Hey everyone! Got a problem and I need some advice. I?m a college student and I use the colleges network for Internet access. Last week the college revoked my Internet privileges because of complaints of port scanning. They traced the IP (DHCP) to my MAC address and terminated my account. Now at this time I have not received any specific information like what sites complained and when the scans occurred, but I should be receiving this info soon. Now I did not run these port scans. The only port scan I have ever done was one of those online computer security sites that check your own machine for security holes and that was a year ago. According to Norton 2003 updated as of the week of my getting disconnected I have no viruses and a full scan of adaware reveled 30 some cookies (not the cause of port scanning obviously) and 1 instant of Xupiter and one of Alexia (or Alexis not exactly sure because I'm not at my computer). I am running Win 2K PRO with service pack 3 (last windows update ran sometime in January -- early February I believe) I don?t use file sharing programs or IRC. My machine is set to lock after 20 Min and I almost all the time lock it when I leave my desk. The college will not allow me back on the internet until I sign this letter that states that I admit to doing it and I wont do it again and if it does I will accept disciplinary action. I am not about to admit to something I did not do especially if I don?t know how to stop it the first time! So now I need some suggestions on what can I do to try and find what is doing these port scans on my machine? I intend to fight the accusations but I really need some possible suspects that could have done this. Any help would be appreciated! If you need any more information just ask!
Mysterious Port Scanning???
- Thread starter TheKub
- Start date
They should give you all the evidence against you. They should have to prove you guilty, not you proving your innocence. Let them on to your PC and see if they can even find a port scanner.
Personally, and no offense, I think this is BS. You, or someone you know did it using your computer, or the college's logs are very wrong.
1. A Spoofing portscanner would be rather pointless, since you'd never get any information BACK from the machine to see if the ports were open. Its only purpose would be to 'frame' someone, and even then, using the packet, I could tell you if it could have reasonably come from said machine or not, using packet TTL and tracert from your system. If it was within 1 hop or so, I'd say it's likely that it was from your network, if not from your machine. If not, I'd consider that it was from another system. Then again, you'd need to have the ear of a netadmin who has a clue about such things.
2. Portscanning isn't illegal, nor should it be an offense for which you would lose your access if it's a one-off.
I'd get ahold of the logs if I were you, and argue this if you really are innocent. I have a hard time believing that because most colleges/universities in my experience, don't do punitive things for a one-off unless there was some monetary damage.
1. A Spoofing portscanner would be rather pointless, since you'd never get any information BACK from the machine to see if the ports were open. Its only purpose would be to 'frame' someone, and even then, using the packet, I could tell you if it could have reasonably come from said machine or not, using packet TTL and tracert from your system. If it was within 1 hop or so, I'd say it's likely that it was from your network, if not from your machine. If not, I'd consider that it was from another system. Then again, you'd need to have the ear of a netadmin who has a clue about such things.
2. Portscanning isn't illegal, nor should it be an offense for which you would lose your access if it's a one-off.
I'd get ahold of the logs if I were you, and argue this if you really are innocent. I have a hard time believing that because most colleges/universities in my experience, don't do punitive things for a one-off unless there was some monetary damage.
Fallen Kell
Diamond Member
- Oct 9, 1999
- 6,207
- 537
- 126
I myself have been through this with a friend of mine. He was cut from the net at my college and accused of hacking other systems, which he did not do. Basically, you need to get in contact with your IT department and demand to have access to all outgoing and incomming traffic logs for that time frame with reguards to your computer. If they "do not have the logs" you have legitimate proof that they can't prove anything against you specifically. Mac and IP address can be faked VERY easily. Speak to your couselor, you should have some type of formal complaint system with reguards to defending yourself. You also may want to contact a laywer friend.
What we did in our case was show a capture of our own traffic and system logs from the computer itself. Now in this case, it was a linux box and it had been hacked (root passsword was compromised it appeared through a security hole in ftp server). All standard logs had been deleted on the system when we got control of the system back. But a non-standard log of processes running showed a connection into the server from an outside IP address connecting as root to the system. Now our student administration could have actually cared less that the computer was hacked, all they cared was that it was used to hack someone else and still persisted in repremanding my friend and placing the incident on his perminent record. I went to one of my professors that I knew, who was also the instructor of the "Computer Ethics" course. He was imensily helpful in the matter, taking the evidence that we had collected about who the real hacker was to the administration. He informed us that they were going to basically make an example out of this case, and could care less what we said. He then plopped down the paperwork and traces that we had on the dean's desk and said "Then they have one hell of a good lawsuit against the school." That is what finally got the administration to wake up and take their head out of their a$$es.
Like I said in your case, contact some of your professors who know you, especially if they are teach in the CS or IT departments. Speak to campus IT, get then to give you their "proof", both outgoing logs and incomming logs. Without BOTH they have no proof. Even with the logs, your system itself may have been compromised in another way (trojan, backdoor, compromised password). You need to make complete copies of your local log files for access and usage. You also really need to lookup your school disiplanary process and see what options you have. This is usually in your student handbook or online somewhere on your school website. Before signing anything that admits wrongdoing, speak to a lawyer. I am absolutly serious about this. Especially if you are in the tech field this could very well destroy many career paths before you even have your degree. Remember, they have to prove that you did it, not the other way around. If they force this on you without proving it, you have good grounds for a lawsuit against the school for harassment and defamation of character.
What we did in our case was show a capture of our own traffic and system logs from the computer itself. Now in this case, it was a linux box and it had been hacked (root passsword was compromised it appeared through a security hole in ftp server). All standard logs had been deleted on the system when we got control of the system back. But a non-standard log of processes running showed a connection into the server from an outside IP address connecting as root to the system. Now our student administration could have actually cared less that the computer was hacked, all they cared was that it was used to hack someone else and still persisted in repremanding my friend and placing the incident on his perminent record. I went to one of my professors that I knew, who was also the instructor of the "Computer Ethics" course. He was imensily helpful in the matter, taking the evidence that we had collected about who the real hacker was to the administration. He informed us that they were going to basically make an example out of this case, and could care less what we said. He then plopped down the paperwork and traces that we had on the dean's desk and said "Then they have one hell of a good lawsuit against the school." That is what finally got the administration to wake up and take their head out of their a$$es.
Like I said in your case, contact some of your professors who know you, especially if they are teach in the CS or IT departments. Speak to campus IT, get then to give you their "proof", both outgoing logs and incomming logs. Without BOTH they have no proof. Even with the logs, your system itself may have been compromised in another way (trojan, backdoor, compromised password). You need to make complete copies of your local log files for access and usage. You also really need to lookup your school disiplanary process and see what options you have. This is usually in your student handbook or online somewhere on your school website. Before signing anything that admits wrongdoing, speak to a lawyer. I am absolutly serious about this. Especially if you are in the tech field this could very well destroy many career paths before you even have your degree. Remember, they have to prove that you did it, not the other way around. If they force this on you without proving it, you have good grounds for a lawsuit against the school for harassment and defamation of character.
I am still waiting on the information from them, they told me that it would include the time of the offence and who filed the complaint (I will have to wait to see if this is true). I should note that nothing that this college does is very logical. Ethernet in the dorms is very new here, the first year they just put just 1 port in a room for 8 people (with a 5 port hub). Last year one of my roommates left Thursday night with his machine locked (Win2K locked AND locked in his bedroom which only him or RA?s could open) and we had the entire rooms internet turned off (unplugged our entire room) by Sunday because of similar accusations. My roommate didn?t even find out what happened until Monday night when he got back. In that case it turned out to be a piece of Spyware that didn?t like having ZoneAlarm in LockDown mode so it would send out floods of requests and try to get out which they saw was a hacking attempt. Mind you that with his parents stating that he was at home during those days it didn?t matter they wanted him to sign the same letter that they want me to sign. On a side note that he may have been successful in fighting the accusation if our entire room wasn?t in such a hurry for Internet back. We are in the new dorms that have jacks in each bedroom and they now have the ability to just turn off one person. If I am able to get the logs I will do so but I don?t have much faith in their willingness to give them out over it being a security risk in their eyes.
They have proven their inability to run a network and recently disconnected someone because their ?statically? assigned address was conflicting with something they had set up on the network. After many calls assuring them that it was a ?dynamic? address it went nowhere. No one from their office would come to verify the individuals setup. It finally took a picture of the ipconfig info with monitor and all for them to admit that they were wrong and fixed their Internet. SO to make sure that it didn?t happen again he released and renewed and got assigned X.X.X.255.
When I get more info I will post it here.
They have proven their inability to run a network and recently disconnected someone because their ?statically? assigned address was conflicting with something they had set up on the network. After many calls assuring them that it was a ?dynamic? address it went nowhere. No one from their office would come to verify the individuals setup. It finally took a picture of the ipconfig info with monitor and all for them to admit that they were wrong and fixed their Internet. SO to make sure that it didn?t happen again he released and renewed and got assigned X.X.X.255.
When I get more info I will post it here.
Fallen Kell
Diamond Member
- Oct 9, 1999
- 6,207
- 537
- 126
From the sounds of it, they have no clue what is really going on. I would DEFINITLY NOT SIGN ANYTHING. It may sound trivial, but this can and WILL affect you in the future. Even though this time might be a slap on the wrist, what happens next time they screw up and make another accusation. Then they will fall back on the fact that you already admitted doing this type of thing in the past, and your case will be 1000 times more difficult to prove.
Fallen Kell
Diamond Member
- Oct 9, 1999
- 6,207
- 537
- 126
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 22K
-
News NVIDIA and Intel to Develop AI Infrastructure and Personal Computing Products- Started by poke01
- Replies: 384
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
Facebook
Twitter