|
a hacker since 9:49 eastern time, someone at ip address 12.239.146.24 has been pinging/hacking my computer. It is now 1:03 pm eastern time. I am getting a notice from my firewall about every 4 minutes with this ip, and it says it comes from Gnutella. I just joined Gnutella a few minutes ago so that maybe I could receive some help on this...I already notified attbi. I was quite surprised to see Gnutella show up on my firewall log today, and it has been constant ever since. |
please define pinging/hacking my computer. |
This morning, when I woke up and hit the puter to do some work, my firewall log popped up and told me that an unsolicited computer tried to access mine. It said it was using Gnutella. This continued about everyone 4 minutes or so and is still going on, with the above ip. I spent the morning on the phone with att..they take forever...here is an example of the log... 2002/06/21 12:55:01 12.239.146.24:2327 (12-239-146-24.client.attbi.com) 65.32.40.132:6346 Gnutella It has truly been annoying. |
Quote:
someone who runs a gnutella servent has your IP address in it's queue. This might happen if: 1) You ran a gnutella servent in the recent past. 2) You are on a dialup and someone who had your IP address in the recent past was running a gnutella servent... I.E. Someone's gnutella thinks that you are running gnutella. Happens all the time to me. I ignore it. A ping is not a Hack and a Hacker is not a Cracker. (although a Cracker will ping first to locate you.) If your machine has it's doors closed & secure, you are safe. If your doors are open, gnutella is the least of your worries......... cheers jd |
It is normal that you got a lot of alerts while you are connected to the Gnutella net... These are port scans, pings etc. nothing really serious... Morgwen |
I am behind a firewall and have other security software, so I'm not worried about that, but I would like to know how to stop this. I have never used Gnutella before (not Morpehus or anything else). For some things I am doing I need to keep my firewall log up, and every 4 minutes I get this "ping" or whatever. However it works, it is a nuisance. |
Morgwen, I was not connected to the Gnutella net...that's the problem... |
Quote:
Perhaps there is a way to filter the results with your firewall (if you have a good one), but I am no security expert... Morgwen |
so, even if you don't have this "Gnutella," they can just interfere with your computer just cause you are online? And do it all day? no wonder there is are pro and con people for this thing. |
Quote:
First you disconneted short time ago. Your IP is still in the caches and the people try to connect! Or somebody tries to resume his download, do you have a fixed IP or dynamic? If you have a dynamic one did it change after you disconneted? Morgwen |
Quote:
Only while you are conneted with the Gnutella network, I posted already two possibilities! Morgwen |
I guess I am not being clear...i have NEVER had Gnutella on my computer. I was not connected..ever..until about 2 hours ago to try to get some help for this..this started at 9.49 this morning. No morpeus, no bear share or whatever. |
Wait you wrote you joined Gnutella! What do you mean with joined? Which client did you install? Or what did you do? Morgwen |
read my original post: since 9:49 eastern time, someone at ip address 12.239.146.24 has been pinging/hacking my computer. It is now 1:03 pm eastern time. I am getting a notice from my firewall about every 4 minutes with this ip, and it says it comes from Gnutella. I just joined Gnutella a few minutes ago so that maybe I could receive some help on this...I already notified attbi. I was quite surprised to see Gnutella show up on my firewall log today, and it has been constant ever since. I installed nothing...just signed in so that I could join the forum..that's it..created a user name and a password |
Quote:
Hmm... I have really no idea... :confused: Sorry! :( Morgwen |
who would know..is there a way to get in touch with admin or something? |
Quote:
http://www.gnutellaforums.com/showgroups.php But I don΄t hink he can help you... Morgwen |
hey, thanks...I sent a message..at least this person may point me in the right direction!! |
this morning I woke up and found a HACKER in my bed! OMG! I knew I should do backups and virus scans and do not send my AOL password to everyone... but now I see blinking lights on my firewall and he is in my BED!!! I am hacked! please advice, fast! ps :) |
Quote:
Morgwen |
AOL..ick! |
Umm if you know his/her IP. you can try the following: open up a command window (start->run->"command") and ping him (just to **** him off :p) Then, if you are running an NT-based windows os (NT/2k/xp) you can type "Net send 12.239.146.24 who are you and what are you doing to my pc?" this will pop up a dialogue on their PC that will say a message (in this case "who are you and what are you doing to my pc?") NOTE: this will only work if they are also running NT/2k/XP. Apart from that, if your firewall catches it, you ahve nothing to worry about |
You have nothing to worry about anyway, this is harmless gnutella traffic. You've said this occured before you installed a gnutella client, understood. But due to DHCP your IP address changes on a fairly regular basis (depending on your connection) and you simply aquired the IP address of someone who had recently been on the gnutella network. No big deal. BTW, a ping shouldn't scare or **** off anyone, it doesn't do anything. And "your firewall caught it so you're okay" is bullshit, you're okay anyway because you don't have a service listening for traffic on that port (even if you did, it'd most likely be a gnutella client which don't currently have holes to exploit). Noone can just aim a sharply pointed packet at your computer and "hack" it. You must be running some form of server (web, email, ftp, gnutella servent, etc) to receive and process the traffic coming in. If you're not (*Remote access trojans run as servers, so check for those*) then you don't really have much to worry about (at least not on that front.) |
Quote:
It seem that you are upset because someone out in the Internet Cloud initiated some activity with your machine. If that is a problem, you can try to control the whole world, disconnect from the Internet, secure your machine, or relax and enjoy it. Pick one.......... When you drive on the public streets it may annoy you that someone toots their horn within your hearing distance. You may not be doing anything to cause a tooting. Life's a beach......... cheers, jd |
<<sigh>> I just don't think that it is a decent thing for a person who has not solicited Gnutella to even have to deal with it..if you don't download it, or visit its sites, you shouldn't have to deal with that...for what I do for a living, I need to have logs up, and having someone pinging me every 4 minutes for what turned out to be 24 hours is ridiculous. Sorry, I don't think that I should have to deal with a file sharing service that I have never asked for. And the whole "tooting your horn" thing is reducing this situation to the absurd, and false logic. The true analogy would be someone tooting their horn for hours as you drove, then parking outside your house and continuing the tooting. I don't care how determined someone is to love Gnutella..this is a problem, if random IPs can be victimized. |
Quote:
Quote:
Or you can just unplug from the net and quit bitching. Quote:
|
About the Gnutella connections Once you connect to the Gnutella network, you advertise your IP address to other Gnutella clients. Those Gnutella clients will forward it to others upon request. This is how others you might have never connected to before are able to connect to you now. When you disconnect from the Gnutella network, your IP address will still "float" around among other Gnutella client. They are held in a cache. These caches do expire after a certain amount of time, so they won't hold your IP address forever. For some, it's just a few minutes, for others, it may be a few days. The issue here, is when your IP address is about to expire at one Gnutella client (say, it only has 10 seconds left to live), but another client requests more IP addresses, your IP address will now be in another one's cache, who may again store it for another period of time as a "fresh" IP address. And so on, and so on. So it may take a while before your IP address is completely out of the Gnutella network. But for that reason, you will keep receiving incoming Gnutella connect requests, which may appear as "pings" in ZoneAlarm or other firewalls, because your client's isn't up and running (thus the system needs to report it as "closed", or in your case, filter the request out). That may appear as a hack attempt, while in fact it is not. Now, this isn't something considered high-priority for most developers to solve. However, with the intruduction of some new extension within Gnutella itself, a proposal might come forth that adds a "freshness" or "age" tag to your IP address, so it can be removed from the network if it is getting "old" - ensuring it will be removed faster than currently done. |
Re: About the Gnutella connections Quote:
Morgwen |
She didn't inidcate what kind of connection she has (atleast, not that I have noticed). If she's using a connection with a dynamic IP address, then that could be the source of the problem. For example, someone else at her ISP might have had her IP address and used Gnutella. Or perhaps, someone else has used her system (like, kids or a partner). |
Thanks, cultiv8r for helping me with a very nice attitude...I appreciate that, unlike SOMEONE who is so blindly in love with Gnutella that they can't even think straight and must use insults to respond to someone seeking help. I know who has a partner here; the one who could even conceive of it. And, cult, I just got the puter, so there has be noone else on it yet. I realize now, since I have good help, that the fact that I have cable modem at home will be part of it. And yes SOMEONE (Mrgone) I am still working on my MIS degree and may be wrong at sometime, but that is what help is for, so to my friends cultiv8tr and Morgwen, thank you so much for your friendly advice...I appreciate you for being knowledgable without being information hogs and treating those that are learning with respect instead of contempt. I'm trying to learn some things now, (my fiance being a software engineer) and I am dipping into some waters I don't know much about..I have a tracing program that he uses for work here, and the day I got the pings, they all came from the same area of the country and from the same person. This is why I suspected hacking, especially since this puter is used for some coding my fiance uses that are related to security. Obviously if I didn't know anything I was doing, I wouldn't have even known this. But whatever..Cult and Morg...thanks for the help :) And, Mrgone...take your attitude..and turn blue:D I don't live my life on the computer!! And I forgive you your insecurities! |
iriegirl, When you come somewhere to learn don't start off with such a chip on your shoulder claiming to be victimized. Try to keep a more open mind and you'll meet with much better attitudes. |
Most cable systems have the ability to change your IP at any time. It isn't weekly or on some systems not even monthly but it does happen unless you pay for a static IP. So, you could have picked up a "previously used" IP that was for someone else that was running Gnutella all the time. Remember these IPs are "recycled" because a cable company only gets so many. Log your IP every day and let us know how often it changes, just for grins that is. Does anyone know how a cable company can have 130,000 subscribers, each one with his own IP and some of them have TWO or more computers, each assigned their own IP? I have tested this and you can connect 4 computers and each one is assigned it's own "private" IP. I assume some companies will use special boxes to "share" a IP for one house, that will be interesting to see how Gnutella will be if everyone does that. If you had a IP of say 211.245.XXX.XXX then you would get about 65536 max IPs, but how many cable companies can we support with this? If every cable company was on 211.XXX then we could only support 256 of them, and what about the rest of the net? |
Quote:
What you have been told repeatedly is that it is absurd for you to worry about a harmless thing like ping (or a toot). Wake up and smell the coffee. Quote:
Unless you are simply a troll looking for a fight, you will seek out someone you trust, who understands how the net (IP traffic) works and listen as they tell you the same things that you have (failed to learn?) learned here. You claim to want to learn. Only you can do that by dropping the attitude and listening with an open mind................. cheers, johnd |
You're welcome iriegirl. The unregistered person said it well, about IP addresses being "recycled". This would more likely be your case if you have recently obtained Cable Modem access. There are some things to note about Cable Modem access though. Because your computer will be connected to the Internet 24/7 (or at least, it is supposed to be), you become a bit easier target to malicious users. A software based firewall is a good start, but I'd recommend adding a hardware firewall as well. Such firewalls are usually built into "routers" (see http://www.linksys.com, which provides these products and good information about it too). They're fairly inexpensive (around $50). In addition to that, your computer will have a different type of access to the Internet, rather than direct access to the Internet. Even though you may not be using a home network, you can still use the router for just one PC. It'll give you some added security, and when you decide to do add an additional PC in your home, you can use both those PCs to access the Internet with a bit more ease. Obviously, even hardware firewalls can be comprimised, but the thing is to make it "harder", not "easier" to get into your system. |
i suspect that the person hammering you was using a gnutella servent called Qtrax2. this program is known to be an excessive hammerer and can send you packets many hours after you left Gnutella. although it gets no response, it still hammers you, it even hammers you if you are already uploading to it the file it is hammering for. it just hammers the whole time for no reason. if you were reusing the ip of someone else, it is possible that it tries to connect to you for over 24 hours. it is not in wide use though, as the gnutella community doesn't recommend it. it also has no forum here. decent gnutella clients (i mean every one i know) will mark your ip adress as unresponsive and not try to send you any more messages after a short timeout interval. raphael has even developed an anti-hammering feature which he built into gtk-gnutella, i think others will follow. so there is no need to have a beef with gnutella, it's a very nice network generally. |
I can see what Iriegirl is saying. It is very annoying to have an alert window coming up every few seconds while you're trying to work. I can aslo imagine that getting 1000 interspersed hits would make reading your firewall logs (for whatever reason she is) confusing. I can also see how having these hits from a filesharing network that you never joined is extra-puzzling. Iriegirl: on Norton Firewall I can turn off the alert message, while continuing to log activity, if that's what you're talking about. Others have mentioned that you can probably also have the log filter out an IP (I'm not sure how to do that), if that's what you're talking about. To all the blasters -- are you really saying that someone trying to access your computer every four minutes for 24 hours wouldn't cause you concern? Or that if you're working with your firewall logs these erroneous entries wouldn't annoy you? On a tangent, I'm getting conflicting information here: MrGone says: "And 'your firewall caught it so you're okay' is bullshit, you're okay anyway because you don't have a service listening for traffic on that port (even if you did, it'd most likely be a gnutella client which don't currently have holes to exploit). Noone can just aim a sharply pointed packet at your computer and "hack" it. You must be running some form of server (web, email, ftp, gnutella servent, etc) to receive and process the traffic coming in." However, cultiv8r says: "There are some things to note about Cable Modem access though. Because your computer will be connected to the Internet 24/7 (or at least, it is supposed to be), you become a bit easier target to malicious users. A software based firewall is a good start, but I'd recommend adding a hardware firewall as well." These are the two predominant views that I've heard regarding firewalls. My questions are: If I'm on a system NOT running any servers: Which information is more accurate? What exactly is a hacker/cracker/kiddiescripter capable of (apart from the trojan issue)? Can anyone really harm me even if I don't have a firewall? Are firewalls then only a preventative measure in case one downloads a trojan? I have even heard that a firewall may cause increased risk, because IT is, in fact listening at the ports. Is that true? If I'm on a system that IS running some sort of server: What is the risk? Will a firewall (hardware or software) help protect me? How is this possible if the port needs to remain open in order to serve? Third: Does any of this change if I'm connected to the internet via a wireless connection to a base-station that is hooked into a DSL router? Can some sneaky driver-by hack into my computer through my wireless connection? The last question is: Do the answers to these questions change if I'm on a macintosh (running either os 9, or os X)? I have heard that macintoshes are virtually invulnerable to hacking other than through a direct, hardware connection. However I've heard that there may be some security holes in os X. Any security experts in the house, with a lot of time on their hands? If not, where can I post these questions? Thanks a bunch, Gratis |
Quote:
Quote:
And no, firewalls do not listen on the ports (excepting possibly for remote administration of the firewall.) Quote:
For example, if someone was doing a port scan on your computer to see if there were any listening services (maybe one being exploitable) you could see this happening and block his IP address from anything you do actually have running (exploitable or not, this guy can kiss off.) Then you can do a whois lookup on the IP address and notify his ISP regarding the attempted abuse (you're probably not the only person he's tried this on) and enough complaints could get him shut down (probably temporarily, but that's better than nothing) potentially saving the *** of some poor schmuck who is running an unsecure system. Quote:
Quote:
Quote:
|
Thanks a lot for your thourough response. I think I understand the issue much better now. |
| All times are GMT -7. The time now is 09:24 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright © 2020 Gnutella Forums.
All Rights Reserved.