[ afrocuban @ 25.02.2004. 16:40 ] @
Ne znam odakle da krenem. Generalno, pitanje je da li me moj ISP zajebava i potkrada. Imam stalnu, bežičnu konekciju (navodno 1Mbps, ali nikad ništa od toga) Evo ovako. - Instaliram Winroute, podesim ga, onoliko koliko umem. Odem (kao i uvek) na pcflank.com da istestiram. Dobijem sledeće: Browser Test Cookies check Your computer does not save special cookies on your hard drive Recommendation Your browser (or firewall) set to block cookies so there is no risk to your privacy. Referrer check While visiting web sites your browser does not reveal private information (called 'referrer') about previous sites you have visited. Recommendation Your browser (or firewall) set to block referrer so there is no risk to your privacy. Stealth test TCP "ping" stealthed TCP NULL stealthed TCP FIN stealthed TCP XMAS stealthed UDP stealthed Trojans test GiFt 123 stealthed Infector 146 stealthed RTB666 623 stealthed Net-Devil 901 stealthed Net-Devil 902 stealthed Net-Devil 903 stealthed Subseven 1243 stealthed Duddies Trojan 1560 stealthed Duddies Trojan 2001 stealthed Duddies Trojan 2002 stealthed Theef 2800 stealthed Theef 3000 stealthed Theef 3700 stealthed Optix 5151 stealthed Subseven 6776 stealthed Theef 7000 stealthed Phoenix II 7410 stealthed Ghost 9696 stealthed GiFt 10100 stealthed Host Control 10528 stealthed Host Control 11051 stealthed NetBus 12345 stealthed NetBus 12346 stealthed BioNet 12348 stealthed BioNet 12349 stealthed Host Control 15094 stealthed Infector 17569 stealthed NetBus 20034 stealthed MoonPie 25685 stealthed MoonPie 25686 stealthed Subseven 27374 stealthed BO 31337 stealthed Infector 34763 stealthed Infector 35000 stealthed Advanced Port Scanner - TCP SYN scanning - Scan typical vulnerable and Trojan ports 21 stealthed FTP File Transfer Protocol is used to transfer files between computers 23 stealthed TELNET Telnet is used to remotely create a shell (dos prompt) 80 stealthed HTTP HTTP web services publish web pages 135 stealthed RPC Remote Procedure Call (RPC) is used in client/server applications based on MS Windows operating systems 137 stealthed NETBIOS Name Service NetBios is used to share files through your Network Neighborhood 138 stealthed NETBIOS Datagram Service NetBios is used to share files through your Network Neighborhood 139 stealthed NETBIOS Session Service NetBios is used to share files through your Network Neighborhood 1080 stealthed SOCKS PROXY Socks Proxy is an internet proxy service 1243 stealthed SubSeven SubSeven is one of the most widespread trojans 3128 stealthed Masters Paradise and RingZero Trojan horses 12345 stealthed NetBus NetBus is one of the most widespread trojans 12348 stealthed BioNet BioNet is one of the most widespread trojan 27374 stealthed SubSeven SubSeven is one of the most widespread trojans 31337 stealthed Back Orifice Back Orifice is one of the most widespread trojans Exploits Test igmpsyn targa3 fawx kod ssping jolt2 twinge moyari13 nuke teardrop nestea land synk4 opentear stream stream2 rfpoison rst_flip redir Your system successfully defended itself from this attack! _________________________________ E sadddd... otkačim sa servera svoju privatnu mrežu. Dakle, server, spoljnja, unutrašnja mrežna, winroute, internet i ja! Sve je mirno i tiho. U Winroutu otvorim Status-Host/Users, tamo prikazuje "Firewall (moja mašina) - Current Rx(kBps) 43.6"???? A ja ništa ne radim! Refresh jednom, drugi put, pogledam graph, ma cepa miško, samo piči. Pozovem svog ISP-a. Kaže "daj netstat -a -n". Ja mu dam i dobijem sledeće: Active Connections Proto Local Address Foreign Address Sta TCP 0.0.0.0:7 0.0.0.0:0 LIS TCP 0.0.0.0:9 0.0.0.0:0 LIS TCP 0.0.0.0:13 0.0.0.0:0 LIS TCP 0.0.0.0:17 0.0.0.0:0 LIS TCP 0.0.0.0:19 0.0.0.0:0 LIS TCP 0.0.0.0:42 0.0.0.0:0 LIS TCP 0.0.0.0:53 0.0.0.0:0 LIS TCP 0.0.0.0:88 0.0.0.0:0 LIS TCP 0.0.0.0:135 0.0.0.0:0 LIS TCP 0.0.0.0:389 0.0.0.0:0 LIS TCP 0.0.0.0:445 0.0.0.0:0 LIS TCP 0.0.0.0:464 0.0.0.0:0 LIS TCP 0.0.0.0:593 0.0.0.0:0 LIS TCP 0.0.0.0:636 0.0.0.0:0 LIS TCP 0.0.0.0:1026 0.0.0.0:0 LIS TCP 0.0.0.0:1029 0.0.0.0:0 LIS TCP 0.0.0.0:1034 0.0.0.0:0 LIS TCP 0.0.0.0:1077 0.0.0.0:0 LIS TCP 0.0.0.0:1085 0.0.0.0:0 LIS TCP 0.0.0.0:1086 0.0.0.0:0 LIS TCP 0.0.0.0:1087 0.0.0.0:0 LIS TCP 0.0.0.0:1088 0.0.0.0:0 LIS TCP 0.0.0.0:1109 0.0.0.0:0 LIS TCP 0.0.0.0:1111 0.0.0.0:0 LIS TCP 0.0.0.0:1115 0.0.0.0:0 LIS TCP 0.0.0.0:1120 0.0.0.0:0 LIS TCP 0.0.0.0:1146 0.0.0.0:0 LIS TCP 0.0.0.0:1159 0.0.0.0:0 LIS TCP 0.0.0.0:1166 0.0.0.0:0 LIS TCP 0.0.0.0:1628 0.0.0.0:0 LIS TCP 0.0.0.0:2002 0.0.0.0:0 LIS TCP 0.0.0.0:3268 0.0.0.0:0 LIS TCP 0.0.0.0:3269 0.0.0.0:0 LIS TCP 0.0.0.0:3372 0.0.0.0:0 LIS TCP 0.0.0.0:3389 0.0.0.0:0 LIS TCP 0.0.0.0:4899 0.0.0.0:0 LIS TCP 0.0.0.0:8080 0.0.0.0:0 LIS TCP 0.0.0.0:11132 0.0.0.0:0 LIS TCP 0.0.0.0:11531 0.0.0.0:0 LIS TCP 0.0.0.0:13266 0.0.0.0:0 LIS TCP 0.0.0.0:20111 0.0.0.0:0 LIS TCP 0.0.0.0:20171 0.0.0.0:0 LIS TCP 0.0.0.0:24794 0.0.0.0:0 LIS TCP 0.0.0.0:25756 0.0.0.0:0 LIS TCP 0.0.0.0:25771 0.0.0.0:0 LIS TCP 0.0.0.0:29242 0.0.0.0:0 LIS TCP 0.0.0.0:31474 0.0.0.0:0 LIS TCP 0.0.0.0:31973 0.0.0.0:0 LIS TCP 0.0.0.0:32922 0.0.0.0:0 LIS TCP 0.0.0.0:32964 0.0.0.0:0 LIS TCP 0.0.0.0:44333 0.0.0.0:0 LIS TCP 127.0.0.1:389 127.0.0.1:1085 EST TCP 127.0.0.1:389 127.0.0.1:1086 EST TCP 127.0.0.1:389 127.0.0.1:1088 EST TCP 127.0.0.1:389 127.0.0.1:20111 EST TCP 127.0.0.1:1085 127.0.0.1:389 EST TCP 127.0.0.1:1086 127.0.0.1:389 EST TCP 127.0.0.1:1088 127.0.0.1:389 EST TCP 127.0.0.1:3128 0.0.0.0:0 LIS TCP 127.0.0.1:4080 0.0.0.0:0 LIS TCP 127.0.0.1:4081 0.0.0.0:0 LIS TCP 127.0.0.1:11530 0.0.0.0:0 LIS TCP 127.0.0.1:11530 127.0.0.1:11531 EST TCP 127.0.0.1:11531 127.0.0.1:11530 EST TCP 127.0.0.1:20111 127.0.0.1:389 EST TCP 127.0.0.1:25771 127.0.0.1:44333 EST TCP 127.0.0.1:29242 127.0.0.1:389 CLO TCP 127.0.0.1:44333 127.0.0.1:25771 EST TCP 192.168.x.x:139 0.0.0.0:0 LIS TCP 192.168.x.x:139 192.168.0.17:1204 EST TCP 192.168.x.x:389 192.168.0.3:20171 EST TCP 192.168.x.x:389 192.168.0.3:32962 TIM TCP 192.168.x.x:389 192.168.0.3:32963 TIM TCP 192.168.x.x:445 192.168.0.3:32964 EST TCP 192.168.x.x:1026 192.168.0.3:1120 EST TCP 192.168.x.x:1026 192.168.0.3:1628 EST TCP 192.168.x.x:1120 192.168.0.3:1026 EST TCP 192.168.x.x:1628 192.168.0.3:1026 EST TCP 192.168.x.x:3128 0.0.0.0:0 LIS TCP 192.168.x.x:4080 0.0.0.0:0 LIS TCP 192.168.x.x:4081 0.0.0.0:0 LIS TCP 192.168.x.x:20171 192.168.0.3:389 EST TCP 192.168.x.x:24794 192.168.0.3:389 CLO TCP 192.168.x.x:31973 192.168.0.3:3128 CLO TCP 192.168.x.x:32922 192.168.0.3:3128 CLO TCP 192.168.x.x:32964 192.168.0.3:445 EST TCP 192.168.x.x:445 192.168.0.173:1497 EST TCP 192.168.x.x:3128 0.0.0.0:0 LIS TCP 192.168.x.x:4080 0.0.0.0:0 LIS TCP 192.168.x.x:4081 0.0.0.0:0 LIS TCP 195.252.98.x:139 0.0.0.0:0 LIS TCP 195.252.98.x:3128 0.0.0.0:0 LIS TCP 195.252.98.x:4080 0.0.0.0:0 LIS TCP 195.252.98.x:4081 0.0.0.0:0 LIS TCP 195.252.98.x:25756 66.28.153.29:80 EST TCP 195.252.98.x:31474 212.27.40.158:80 EST UDP 0.0.0.0:7 *:* UDP 0.0.0.0:9 *:* UDP 0.0.0.0:13 *:* UDP 0.0.0.0:17 *:* UDP 0.0.0.0:19 *:* UDP 0.0.0.0:42 *:* UDP 0.0.0.0:135 *:* UDP 0.0.0.0:161 *:* UDP 0.0.0.0:445 *:* UDP 0.0.0.0:1028 *:* UDP 0.0.0.0:1031 *:* UDP 0.0.0.0:1032 *:* UDP 0.0.0.0:1036 *:* UDP 0.0.0.0:1074 *:* UDP 0.0.0.0:1078 *:* UDP 0.0.0.0:1082 *:* UDP 0.0.0.0:1084 *:* UDP 0.0.0.0:1089 *:* UDP 0.0.0.0:1116 *:* UDP 0.0.0.0:1150 *:* UDP 0.0.0.0:1165 *:* UDP 0.0.0.0:1175 *:* UDP 0.0.0.0:1645 *:* UDP 0.0.0.0:1646 *:* UDP 0.0.0.0:1812 *:* UDP 0.0.0.0:1813 *:* UDP 0.0.0.0:2807 *:* UDP 0.0.0.0:2967 *:* UDP 0.0.0.0:25772 *:* UDP 0.0.0.0:38293 *:* UDP 0.0.0.0:44333 *:* UDP 127.0.0.1:53 *:* UDP 127.0.0.1:1030 *:* UDP 127.0.0.1:1147 *:* UDP 127.0.0.1:1148 *:* UDP 127.0.0.1:25308 *:* UDP 127.0.0.1:25309 *:* UDP 127.0.0.1:31971 *:* UDP 192.168.0.x:53 *:* UDP 192.168.x.x:88 *:* UDP 192.168.x.x:123 *:* UDP 192.168.x.x:137 *:* UDP 192.168.x.x:138 *:* UDP 192.168.x.x:389 *:* UDP 192.168.x.x:464 *:* UDP 192.168.x.x:500 *:* UDP 192.168.x.x:4500 *:* UDP 192.168.x.x:53 *:* UDP 192.168.x.x:88 *:* UDP 192.168.x.x:123 *:* UDP 192.168.x.x:389 *:* UDP 192.168.x.x:464 *:* UDP 192.168.x.x:500 *:* UDP 192.168.x.x:4500 *:* UDP 195.252.98.x:53 *:* UDP 195.252.98.x:88 *:* UDP 195.252.98.x:123 *:* UDP 195.252.98.x:137 *:* UDP 195.252.98.x:138 *:* UDP 195.252.98.x:389 *:* UDP 195.252.98.x:464 *:* UDP 195.252.98.x:500 *:* UDP 195.252.98.x:4500 *:* Ove konekcije su kopirane sada za post, inače ih je bilo mnogo više u trenutku kada sam sa njim razgovarao. Kaže, "Aaa, vama je probijena mreža, neko vam krade, morate da zatvorite portove, odlazne konekcije, dolazne konekcije" Dakle, da se vratim na početno pitanje: da li neko sada, na osnovu priloženog, može da mi da konkretniji odgovor na pitanje da li me ISP zajebava i potkrada? Drugo pitanje: ne radi mi pod winroutom https. Ne mogu da učitam u browser ni jednu secure stranicu? Zašto? Ništa nisam prčkao, sve police su po wizardu. Treće: kako da saznam koje su konekcije po kojim portovima outgoing, a koje incoming, odnosno imajući u vidu da ne želim da mi iko spolja pristupa mreži osim sa tačno određene adrese na tačno određeni port. Svi ostali (jesu li to incoming, ili outgoing konekcije) bi trebalo da poljube winroute. I četvrto, poslednje pitanje. Kako da dozvolim u winroutu konekciju spolja na tačno određenom portu, npr 13280. Molim, ako je moguće, za svaki savet da bude "for dummies": klik ovde, klik onde. |