Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

When a hcker scans your system for "vulnerabilities", what are they looking for?


  • Please log in to reply
28 replies to this topic

#1 James T Kirk

James T Kirk

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:StarSystem 4
  • Local time:04:22 PM

Posted 31 January 2014 - 12:42 AM

hi everyone.
 
this is a REALLY important issue.
that is why i was wondering about it.
 
i want to try and protect my system from any potential harm.
when a hcker scans your system for "vulnerabilities", what are they looking for?
 


BC AdBot (Login to Remove)

 


#2 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:07:22 AM

Posted 31 January 2014 - 12:47 AM

Well, if they are scanning your system they have already made it past your modem/router. If thats the case you need to disable the management interface so it doesnt allow remote connections to the management page.

Also, they would be scanning for any update vulnerabilities you havnt patched. really, the list is so big it cannot be written in one page lol.

GRC Shields up will scan your modem/router for any open conenctions (Internet facing), thats always a good start.



#3 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,084 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:05:22 PM

Posted 31 January 2014 - 05:42 PM

Easy to check your vulnerability check the link below.

 

https://www.grc.com/x/ne.dll?bh0bkyd2


Honesty & Integrity Above All!


#4 Greg62702

Greg62702

  • Banned
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 PM

Posted 31 January 2014 - 10:41 PM

Think of your computer as the following:  Your office, your car, your home, your apartment, your garage, your gym locker, etc..  Now when a person is looking for a vulnerabilities, they are trying to gain access into what is yours, which is not their's.

 

Black hats are those that go and try to gain access into systems, to prove that there are problems in the software, so that the Software Engineers can fix those problems.  Basically they are reverse engineering the OS or hardware, to find back doors, or open gateways, that the programmer forget that was there, or they accidentally created when writing the software.

 

When you see software with millions or billions of lines of code, that are written by multiple people, it is easy to leave cookie crumbs along the way  Just like Hansel & Gretel left in the woods.  Now back in the days of writing code in Machine Language, not C++, etc, it was a lot harder to find ways to access into the OS or other software programs, or even hardware.

 

So again, think of finding a way into a piece of hardware or software, is just like a thief trying to gain access to your property.



#5 James T Kirk

James T Kirk
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:StarSystem 4
  • Local time:04:22 PM

Posted 01 February 2014 - 02:55 AM

nice to make your acquaintance   JohnnyJammer,
 
so the order of intrusion is:
1. probe the firewall
2. scan your system for program "vulnerabilities"
 
"If thats the case you need to disable the management interface so it doesnt allow remote connections to the management page."
this means "unchecking" the box that "allows remote assistance invitations to be sent from your computer", or manually the other way? :idea:
 
so let me get this right, the ONLY "vulnerabilities" that they are looking for and can use are a "lack" of updates. i thought "vulnerabilities" also included knowing if you were using a specific program, or computer hardware device or something...
 
funny avatar by the way -- i like it. its cool.
 
OldPhil nice to meet.
 
thanks for the reply. and link.
 
Greg62702, good to see you again.
 
yes, that's why i like programs that take up less space and less ram, because i know that they are "smaller" programs, and have less "openings" to find. to me, a fat, overeating, overfed (billions of lines of code) program has more "vulnerabilities".
 
i didn't know that that's what reverse engineering was. i appreciate you telling me that :apple:
 
so when they are looking for "vulnerabilities", they are looking for software and hardware, and not JUST updates then?
 
--cAptain KIrk :warrior:
UNknown mYSTeRies


#6 Greg62702

Greg62702

  • Banned
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 PM

Posted 01 February 2014 - 04:53 PM

They are looking for any way in.  Updates usually fix stuff, but in turn can break something else.  Think of an update like putting in a new door lockset, like the Schlage Securekey deadbolt.  For example, that lock can be broken into either by bumping, or using a screwdriver to force it open.  Now say you put in a Commercial lock set, that  has been made, to not be bumped, or a screwdriver used to break the pins, to force it open.

 

Even better, say you went to the local hardware store, and purchased the lock set off the shelf, thinking that all keys in the other packages are going to be different then your lock set that you just bought.  Come to find out that your neighbor went and purchased the same brand and style that you did a couple weeks or months before they bought their lock.

 

They come over and without having your key to unlock your deadbolt, they find out the key that came with their new lock set, unlocks your lock without a problem

 

What I just described, is how they are looking for vulnerabilities through software, updates, hardware like routers.  The only thing you are doing, is keeping the honest people out.  The dishonest will still find a way in.



#7 James T Kirk

James T Kirk
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:StarSystem 4
  • Local time:04:22 PM

Posted 03 February 2014 - 02:49 AM

Greg62702 hello there :orange:
 
"vulnerabilities through software, updates, hardware"
that's good to know.
 
what things can i do to prevent them from getting in?
 
--cAptain KIrk
UNknown mYSTeRies


#8 Greg62702

Greg62702

  • Banned
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 PM

Posted 03 February 2014 - 08:20 AM

Captain Kirk, been busy the past couple of days, straightening things out on my network.  Found out I had a A/P going bad, and had to spend yesterday moving stuff around due to that.  It all started of course at 2 am Sunday morning, when I started to finally diagnose my problem.

 

Networking makes or breaks you, when you are trying to get stuff to play nice, along with also making sure everything is secured.  Going back on topic now.  If you were to scan my router, you would find ports showing "Open", but in reality they actually are not.  I have found that the TL-R600VPN, does not Stealth ports as it should.



#9 Greg62702

Greg62702

  • Banned
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 PM

Posted 03 February 2014 - 08:21 AM

 

Greg62702 hello there :orange:
 
"vulnerabilities through software, updates, hardware"
that's good to know.
 
what things can i do to prevent them from getting in?
 
--cAptain KIrk
UNknown mYSTeRies

 

Keep ports closed, if you do not need them open.  That means not using UPnP if you can get by not having to.  You & I have pretty much covered all of the basics and then some.



#10 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:07:22 AM

Posted 03 February 2014 - 09:03 PM

Some times even closing a port wont stop someone gettign through your modem./router (Ecspecially when using a spoof technique and also creating your own SYNC number sequence) and this also includes guessing the LAN IP of the internal network.

 

Anyway with out going into too much detail, it basically tells your modem that a packet (TCP) has requested the negotiate (Handshake) packet and needs access, some of the older modem/routers allow this but most of the new ones wont be folled by this as they store the connection table (Whos calling the out side world) and also (Who is meant to receieve the packet).

 

Once again, you could go on & on about how people try/access your network/computer but everyone comes up with their own way and this site wont help you achieve what i sus[ect you might be asking for!.

If you aitn running any open ports which direct to a service running on a host then about the only thing you need to worry abotu is drive by downloads or .exe files. Anyone wgho runs a web server will tell you about the chinese ISP ranges that constantly run scripts against a target, i mean i literally get hundreds a day.



#11 Greg62702

Greg62702

  • Banned
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 PM

Posted 03 February 2014 - 10:10 PM

Tell me about it. I see them all day long also. I just ignore them, because there's nothing you can do about those port scans. I look at them, as if it is a sidewalk in NYC, with the crowds going by.

Edited by Greg62702, 03 February 2014 - 10:13 PM.


#12 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,107 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:02:22 PM

Posted 03 February 2014 - 11:06 PM

@James T Kirk

Think of it this way. Take all necessary precautions to secure your network. However like your car or home, if a bad guy wants it bad enough, there is nothing you can do to keep them out or stop them. Eventually with enough persistence they will find a way in. You just take all the reasonable steps you possibly can, and hope you don't have what they want or make it enough of a pain they move on to an easier target.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#13 James T Kirk

James T Kirk
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:StarSystem 4
  • Local time:04:22 PM

Posted 04 February 2014 - 12:44 AM

hi ya Greg62702 buddy,
 
"Found out I had a A/P going bad"
what is that? :scratchhead:
 
"Keep ports closed, if you do not need them open."
how? by clicking the box that says "accept remote assistance invitations to be sent from your computer", or manually?
is this what your talking about?
 
"That means not using UPnP if you can get by not having to. "
what is a "UPnP"? never heard of it. is it common? i assume its a peice of hardware.
 
thx JohnnyJammer, for the reply,
 
i didn't know that.
i heard that the chinese virus is pretty nasty, not something that you want to get!!!
 
Greg62702,
 
how do you "see" these port  scans? -- by reading  your firewall logs?
 
hey there buddy. yo Animal, glad you made it!
 
you have a cool avatar picture by the way.
 
okay, so there's no way that you can prevent a determined person from getting in.
so lets move on about ALL the ways to prevent them, and just settle with what you termed, "necessary precautions"
 
does this ONLY consist of the 3 things that we covered, or is there more?
would you consider "necessary precautions" to be only 3 things?
 
what are the "necessary precautions" that you can take in a brief summarized list, as in:
 
1.
2.
3.
4.
5.
6.
7.
 
thank you :thumbup2:
 
--cAptain KIrk
UNknown mYSTeRies


#14 Greg62702

Greg62702

  • Banned
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 PM

Posted 04 February 2014 - 08:41 AM

Yeah.  I had a Netgear WN802T-200, that was dying, and would loose connection to the devices that were using it.  But also in turn, it was packet flooding my network, causing devices to disconnect from the other Access Point I had in my home (Trendnet TEW-690ap).

 

It is easier to use a A/P in setups like mine.  If I do not want the kid using the wifi, I can take it with me, since it is no bigger then my cellphone, or the power cord.  I also found that with the Trendnet A/P's, that you can not place a dash in the name.  It makes it appear as a hidden SSID, even though SSID broadcast is turned on.

 

As for summarizing, I think that we can pretty much state that the first part is making sure the person setting up the devices, knows what they are doing, and knows how to use a good strong password.  The second is to not really worry much about what is in the logs, since those of us that have been around this stuff for a long time, know that there is a a lot of non-essential items to not worry about in those logs.

 

When I am gong through the logs, I am usually looking for hardware failures, or as in my case, packet flooding from failing devices, causing the router to cause the other A/P's to trip offline and cycle back to looking for clients.



#15 James T Kirk

James T Kirk
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:StarSystem 4
  • Local time:04:22 PM

Posted 05 February 2014 - 02:51 AM

hello Greg62702, thx for the reply :welcome:
 
so the a/p is a "hotspot" or something? those are cool. i like the create your own hotspot. awesome dude. got to get one of those.
 
a "hidden" ssid? so that means that BECAUSE of your failing device that you created a way to make an "unknown" extra security feature -- that's awesome. now we all just need to run out and buy some failing devices like you have to increase our security too!!!
 
it is true that there is a lot of stuff in the logs, but without the log file reading program that you have to allow you to be able to read it in the first place, this program weeds out like nearly 99% of the log information that you would NORMALLY see, so the stuff that you do see (i'm assuming your using a log file reader?) is really not all that much stuff compared to what it would be with the log file reading program. besides, if you were reading the log files regularly like you should be for good security measures, then the "amount" of logs that you have to read is reduced to only a couple of lines!!
 
in your case, reading the logs and looking for this particular thing, "for hardware failures", might not be that great of an idea, especially since the accurracy is certainly heavily skewed by your already "failing device". however, assuming that you did not HAVE a "failing device", do you think this could happen, or rather, when you did not HAVE a "failing device", did you see this in the logs (or have you "heard" of it happening)?
 
--cAptain KIrk
UNknown mYSTeRies :bounce:





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users