How to stop someone from hacking me

Discussion in 'Ethical hacking' started by Lusitano, Mar 19, 2009.

  1. Lusitano

    Lusitano New Member

    Joined:
    Mar 19, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Portugal
    Before i explain my problem i would just like to mention that i dont know much about the matter im going to talk about, so im looking for someone who can be really patient and teach me even basic stuff.
    Now to the problem itself... basicly someone who i have on my msn just hacked me today. He didnt do anything but to leave me without internet access for like 2 minutes (that was merely the time he wanted it to last). As far as i know he got my IP from msn and from there he did that. Even believing he wont do anything else i wanted to know a bit more about how these things work and how i can prevent it from happening again (if possible). This guy is no beginer in these things so i guess that if there is a way to prevent him from doing it again it wont be an easy one. If someone is willing to help me i can provide further details about my conversation with him about what he did. Thanks for the help already.
     
  2. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net
    u gotta explin it better, because only with IP what he can do is scan your open ports and send u a "Ping of Death" which will crash ur computer. Except this i dont see any hacking attempts unless u ellaborate what exactly happened.
     
  3. Lusitano

    Lusitano New Member

    Joined:
    Mar 19, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Portugal

    basicly he just made me loose my internect conection for 2 minutes. i dont really have a clue how but i'll copy-paste any relevant info he said. maybe it will help.
    liked tha show? ^^
    u have nothin to worry about
    it'z called ddos if u wanna search fo it on the net
    and the cable guys from this town
    paid 10 000 euros
    to buy protection for that
    i can still make their whole system down in 1 sec :D
    my point is there is no such protection, once u have it u can burn up whatever u want :D
    u know Garena.com
    the place
    ye, not to you
    to anyone i know hiz ip adress
    i can shut it down permanently, untill he changez the ip
    i've been doin this 2 years ago :D
    it'z not fun anymore :D
    if i attack ur ip
    u can put as much firewalls as u want
    but i'm attacking from 100+ servers
    which can upload 10MB/s
    and u can't find a firewall which can support that big attacks
    u can do whatever u want, once i have ur ip
    evendough i can tracert it
    u know run cmd
    tracert ip
    and it tellz me for one packet
    through which ipz he goes
    so i can find the ip where u take internet from
    so ur whole provider will be netless :D
    and i can trace ur ip while we are talking on msn :D
    just by having u on msn i can find ur ip
    jus emagine
    if i waz that evil
    as my sis said
    u wouldn't have net for months :D
    i got people
    paying me 1000$ US
    and much more
    jus to teach them how to do this (****) :D
    some web designers
    which have competition :D
    there is a way to hide ur ip
    but once someone knowz ur ip, there is nothin u cAn do
    well, thats all the relavant stuff he said about it. i just know he cut my conection. dont ask me how cause thats wat i want to know.
     
  4. Lusitano

    Lusitano New Member

    Joined:
    Mar 19, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Portugal
    well, i was making further research into this. as far as i read these ddos attacks are something impossible to block actualy. is tis really true? isnt there a way to stop it?
     
  5. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net
    i didnt read the entire conversation, but i think this guy is from ur local place, and its a SO CALLED Ddos attach which is also known as REMOTE DISCONNECTION.

    dos:- Denial of services
    Basically used to shut down some website for sometime, needs a lotta bandwidth, atleast 5 computer pinging the same website continuously with some DOS tool at around 3 mbps speed

    Remote Disconnection:-
    Helps you to disconnect any computer from the internet at your local place. So i think that guy must be living somewhere around ur place. OR he has got the good bandwidth with quite a good internet speed.
     
  6. Lusitano

    Lusitano New Member

    Joined:
    Mar 19, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Portugal
    Actualy you are wrong about both things. i am from portugal and tis guy is from macedonia. And also as far as i know their internet services there arent that good. But anyway... what i was just reasearching about its true right? no way to stop this?
     
  7. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net
    no way to stop this, u may use IP hider though
     
  8. Lusitano

    Lusitano New Member

    Joined:
    Mar 19, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Portugal
    well, hiding my IP now will be of no use since he already knows it. right?
     
  9. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net
    it wud be useful, because he MAY not get reply when he pings ur ip to check if your online.
     
  10. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    Well Actually DDoS attacks cannot be stopped but can be prevented and there are organizations working for this.
     
  11. Lusitano

    Lusitano New Member

    Joined:
    Mar 19, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Portugal
    Well, the truth is i dont know much about these matters. I never really took much interest in learning stuff related to hacking till today, after this happened. Im not a programer or anything like that, so my knowledge on this issues is prety basic. Im kinda having an headache from all the explanations and terms i had to look into while researcing on this. But back to the point... as far as i researched it doesnt look like i can prevent this guy from doing it again if he ever feels like it. And i must confess this is not a pleasant thought.
     
  12. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    No. You get a host where there are firewalls against DDoS and if you want to prevent your personal PC from this its quite easy.

    Just close all the ports connection apart from the one through which you connect internet or get some Good Norton and that would do the trick. Norton even protects from the Port Scanning which
     
  13. Lusitano

    Lusitano New Member

    Joined:
    Mar 19, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Portugal
    Are you sure Norton would solve this kind of problem? I mean... this guy says he can do this to a cable company that payed 10.000 euros to have protection against it. It's hard to believe the answer is Norton. And about "closing the ports"... could u give me some hints on how to do that if it's not asking too much?
     
  14. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    Norton is definitely a solution because DDoS needs to request some data from your PC and if Antivirus Stops the Port Scanning chances are it can stop that to an extent.

    Also you can have Hardware Firewalls to protect from DDoS Specially.

    Search for DDoS Hardware Firewalls and that should help
     
  15. xpi0t0s

    xpi0t0s Mentor

    Joined:
    Aug 6, 2004
    Messages:
    3,009
    Likes Received:
    203
    Trophy Points:
    63
    Occupation:
    Senior Support Engineer
    Location:
    England
    Sounds like he's nothing but a common thief, using bribery tactics to try to make you pay. He's probably just a script kiddie too with no actual skills of his own (otherwise he'd be out using them in an honest job).

    Well if you do pay there will be no guarantee he won't keep doing it when he wants more money. Protection rackets give you no protection at all and just gives your attacker more drug money.

    Maybe he has got people paying him $0,000's in protection money but you already know he's a thief; how do you know he isn't lying about that too? Has he shown you receipts and have you confirmed the payments with the alleged victims? If not then take ALL his claims with a LARGE pinch of salt.

    So ignore him. If you must respond, tell him clearly you're not going to pay him a penny no matter what he does and once he gets that message he'll leave you alone and move on to someone else. He can't DDOS everyone he threatens, and it's more likely he's only using DDOS as a threat.

    A DDOS (distributed denial of service) is a realistic threat; partly thanks to Windows insecurities but to a large extent stupid users (people who can't resist clicking on "I love you" even if they've been virus infected and LARTed multiple times before - there is virtually no limit on human stupidity) there are many "zombie" machines out there - that's a broadband connected PC with some malware that the owner doesn't know about and that can be controlled by people like this.

    But a *permanent* DDOS is no threat at all, and that's what lying thieves like this fail to point out. They just let you make that assumption for yourself. If he were to setup a permanent DDOS, and his allegedly 10 million machines all continuously attack your IP, then the solution is to get a new IP address, and the only way he can tell if that new IP address is you is if you tell him. If he blocks that then repeat until he can't block any more. He can't possibly block the whole internet. Plus if these zombie machines ARE continuously transmitting to your IP then they can be traced and shutdown.

    If you have no internet connection then complain about this to your ISP; it's their job to get you connected and if their systems are prone to DDOS attacks then that's their problem not yours.

    Make sure you have a firewall on your system. I use Windows firewall which seems to be good enough; it prevents inbound stuff but does nothing about outbound connections. I used to use the free version of Kerio Personal Firewall which is very good and has a configuration mode whereby any inbound or outbound connection gets reported to you and you get to choose between Always allow, Allow once, Disallow once and Always disallow. This is tedious in the early days as just about everything you do results in a popup but pays huge dividends as you build up a rule database. It also has a stealth mode whereby any blocked inbound connection isn't immediately rejected (which confirms to a cracker/script kiddie that there is a PC at that location) but ignores it - no response at all suggests there ISN'T a PC there.

    (I stopped using Kerio because I got a second PC and wanted to connect it to the internet through the first. Kerio Free doesn't support this configuration and you have to get the paid version. However Windows Firewall *does* support this configuration, hence the switch. The outbound stuff Kerio would have picked up would be down to malware on the computer which would be picked up by AVG and/or Spybot Search&Destroy anyway, so I decided I didn't need the outbound stuff anyway. But if you don't want to use your PC as a gateway for other PC's then Kerio is a good choice if you're concerned about what your IP layer is getting up to.)
     
  16. Lusitano

    Lusitano New Member

    Joined:
    Mar 19, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Portugal
    Well, 1st of all you don't need to get so worked up. Ahah! Its not like he's asking me for money. He actualy got my IP through my msn cause i use to talk to his sister in there and they share that msn account. And yesterday i guess maybe he decided to do that to "prove" who knows what. But no matter what the case might be i didn't find it funny at all and was hopping there would be a way to block that anyway. I have instaled Norton 2009 now as i was advised and found out a so claimed anti-ddos firewall called Fort-Guard, so lets hope it will be worth the trouble. It's not a matter if he will do it again or not... the matter is he can do it. And thats what i don't like. So if theres a way to prevent it i want to know how.
     
  17. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net
    lol i wasnt wrong. i was about DoS and xpi0t0s spoke about Ddos.

    Yes but a very good thing he said was:
    You should tell him "m not gonna pay u, do whateva u want with my comp". Ususally if u think from the point view of a hacker, he probably wud think, " there are millions of ppl out there who dont know anything, and this guy is still researching on it, so rather than wasting more time on u, lets move to someone else, probably i wud be paid more"
     
  18. xpi0t0s

    xpi0t0s Mentor

    Joined:
    Aug 6, 2004
    Messages:
    3,009
    Likes Received:
    203
    Trophy Points:
    63
    Occupation:
    Senior Support Engineer
    Location:
    England
    Fair enough, and obviously I didn't read the whole conversation either (mainly because I find this whole txtspk stuff* difficult to understand) but I did pick out the following bits:

    the cable guys from this town
    paid 10 000 euros
    to buy protection for that

    i got people
    paying me 1000$ US
    and much more

    if i attack ur ip
    u can put as much firewalls as u want
    but i'm attacking from 100+ servers
    which can upload 10MB/s
    and u can't find a firewall which can support that big attacks

    to anyone i know hiz ip adress
    i can shut it down permanently, untill he changez the ip


    Yes, I missed the bit about him being more or less a friend because you know his sister; you could possibly have made that a little clearer; usually when people complain about "being hacked" it's by a stranger.

    *Frxpl, fImsutltrpkdtndm, ncdgspc, uwnthvukgclhI'alnbt.
     
  19. Lusitano

    Lusitano New Member

    Joined:
    Mar 19, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Portugal
    As far as i see you got the most important parts of what he said. Some cable company payed 10.000 euros to buy protection from ddos and he claims he can still bring it down in 1second if he wants, and he gets payed 1.000 or more by people that wants him to teach them to do that. So looking at that it doesn't look like he is a beginer. And to make it clear... I don't really know him. I've known his sister (not personaly) for like half an year, but don't know much about him exept for what she tells me. I'v been playing a game called Conquer Online for quite some time (that's where i first knew her) and that guy can bring the servers down everytime he wants. So i guess all this tells a bit about the threat he can pose to me or anyone if he wishes. Even though he told me not to worry it's not like i fully trust him either. Otherwise i wouldnt be diging info arround about all this stuff. And no matter if he poses a threat to me or not i'd like to be protected if that was possible. And you never know when somone else will try to do the same. I never knew this kind of attack was possible, so yeah, i'm taking it seriously.
     
  20. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    If he can break a DDoS hardware firewall then probably he would be working into that Firewall company by now then.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice