[Dshield] blocking the DSL hacker

David Taylor ltr at isc.upenn.edu
Mon Jan 23 14:08:52 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Others on the list have given some good advice.  Rebuilding a machine
that has been compromised by Internet based worms is your only option
if you want to regain the trust of the system.

Some have advised on using software/hardware based firewalls which is
a great added layer of security.  One other thing you might consider
is using IPSEC security policies as well to block evil inbound
traffic.  There is actually a lot you can do with IPSEC to control
Internet traffic but in it's simplest for you can block inbound
traffic to the netbios ports.  I put together a guide for this simple
scenario if you want to take a look.  It includes the most commonly
attacked ports.

http://www.upenn.edu/computing/security/IPSEC.pdf


==================================================
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
(215) 898-1236
http://www.upenn.edu/computing/security/
================================================== 

SANS - The Twenty Most Critical Internet Security Vulnerabilities 
http://www.sans.org/top20/

SANS - Internet Storm Center
http://isc.sans.org

irc.freenode.net #dshield
http://freenode.net/



- -----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Mel
Sent: Saturday, January 21, 2006 4:48 PM
To: list at lists.dshield.org
Subject: [Dshield] blocking the DSL hacker




My friends Earthlink DSL account has become useless lately.
 As soon as the computer is turned on a constant barrage begins
coming from diverse machines on the Verizon network.(70.20.x.x)
 Most attempts seem to be netBIOS in nature, but it isn't very long,
maybe as short as ten minutes, until my friends machine is full of
viruses and begins acting very unstable.
 We tried to get to the AVG website to update the anti-virus but
always get infected before we could wend our way to the AVG site in
Germany.
 We have a linksys router on hand but don't know anything about
putting it to use. I remember reading on the Dshield forum that a
router would be helpful in stopping intrusions. We are using a
Netopia modem.
 Can someone please point us in the right direction. Thanks many many
in advance.
                                      Mel. 
 

This message was sent via the web forum at
http://forum.dshield.org

_________________________________________
Learn about Intrusion Detection in Depth from the comfort of your own
couch:
https://www.sans.org/athome/details.php?id=1341&d=1

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1 - not licensed for commercial use: www.pgp.com

iQA/AwUBQ9Tjb6xTsMlIjlJcEQIOvgCeOktjXVqcFRDcBNXklPppoMUMzmIAoOaO
JgP388NUEGh4PkwEUmOj9R5S
=+Qrl
-----END PGP SIGNATURE-----



More information about the list mailing list