View Full Version : Was attacked last night, plz read.

07-14-00, 07:54 AM
Hello i was attacked by another user who said he will "knock out" my internet, i had my zone alarm up, my residential gateway/firewall up and my internet conenction was killed. I am on a cable modem, i unplugged it everything my gateway , anyhow i let it run overnight and now its fine again, any ideas? I would somehoe like to get his ip to blacklist him.

07-15-00, 06:09 AM
Did you have the log running in ZoneAlaram? If so it should have recorded the attack with an IP. If not you may want to enable it. Even though he's probably masking his IP it would be a place to start.

07-15-00, 04:48 PM
You were warned [threatened] in advance? Did he ICQ or email you, or what? Maybe you need a router.........

07-16-00, 10:27 AM
My nephew was talking trash with someone (I think it was on ICQ), anyhow this person told him he would crash my nephews computer if he didn't stop. Subsequently my nephews computer crashed. How was this person able to do this and what measures other than closing his mouth could have been taken to prevent this?

07-16-00, 04:00 PM
You can have all the security you want behind the cablemodem, but the fact is that your still on cable which leaves you an open target to being packeted. Try talking your isp into providing some firewalling...lol. Also, The fact that this individual launched an attack on you of this nature and you dont have the offending ip address tells me that you are lacking in the most crucial area...knowledge. Without it you can have all the Gateways, firewalling, and hyped up software *cough* blackice *cough* you can afford ant it wont do you much good at all.

07-16-00, 04:26 PM
First, what we're looking for are solutions, not a practical analysis of our lack of knowledge, it goes without saying we're already congniscent of this otherwise we wouldn't be here asking questions.

Secondly, my nephew was on a dial up modem when he was attacked. If anyone knows how this is done and how to prevent it I'd love to hear from you.

07-16-00, 04:40 PM
I have heard of flooders for ICQ. What I beleive they do is send either ICMP or UDP packets to your machine over and over again. What this cause's is severe lag from your connection to respond that many, if not maybe 10times of what the sendee is asking for. This is a typical DoS (Denial Of Service) Attack. My suggestion that I posted earlier still applies in this case. There are really great firewalls out there... but to answer your question and to hopefully solve this dilema, would be to go here. http://www.zonealarm.com and if your willing to fork out the $40bucks go here http://www.networkice.com

Good Luck!

07-17-00, 01:56 AM
Veech sounds like he had a common problem relating to cable modems. If your IP is sent a (very)long string of invalid packets will cause your cable modem to timeout. If the packets continue after the modem "cycles" itself, it will shut down because it assumes there is no valid cable connection. Reset it, renew your lease (change your IP) and everything is okie dokie!

Unless you are running a server yourself, change your IP often and shield it from outsiders (as much as possible). I will not detail such hacks for obvious reasons, but if you would like to see a non-destructive example, just do a port probe on www.insecure.org. (http://www.insecure.org.) (with a cable/dsl modem).

Now dmsmed's nephew is a different story...

you seem to imply that (1) an analog modem was used, (2) a dial-up account was used, and (3) The computer crashed! (not the modem).

Unless there is more to the story (file transfer, web script, etc) this is *Highly unlikely*

I would be interested in a step by step blow of what he was doing and a description of the crash and what it took to recover.

There just has to be more to it.

P.S. As long as you use a provider to access the net hackers will ALWAYS be able to spoof an IP to bypass Zone Alarm and the like. Consider this, does your Firewall trust your ISP host to serve you webpages? There you go! Security must begin at the gateway and you have every right to examine and question your provider's precautions!!!

[This message has been edited by clown_one (edited 07-17-2000).]

07-18-00, 03:31 AM
Well, first of all, you have his ICQ#. That way you could get HIS IP...

Second of all, on how to prevent this, is getting ICQ2000a if you don't have it already, click on the ICQ button, go to security/privacy.
On the general tab, require authorization from all users.
More important, on the direct connection tab, allow direct connections only upon your authorization. Why? Because by opening a direct connection a hacker can get your IP, which of course is needed for attacks.


"I have lost all my beliefs to a world of hypocrisy"
(Hypocrisy - Paradox)

07-20-00, 08:40 PM
Yea, I have heard icq is easily hacked and you can be totally open to it! Good points all.

07-22-00, 11:54 PM
DaDevil other than being an immature person you didnt even answer the question that was presented.As the saying goes if you dont have anything good to say, dont say it. ANyhow i read up on the attack and now i know what happened. Thanks everyone.

07-26-00, 12:49 PM
I just downloaded ZoneAlarm, and every 30 seconds I get this message;

The firewall has blocked Internet access to your computer (UDP Port xxxxx) from (UDP Port 1725).

And the ip is a different one everytime. What is going on?

07-27-00, 05:48 AM
Quite probably WON or Gamespy or some other similar program is trying to determine if you're on line. I did a quick check, and found No trojans or worms using that port.

iden-ralp 1725/tcp iden-ralp
iden-ralp 1725/udp iden-ralp

iDEN RALP messages to write a marker into the file or play a *.wav file as an audio alert. Trigger messages include handover failure, location update reject, assignment failures, etc


"Yeah Baby, YEAH!!!"

01-28-05, 05:18 PM
his IP address is host oam-m11b.blue.aol.com hes been hacking every one he can get his hands on and is located in nebraska i think not really sure....the hacker has quite a repitoir of programs but his IP remains the same

01-28-05, 05:32 PM
wow, talk about an old thread...

01-28-05, 06:57 PM
his IP address is host oam-m11b.blue.aol.com hes been hacking every one he can get his hands on and is located in nebraska i think not really sure....the hacker has quite a repitoir of programs but his IP remains the same

Send this info to AOL along with logs you may have and your complaints..