse.sightings
| View: (This is the only article in this thread) | Original Format |
Date: 2002-03-15 02:50:46 PST
Another piece of UCE from "Honest Christians".
SEC.GOV: Possible fraudulent stock market scheme.
VERIO.NET: Spamvertised website WWW.GUARDTOWER.COM hosted on Verio
at 130.94.149.224.
SECURE.NET: DNS for the domain provided by:
NS1.SECURE.NET 192.41.1.10
NS2.SECURE.NET 161.58.9.10
Received: from hotmail.com (unknown [211.251.75.2])
by mandy.eunet.fi (Postfix) with SMTP id AD11EA55E
for <xxxxxx@xxxxxxxxxxx>; Thu, 14 Mar 2002 23:34:35 +0200 (EET)
(envelope-from [email protected])
Received: from [178.225.242.88] by rly-xl05.mx.aol.com with local; 14 Mar
2002 11:34:47 +1000
Reply-To: < [email protected]>
Message-ID: <038d14d15a4c$8271b3d2$3dd86cb4@idbrou>
From: < [email protected]>
To: [email protected]
Subject: Recap Report
Date: Fri, 15 Mar 2002 08:31:27 -1100
MiME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Importance: Normal
Return-Path: [email protected]
X-OriginalArrivalTime: 14 Mar 2002 21:33:35.0424 (UTC)
FILETIME=[E5885400:01C1CB9F]
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<title>The Recap Reporter</title>
</head>
<body>
<div align="center">
<center>
<table border="0" cellspacing="0" style="border-collapse: collapse"
bordercolor="#111111" width="760">
<tr>
<td width="100%">
<p align="center"><font size="1" face="Arial">If your email program
does not support HTML
email or if you are on AOL, please go to <a
href="http://www.guardtower.com">http://www.guardtower.com</a> ;to view
this page.<br>
;</font></td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="1" width="760"
bordercolor="#000000">
<tr>
<td width="754" height="93" colspan="2">
<p align="center"><br>
<font face="Times New Roman" size="7">The Recap Reporter<br>
</font>
<font face="Times New Roman" size="2">
(Con't by opening link in above post)
Domain Name: GUARDTOWER.COM
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Registrant:
Net X Press (GUARDTOWER-DOM)
507 N. Sam Houston Parkway E., Suite
350
Houston, TX 77060
US
Domain Name: GUARDTOWER.COM
Administrative Contact, Technical Contact:
iExalt Hostmaster (IE228-ORG) [email protected]
iExalt, Inc.
12000 Aerospace Ave. Suite 375
Houston, TX 77034
US
281-464-8400
Fax- 281-464-0068
Record expires on 03-Jul-2002.
Record created on 03-Jul-1998.
Database last updated on 22-Jun-2002 22:25:47 EDT.
Domain servers in listed order:
NS1.IEXALT.NET 64.158.44.2
NS2.IEXALT.NET 64.158.44.3
Which in plain English means what??
In plain English, the WTS monitors this site and is attempting to monitor it's most dangers posters.
Winston 1984:
"I love big brother, I love big brother.........."
Thanks everyone for great feedback.
Wendy: I will email Joel at WTS and see what gives. Then I will email you and share what I learned.
SF: Thanks for fixing your post. By the way, I find it intersting what you found on Google using the same IP as I posted. I got that IP from Norton in Cupertino, CA as part of the trace that identified it as Watchtower.net with the 25 Columbia Heights, Brooklyn address. I wonder why Google came up with Gaurdtower ... kind of spooky. Except that one is through Network Solutions, and the other is through Hostmaster. The Watchtower is registered through Hostmaster.
Jourles: Yes, when I looked at all 21 hops, they showed Sterling, VA for Verio, but also Verio in Englewood, Colorado for the final Watchtower hop before it lands on my computer. The Watchtower Society does have a separate corporation in Colorado (unknown to many JWs and ex-JWs) ... so, I wonder of maybe this came from their Colorado location, using their New York site as host. Either way, it was spooky when I ran the trace to see it was someone using the Society system that tripped my alarms.
My system states whether it is a hacker, or Trojan, or an intruder attempting to access through an unused port ... and I have an alarm that goes off, and a window pops up to tell me. I generally run a trace on every attempted hack, and ignore the rest. Most of my recent hackers have been from outside the USA, such as a recent one from Israel and then India ... then, when this one came from the Watchtower, I jolted to attention ... and felt really weird.
But what exactly did this kiddie try, Amazing? A port scan? Dying to figure this out...I honestly can't believe that anyone with even a smidgen of knowledge would do this sort of thing without at least going through a shell, that's just STUPID. It rests my heart to know that these losers are abysmally stupid enough to do things like this...we really have very little to fear as regards "hacking" if this is all they can do. Bunch of Bethelite SKiddies, if you ask me!
Edited to add: Amazing, if I was you (and maybe Bill Bowen and Simon should look into this too) you should probably set up a dedicated firewall machine, then route all your traffic through that. You can buy a 486 or a 386DX for next to nothing these days and pop a free Linux distro on it. A few console commands later, and some CAT5 cable, and you have a dedicated firewall. Easy to do, and a very wise precaution.
Edited by - SYN on 23 June 2002 9:21:56
