a hacker

Exactly. YOU HAVE BROKEN THE CODE!!
What you have been told repeatedly is that it is absurd for you to worry about a harmless thing like ping (or a toot).

Wake up and smell the coffee.



With all due respect, I don't think that you would recognize "logic" if it bit you on the backside.....

Unless you are simply a troll looking for a fight, you will seek out someone you trust, who understands how the net (IP traffic) works and listen as they tell you the same things that you have (failed to learn?) learned here. You claim to want to learn. Only you can do that by dropping the attitude and listening with an open mind.................

cheers,
johnd
 
AFAIK there is no way...

Perhaps there is a way to filter the results with your firewall (if you have a good one), but I am no security expert...

Morgwen
 
Considering that you think that this kind of traffic is someone "hacking" (I can't stomach to put the "pinging/" in front of that, implying that a ping is a hack attempt is just idiotic) your computer, you are woefully unqualified to be responsible for any kind of network logging in the first place.



You don't have to "deal" with it. If you're not running a gnutella client you are happily dropping the packets "dealing" with none of them. And ANY good firewall will give you the ability to drop this traffic without logging it (much as you can do with all the other random traffic floating around.)

Or you can just unplug from the net and quit bitching.



"Victimized"??? Noone's done you any wrong, get over it already.
 
You're welcome iriegirl. The unregistered person said it well, about IP addresses being "recycled". This would more likely be your case if you have recently obtained Cable Modem access.

There are some things to note about Cable Modem access though. Because your computer will be connected to the Internet 24/7 (or at least, it is supposed to be), you become a bit easier target to malicious users.

A software based firewall is a good start, but I'd recommend adding a hardware firewall as well. Such firewalls are usually built into "routers" (see http://www.linksys.com, which provides these products and good information about it too). They're fairly inexpensive (around $50). In addition to that, your computer will have a different type of access to the Internet, rather than direct access to the Internet.

Even though you may not be using a home network, you can still use the router for just one PC. It'll give you some added security, and when you decide to do add an additional PC in your home, you can use both those PCs to access the Internet with a bit more ease.

Obviously, even hardware firewalls can be comprimised, but the thing is to make it "harder", not "easier" to get into your system.
 
Once you connect to the Gnutella network, you advertise your IP address to other Gnutella clients. Those Gnutella clients will forward it to others upon request. This is how others you might have never connected to before are able to connect to you now.

When you disconnect from the Gnutella network, your IP address will still "float" around among other Gnutella client. They are held in a cache. These caches do expire after a certain amount of time, so they won't hold your IP address forever. For some, it's just a few minutes, for others, it may be a few days.

The issue here, is when your IP address is about to expire at one Gnutella client (say, it only has 10 seconds left to live), but another client requests more IP addresses, your IP address will now be in another one's cache, who may again store it for another period of time as a "fresh" IP address. And so on, and so on. So it may take a while before your IP address is completely out of the Gnutella network.

But for that reason, you will keep receiving incoming Gnutella connect requests, which may appear as "pings" in ZoneAlarm or other firewalls, because your client's isn't up and running (thus the system needs to report it as "closed", or in your case, filter the request out). That may appear as a hack attempt, while in fact it is not.

Now, this isn't something considered high-priority for most developers to solve. However, with the intruduction of some new extension within Gnutella itself, a proposal might come forth that adds a "freshness" or "age" tag to your IP address, so it can be removed from the network if it is getting "old" - ensuring it will be removed faster than currently done.
 
There are two possibilities:

First you disconneted short time ago. Your IP is still in the caches and the people try to connect!

Or somebody tries to resume his download, do you have a fixed IP or dynamic? If you have a dynamic one did it change after you disconneted?

Morgwen
 
this morning I woke up and found a HACKER in my bed! OMG! I knew I should do backups and virus scans and do not send my AOL password to everyone... but now I see blinking lights on my firewall and he is in my BED!!! I am hacked! please advice, fast!

ps
 
i suspect that the person hammering you was using a gnutella servent called Qtrax2. this program is known to be an excessive hammerer and can send you packets many hours after you left Gnutella. although it gets no response, it still hammers you, it even hammers you if you are already uploading to it the file it is hammering for. it just hammers the whole time for no reason. if you were reusing the ip of someone else, it is possible that it tries to connect to you for over 24 hours. it is not in wide use though, as the gnutella community doesn't recommend it. it also has no forum here. decent gnutella clients (i mean every one i know) will mark your ip adress as unresponsive and not try to send you any more messages after a short timeout interval. raphael has even developed an anti-hammering feature which he built into gtk-gnutella, i think others will follow. so there is no need to have a beef with gnutella, it's a very nice network generally.
 
Gratis said:
I can see what Iriegirl is saying. It is very annoying to have an alert window coming up every few seconds while you're trying to work. I can aslo imagine that getting 1000 interspersed hits would make reading your firewall logs (for whatever reason she is) confusing.

I can also see how having these hits from a filesharing network that you never joined is extra-puzzling.

Iriegirl: on Norton Firewall I can turn off the alert message, while continuing to log activity, if that's what you're talking about. Others have mentioned that you can probably also have the log filter out an IP (I'm not sure how to do that), if that's what you're talking about.

To all the blasters -- are you really saying that someone trying to access your computer every four minutes for 24 hours wouldn't cause you concern? Or that if you're working with your firewall logs these erroneous entries wouldn't annoy you?

On a tangent, I'm getting conflicting information here:

MrGone says: "And 'your firewall caught it so you're okay' is bullshit, you're okay anyway because you don't have a service listening for traffic on that port (even if you did, it'd most likely be a gnutella client which don't currently have holes to exploit). Noone can just aim a sharply pointed packet at your computer and "hack" it. You must be running some form of server (web, email, ftp, gnutella servent, etc) to receive and process the traffic coming in."

However, cultiv8r says: "There are some things to note about Cable Modem access though. Because your computer will be connected to the Internet 24/7 (or at least, it is supposed to be), you become a bit easier target to malicious users. A software based firewall is a good start, but I'd recommend adding a hardware firewall as well."


These are the two predominant views that I've heard regarding firewalls. My questions are:
Click to expand...
 
Well, not really conflicting I don't think. Being connected constantly makes you an easier target in that if there is a trojan or other security hole in your system there is more opportunity for someone to exploit it. That and persistant connections tend to hang onto an ip address longer so once someone has found you as having a hole it is easier for them to exploit it again later.



If you're not running any servers (or silly things like File and Print sharing, another potential hole) and you do not have a trojan on your system then there is nothing a cracker can really do to your system. There is always the possibility of a DoS (Denial of Service) attack, but those are most often accomplished by making too many connections (again requiring some sort of server) than there are with just bandwidth flooding (which a firewall couldn't stop anyway.)

And no, firewalls do not listen on the ports (excepting possibly for remote administration of the firewall.)



If you're running some kind of server your best bet is to keep it updated and apply any security patches that come out for it. A firewall (hard or soft) will give you information on traffic passing in and out of your computer (ip addresses, ports used, throughput, protocol (TCP, UDP, ICMP), etc) and will let you have control over this traffic.

For example, if someone was doing a port scan on your computer to see if there were any listening services (maybe one being exploitable) you could see this happening and block his IP address from anything you do actually have running (exploitable or not, this guy can kiss off.) Then you can do a whois lookup on the IP address and notify his ISP regarding the attempted abuse (you're probably not the only person he's tried this on) and enough complaints could get him shut down (probably temporarily, but that's better than nothing) potentially saving the *** of some poor schmuck who is running an unsecure system.



Wireless systems use encryption to protect the signal, make sure you're using this encryption if you're on a wireless network



Macs are "hackable"



There is a great forum for these kinds of questions at http://www.dslreports.com/forum/security,1
 
She didn't inidcate what kind of connection she has (atleast, not that I have noticed). If she's using a connection with a dynamic IP address, then that could be the source of the problem. For example, someone else at her ISP might have had her IP address and used Gnutella.

Or perhaps, someone else has used her system (like, kids or a partner).
 
Thanks, cultiv8r for helping me with a very nice attitude...I appreciate that, unlike SOMEONE who is so blindly in love with Gnutella that they can't even think straight and must use insults to respond to someone seeking help. I know who has a partner here; the one who could even conceive of it. And, cult, I just got the puter, so there has be noone else on it yet. I realize now, since I have good help, that the fact that I have cable modem at home will be part of it. And yes SOMEONE (Mrgone) I am still working on my MIS degree and may be wrong at sometime, but that is what help is for, so to my friends cultiv8tr and Morgwen, thank you so much for your friendly advice...I appreciate you for being knowledgable without being information hogs and treating those that are learning with respect instead of contempt.
I'm trying to learn some things now, (my fiance being a software engineer) and I am dipping into some waters I don't know much about..I have a tracing program that he uses for work here, and the day I got the pings, they all came from the same area of the country and from the same person. This is why I suspected hacking, especially since this puter is used for some coding my fiance uses that are related to security. Obviously if I didn't know anything I was doing, I wouldn't have even known this. But whatever..Cult and Morg...thanks for the help

And, Mrgone...take your attitude..and turn blue I don't live my life on the computer!! And I forgive you your insecurities!
 
Back
Top