[Dshield] blocking the DSL hacker

David Taylor ltr at isc.upenn.edu
Mon Jan 23 14:08:52 GMT 2006

Hash: SHA1

Others on the list have given some good advice.  Rebuilding a machine
that has been compromised by Internet based worms is your only option
if you want to regain the trust of the system.

Some have advised on using software/hardware based firewalls which is
a great added layer of security.  One other thing you might consider
is using IPSEC security policies as well to block evil inbound
traffic.  There is actually a lot you can do with IPSEC to control
Internet traffic but in it's simplest for you can block inbound
traffic to the netbios ports.  I put together a guide for this simple
scenario if you want to take a look.  It includes the most commonly
attacked ports.


David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
(215) 898-1236

SANS - The Twenty Most Critical Internet Security Vulnerabilities 

SANS - Internet Storm Center

irc.freenode.net #dshield

- -----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Mel
Sent: Saturday, January 21, 2006 4:48 PM
To: list at lists.dshield.org
Subject: [Dshield] blocking the DSL hacker

My friends Earthlink DSL account has become useless lately.
 As soon as the computer is turned on a constant barrage begins
coming from diverse machines on the Verizon network.(70.20.x.x)
 Most attempts seem to be netBIOS in nature, but it isn't very long,
maybe as short as ten minutes, until my friends machine is full of
viruses and begins acting very unstable.
 We tried to get to the AVG website to update the anti-virus but
always get infected before we could wend our way to the AVG site in
 We have a linksys router on hand but don't know anything about
putting it to use. I remember reading on the Dshield forum that a
router would be helpful in stopping intrusions. We are using a
Netopia modem.
 Can someone please point us in the right direction. Thanks many many
in advance.

This message was sent via the web forum at

Learn about Intrusion Detection in Depth from the comfort of your own

send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:

Version: PGP 8.1 - not licensed for commercial use: www.pgp.com


More information about the list mailing list