I have been reading more and more about personal computers being hacked on line. I always thought it was rather hard to hack a personal PC, as compared to a network.
Could someone explain to me how its done? I am not looking for details on how to ......
I am just looking for the basics of how ppl get into another persons pc.
Do they have to get a program into your pc first?
I'm not a geru, but I understand the basics.
Thanks, just looking to learn.

The basics? A "script kiddie" will generally use a trojan planted on the PC to gain access. A true hacker is able to exploit known issues or discover new issues within an OS or program that allows them access to an open port.

thanks HAL,
I understand the script kiddie trojan. I understand that there would need to be a program of some sort in your PC for some one to get in.That way at least.
But when you say that a hacker may find an area to exploit, what are they using to see your PC? Another home PC?
I read about packet sniffers etc... So I can see how someone can see things on the net, but actually getting into a PC without having a trojan totally confuses me (not that that is all to hard sometimes).
Wouldn't they have to go thru your ISP's server first? Then if you have a firewall?
Is this also one of the reasons some hackers like Linex and Unix type systems?
I know I am pushing the question limet here, but, If you have a smll home LAN,
does that make you more open to attack? And why?
I have looked around on the web about this, and it is either way over my head, or they are not answering the questions I am looking at.
Thanks, I really do appreciate yout taking the time here.

I won't get into the how, but will address the why.

The reason that personal PC's were difficult to hack is that, until recently, their connection to the public network (internet) was a transient and dynamic one. You would be online for maybe an hour or so and your ISP might be changing your IP address on a regular basis so locking into you was not exactly easy (this is the equivalent of trying to case and rob a house that always keeps moving). With the advent of always on/broadband connections, home PC's have a more permanent IP address, that remains the same for up to 3 days at a time. This give the hacker ample opportunity to locate, identify, come up with a strategy and then whack the machine and its defenses.

Also, look at the type of connection that was available to the average user. When they only had dial up access, their connection was relatively slow and if you were going to use that machine for a DDoS attack, which would you rather have a machine that can sling 10-20 packets per second or a system that can sling 5000 packets per second?

Now, the addition of trojans to a personal PC, coupled with broadband access and the relative lack of sophistication of the home user makes the home PC, now, a prime target for a hacker. PC's that are always hooked to the net and left on, unattended for long periods of time, give the hacker a much longer time in which to employ his tactics unobservered (again, the home burglar analogy: rob a house that has someone on vacation for 2 weeks or a house that has a lot of activity? which would you choose?)

HTH

Right, you asked how, well there are alot of ways,
All these ways depend on the system your trying to get access to, like linuz or windows.

The main goal would be to get 'root' or superuser privlidges,

Firstly you would need to login to the server, if the server offers shell access then you can run exploit scripts (scripts kiddies) or find your own expolits.

Once you have exploited the system sucessfully you can do pretty much what you like, your the admin.

The word 'shell' i mentioned - i though'd i explain slightly,
A shell is a service that allows you to conect to a computer via a tcp-ip connection, you can connect with simple programs such as 'telnet' and 'hyper terminal' -( these programs come standard with most windows flavors) - they can be found by doing a search or goto;
Start menu - Programs - Accessories - Hyperterminal.

You would specify an ip (internet protocal) of the system you wish to connect to and login, ru the exploits and become root.


That sorta of explains linux systems a bit, but to get into a windows based system would be different,
you can try many forms of attacks again, such as ftp ofr example, if the server offers and FTP (file transfer protcal) then you can conect to the ip (ex. 217.36.21.7:21) and look about, depending on the security of the server - limits what you can do, but similer to linux - you want to find the pwd files, have to search the system to find where it is.

It isnt always as simple as i sounds, the password files are going to be almost sertinly shadowed (encrypted) so you would have to run a password cracker - such as cracker jack

Then, if you cracked the password file you would have the admins password.

Hope this made sense, and ask about anything that doesnt,

A general help, if you want to keep your computer a bit more secure, scan it for open ports,
You can download 'Port Scanners' easily from the web
(try the link LINK REMOVED ) - under the hackng apps - lol

Then enter your ip, (use winipcfg if your not sure what your ip is)
Run the scan and it will tell you what ports are open liek;
80 - http
21 - ftp
23 - telnet
so on and so on, if you find a few ports open. search on the web what its used for and if it can be used to enter the system.

James

James Martin, links to hacking, warez, or other such questionable sites is stricly prohibited around here. Please refrain from doing so in the future, you link has been edited out of your post.

Well, i didnt know such things were illigal in this forum but do i appoligise, my intentions were only to help him out with his security issues,

The section of the site i mentioned was strictly for security software,
(infact a simple port scanner) - aiding him to know if his system was accessible from attacks.

(and just one other thing - not all the best security sites are 100% legal )

Here is a link that explains a whole bunch of things, and it is a legal site.

http://www.securityfocus.com/infocus/1182

First off, the last thing I want to do is to break the rules here or offend any one.
That is why I tried to be clear that my purposes are not nefarious.
Its mostly cureiousity and the fact that I am currently (trying) setting up a firewall. I got rid of ZA, and don't believe that the one that comes with XP is all to great, and am using one called TPF (Tiny Personal Firewall). Which is very configurable. A lot of it I do not pretend to understand. Which all the more gets me to wondering how someone on another personal computer at home can infilltrate me. I do not use Linex so I am cluless to it.

I have used programs like multiproxy that are supposed to totally hide you and found it combersome and felt like i was getting paranoid. I have also learned about teteport some (not much). So I have a clue as to how ppl get into a server. and as HAL said about the script kiddies actually putting a program in your pc ( i never load something unless I am positive what it is.).
Just so I am somewhat clear on what you are saying James is that someone gets into a server, then they have some kind of administator priv. and can find my/whoever, personal info? And get into my PC through my ISP's server?
At least that makes sense to me.
And thanks morriswindgate, the site is very usefull. I didn't kno which ports were which etc...
thanks again for everyones time

Just remember, unlike the fantasy of the movie hacker, in 99.9% of the real world they have to get something on your personal computer. And that means that you have to execute the file they send you. Which means that if you are stupid enough to open an E-Mail attachment that says something like, " I just know you will love this. > Harvey" when you don't even know Harvey then you deserve it.
Being attentive about what you are doing is the most important thing in always on home computing. To be safe from getting into problems you need to have an up to date Anti-Virus program and update the definitions everytime you get on the computer, install a firewall such as zone alarm, and for the best of home safety, for one computer buy a cheap hub or for multiple computers sharing the same connection a switch or router. These devices will hide your computer from port scanners.

" I just know you will love this" from Harv isn't real!! And here I thought I was making new friends at an incredable rate. Little humor there.
Yes I do agree with you, and I just stay away from things I am not sure of. But even some of the ones I know can be a problem and have been.
I got rid of ZA as I mentioned before and am usin TPF. And I run my LAN off a Netgear hub. What I didn't know or am misunderstanding you is that the hub will hide me from port scans?
thnks

By admin priv. i mean they got total control, people have mentioned about them having to put files on your computer, if someone puts a file on there (a trojan) then you can be in for some real trouble,
Kiddies get trojans from security sites, (there designed for admins), and they can be configured to do all sorts, from reading your passwors, moving mouse, listening to what u say on your mic or type on your keyboard - the lot.

the word trojan is also known as a rat - remote administrative tool, meaning complete control from anywhere -


So definatly check those email attachments or you'd be getting some 12 year old kid opening your cd drive or something stupid.


I mentioned about getting admin priv. on linux, this is a bit different from a windows box, i no you said u dont know much about linux but if you go to login as ROOT then you have full control, the computer wont stop you even if your going to do soomething dangerous to it.
So you can seriously mess-up a computer if you log in as root and start changing the configuration files cause the computer wont stop you.

(sorry if i blabbled on, i just been doing college work so my minds not right)

James

This link will tell you how vulnerable and visible you are on the net.

Shields Up! (https://grc.com/x/ne.dll?bh0bkyd2)

This Microsoft link is of some use also.

Microsoft Personal Security Advisor (http://www.microsoft.com/technet/mpsa/start.asp)

this has generated more interest then I thought it would.
I havn't used sheilds up in a long time and am about to do so, thnks for reminding me.
I have however been tooling around with hfnetchk.exe. and am happy with the turnout. It did mention one thing that I never herd of. It says that all the hotfixes have been applied. but then it goes on to mention that the patch for
Internet Explorer 6 "gold" can't be found. Now I doubt that it is a biggie, I am more curious about what IE 6 gold is? never herd of it.
I also downloaded some scaning programs that have left me with more questions then answers. but I believe they are for another post.
vERY QUICKLY;
AutoShareServer, Cached logged on Credentials, where do I find them?


how do I disable DCOM?
And how do I get rid of the MicroSoft user account?
Well thanks again and I understand if these Q's don't get answered

Briab Guy,

What OS are you using?

Is it a server or workstation?

What is DCOM?

Originally posted by morriswindgate
Just remember, unlike the fantasy of the movie hacker, in 99.9% of the real world they have to get something on your personal computer. And that means that you have to execute the file they send you. Which means that if you are stupid enough to open an E-Mail attachment that says something like, " I just know you will love this. > Harvey" when you don't even know Harvey then you deserve it.

Even if you do know Harvey, don't open an executable attachment from him. You don't know if his machine is secure or not. The vast majority of viruses are spread by people you know whose machines have caught the virus and it is exploiting the address book. Harvey wouldn't knowingly send you an executable would he? If he knows you well enough to send you an executable, then he can call you and tell you what it does. Personally I do not open any executable sent to me by anyone.

Hello folks,
There are litterally HUNDREDS of "security hampering" "script kiddies" out there.
They, for the most part are aimed at the Micky$oft O/Ss because of the EASE in doing so.
Firewalls, IP Masks and the like IMPROVE security but by no means eliminate security errors.
The biggest problem is not "ports" or open areas but one of "privlages".
Once a user is logged on into a Micky$oft O/S, all privelages are GRANTED, period.
In the UNIX world (all forms of UNIX and Linux), the "super user" or "root account owner" has the say-so on program execution. Simple "users" cannot execute applications other then their own either purposely or "behind the scenes".
Many "hackers" use a "open port scan" and "ride" your IP. To you, nothing is going on when in fact EVERYTHING you do is watched.
Other goodies are "password/account" "sniffers" that ride along notating EVERY keystroke. This includes credit card info and countless other "sensitive" information.
When I buy goodies online, its done so in the UNIX world using Mozilla.
While no browser is "hacker proof", Mozilla is FAR safer then IE which almost advertizes your presence.

A recent method that gets downright scary is multiple DNS forwarding and masking.
This represents itself as a "clone" of your current IP and with the use of your "cookies", the user is essentially "you" with all your sensitive information at their fingertips. This was a UNIX only thing for a long time and is making its way into the Micky$oft world. The user or "hacker" now represents him/herself as "you" or someone elses IP and leaves you to take the blame.
Another method is "packet sniffers" and IP "socket" handlers.

I do system admin and security "hardening" as a "glorified hobby". I moved most of my clients out of the Micky$oft world into the relms of UNIX after a few "frightening" demonstrations.
One demonstration was to "redefine" the administrator and privlages remotely.
On average, this took about 20 minutes going through a "gateway" and routers.
With these newly aquired privlages, I had the run of the system and placed a "note" on every desktop saying thus:
"Your systems security has been comprimised, all data/information was made available and "could" be rendered.."public domain". Ask your ADMIN for details why this was done. No data was read/tampered with, please call 1-800-xxx-xxxx immediately before accessing remote systems."

That phrase alone scared the hell out of some users and rightfully so.
Now, using a UNIX O/S, the possibility of this is GREATELY reduced.
Firewalls are MEANINGLESS if they forward an IP, they actually make the job easier to some degree.
Its alot like locking your car doors and leaving the key in the lock.
Lucky for many users, hackers are looking for "bigger fish to fry".
However, if you present yourself as a target of opportunity....

Hi gang,

well if someone is installing a firewall, let me add a thought I found in the Firewall book from William Cheswick and Steven Bellovin, (firewall designers at AT&T), edited by Addison Wesley:

1) Like Murphy would have said: <b>all programs contain errors.</b>

2) <b>big programs have even more errors as one would expect regarding the code size.</b>

3) <b>security programs have security errors.</b>

4) <b>it doesnt matter if a program has security errors if you don't use it.</b>

point 2 implies that Windozze XP is the buggiest piece of software ever seen on earth... keep your handsa off if security is an issue...

it also implies that a firewall ist most effective if it is possibly the only program running on a system as small as possible. This leads me to the conclusion that a Windows firewall is only few better than having no security system at all. Way better seems to me to have a small, dedicated firewall box such as the zyxel series or similar. They are not filled up with buggy bloatware, and are much more secure by design (see point 2).

Well if you have a single computer on the net, go with a personal firewall windows program, it's even better than having no security.

If you have a small LAN with internet connection sharing, I highly recommend a router box such as the zyxel series or similar. While NAT (Network Address Translation, used to give single account internet acces to a LAN) is no firewall it actually makes the LAN computers invisible for the internet. Only the router is visible, and there's nothing of interest on it. This solves a reasonable part of the security issue. If not satisfied, add an additional firewall box (not a windows program).

Any comments appreciated.
Felix

That sounds about right,

but firewlls have been known to fail, a friend was trying out different firewalls to see what was the best, he had some top named firewalls and some freeware ones, turned out (after he had configured them all) that the freeware - smaller firewalls were better - about 75% of the others allowed me to connect to any port i liked.

Firewalls have also been known to fail on a high port number, i dontknow how reliable this info is as its only somethin i heard and thought u should hear,

I no their designed to stop all ports being accessed but supposedly they dont (some - where i heard of it was a security group who had tested x000's of diffeerent makes and published the results)

Im not sure if anyone can back this up?

James

well there are different ways to make a firewall. the "easiest" is a packet filter, which just denies packets sent from wrong IP addresses or for wrong ports. However it is difficult to set up and thus there are better ways to make a firewall, of course requiring more computing power.

"Stateful Inspection" is one of the most powerful ways to protect you because the firewall checks whether a packet belongs to an outgoing connection (such as a HTTP request, or SMTP session, etc) or not, and blocks all that does not belong to an outgoing connection. This is what ZoneAlarm and other firewalls does. However, ZoneAlarm is a Windozze firewall proggram, and a Windozze Firewall program can't do any good...

Beside that, there are different ways to configure a firewall... you can allow everything except things that are forbidden, or you can forbid everything, except things that are allowed. Guess what is highly insecure...

The default setting of my Zyxel firewall is "block everything but outgoing connections". This seems to be a good setting, and also a good default setting. The rule applies also for packet filtering.

Regarding your test, James, it seems there were all Windozze firewalls tested. A Windozze firewall can't do any good... *sigh* Just let me ask one question: Who guarantees me that there is no security leak built in into Windows that allows a hacker to bypass a firewall program? And we are not yet talking about firewall errors at the moment...

If someone REALLY is looking for REAL security, in my opinion there is no way but a "black box" styled Firewall outside of a PC. - Well of course you can also make a lean, clean PC running some Unix flavour, using custom Kernel of course, and a hand crafted firewall programm that does fulfill your specific needs. (That's what they did at AT&T, read the book I mentioned.) But I guess this is wayyy too complicated and out of effort for the most of us.

I'll give you a firewall that works, dunk the head of an axe in gasoline, light it on fire, chop through your network line

....... ok.... I'm rambling.... going back to sleep now.

I am learning so much, its great.
AVSCARY, You made me think, I must sound like a nut sometimes (sometimes?)
Which O/S? The PC I am writting this on is partitioned with 98 2ed, XP and 2000. And I never thought about it, but questions can be very different from an OS standpoint, I mean I never thought about it as I was writting the Q's. I am on 98 now, but could be on XP in an hour. Most of the questions I asked wer from a XP stabdpoint.
Like Where is
AutoShareServer
Cached logged on Credentials
how do I disable DCOM?
DCOM is short for "Distributed Component Object Model". Now here is where someone else can take over. But I believe it has to do with the remote desktop feature in XP. I have remote set up with another PC on my LAN, and untill that time I had never herd of DCOM.
"an extension of the Component Object Model (COM) to support objects distributed across a network. DCOM was developed by Microsoft and has been submitted to the IETF as a draft standard. Since 1996, it has been part of Windows NT, and is also available for Windows 95. "

Can someone, Felix, maybe, tell me more about "Stateful Inspection" ?
Also about the "black box" outside the PC?
Thanks agin for all the good info here.

I tried to explain <b>Stateful Inspection</b> above. It's when the firewall checks all traffic and only allows data packets to pass which belong to an outgoing connection.

Imagine an outgoing connection: Your browser sends a request for a web page to a server, maybe PC Mech. Thus it uses the HTTP protocol, which is indicated by using port 80. If a data packet comes in from the PC Mech server adressed to you, using port 80, it seems to be the answer to your request, right? (I don't know if there are more sophisticated tricks to decide wheter an answer belongs to a question went out before, or not.) Now, a day later, you're in a weekend with your mother in law, a data packet arrives with sender's IP same as PC Mech and recipient's IP is yours, using port 80. There is no reference to those IP adresses and port 80 at that time. Thus it must be an incoming connection. If you were the firewall - what would you do?

With FTP, things are a little more compicated since an FTP session uses an outgoing connection on port 20 and an incoming connection on port 21 (or the other way round, i'm not 100% sure). The firewall must handle the outgoing and the incoming connection belonging together, and refuse all other incoming connections. This outgoing / incoming thingy makes FTP a relatively risky protocol, which, however, is handled fine with today's firewalls.

A packet filter does just look to the sender's IP, recipient's IP and the port number and checks if parts of it or the whole combination is on the "black list" thus will trap the packet. But it can't decide wheter it belongs to an outgoing or an incoming connection. You know, like this thread, every conversation, even between computers, needs some sort of "question and answer" game. This means, (regarding our outgoing HTTP request mentioned above), the browser asks a question, the server sends an answer. This means there were packets sent from both your IP and the web server's IP, but it is still only an outgoing connection.

A <b>"black box"</b> is a term for, errr, just that - a black box. It has some inputs and some outputs but you can't see what happens inside, nor can you take influence to the inside stuff except the handles that are provided by the builder of the black box.

Example: A Disc Man or other CD player. There are some handles and knobs, a headphone plug, and a door to insert a CD. The output is music. That's it. Nothing else. You don't know exactly what happens inside.

The other concept is to make custom built items, such as a PC with a CD ROM drive, a sound card, and speakers. This allows you to highly customize the way a CD will be played, however, you can mess up almost every thing, while the black box player is foolproof.

That's what I meant: A "black box" style item is nearly foolproof, no matter it's a car, VCR, CD player, or firewall. A custom made item, specially when based on a PC, tends to fail every once in a while, mostly because it's puzzled together from functions bricks which finally led to an overblown design, even if not needed. This will kill your firewall. Or, say, what purpose has a CD player and a sound card in a firewall system? :) See the picture?

Hope things are a bit more clear now... If not, repost.

Thank s again
It is much clearer now then when I started this post. Believe that!!!
My thoughts on some things were confirmed and I learned a lot, Which actually has me off looking things up, so I can learn some more things, which has me off looking things up,so I can learn... you get the pic.
Its been a pleasure, thanks

welcome :D