Some Advanced Issues!! port scanning, packet sniffing, some network security issues..can someone help?

[magiknipple]

Hello all,

well done on this board, I have been around for years but this is my first post believe it or not!

well here it goes

my questions are concerning internet access with a cable modem and some security issues

1. just installed my cable modem (really like it) and I do know that security is a real issue I have installed zone alarm for a firewall and it seems to be doing the job but it seems that people are pinging me and zone alarm will give these results : the firewall has blocked internet access to your computer TCP Port XXXX from (IP address)and give the time and so forth

what could be going on here?
-is someone trying to get info on my machine?
-is TWC keeping track of me?

How good of a job does zone alarm do? it states that with high security enabled my machine is "invisible" to the internet

2. lets say I have the IP address that is pinging me is there a utility that can tell me where the IP address is located, I heard that there is

3. first off I would like to state that I am not a hacker in the least bit but trying to understand in theory how this all works...lets say I have a port scanner and run it against that IP address and find some open ports where would I go from there to see if could obtain any data from that machine? myself and a buddy are testing out security issues on both our cable connections

4.where could I find any packet sniffing utils and how exacly do they work?

5. what would be better for a 3pc home network solution?
-just giving in and buying a router?
-configuring ICS on my 450mhz 128mb ram?
-Will running ICS or proxy on my machine really slow down network access or gaming performance

6. How can I use cute FTP on a cable to cable or dial up connection to transfer files accross the internet? or is there a better Utility (PC anywhere?)

7. Is there literature somewhere that can tell me what exactly all the ports on a PC access?

sorry for all the questions, I hope they can be answered by the gurus here to the best of their ability, they are very important to me.

Peace,
MN

 

[SufferinSuccotash]

1.& 2. Cable modem providers do port scans from time to time to see if you have any services running. Officially, they don't want any services run on your machine, but in my experience they don't care as long as you are not using too much bandwidth. It could also just as easily be someone scanning ports to look for vulnerabilities. Set up your firewall nice and tight and you shouldn't have to worry. If ZoneAlarm is any good, it will generate logs that tell which IP address is trying to access your computer. From there, you could do an nslookup to get the domain name, and then use whois to find out to whom the domain is registered.

3. Most hackers now are script kiddies that don't really know d!ck about cracking (I consider myself a hacker, but not one that cracks into other people's systems). Just make sure you keep up with the latest security updates from both Microsoft and the makers of any services you are running.

4. I'm not sure where to get a packet sniffer. Probably almost any "download" site will have one. Maybe try http://www.tucows.com. Basically all they do is capture packets off the network and let you dissect them to look for data. It can be a useful network troubleshooting tool, or it can be used to gain information by a malicious user.

5. Actually, from what I hear, these are all good solutions. I haven't personally used any of them (I use Linux as my firewall/router), but I've heard good things about them for the most part. I did hear from one friend of mine that ICS on Win98 slowed his connection down to a crawl, but he hasn't complained about it since and I think he still uses it. I'm thinking maybe he set something wrong or his connection was just bad that day. Perhaps you should get some more info about ICS from someone else, but it seems like both would be quick and (relatively) easy solutions.

6. I'm not exactly sure what you are asking. Could you reword a bit or give more info?

7. \Windows\services tells what ports are mapped with what service (ftp-data port 20, ftp port 21, ssh 22, etc). I think this is only a partial list, though. If you can get access to a Linux box and look at /etc/services, that will have most listed. I can tell you that there are 65,536 ports numbered 0-65,535. Ports 0 - 1023 are reserved for specific protocols (ie. 80 for http) and ports 1024-65,535 are open for any other use.

Hope this helps!

 

[Z_Amon]

Sufferin covered a lot, but I'll try to add a few other things.

Before you use a packet sniffer, please read up on it. Insecure.org, as well as Packet Storm and other sites are good places to start. Unless you're wanting to do basically illegal things, most people don't have a use for one outside their own computers. (the exceptions being legitimate admins in their own networks and such- sorry pet peeve area after dealing with some script kiddies who are college age).

If you port scan, that's just a start. Then you have to know the proper exploits to take advantage of any reasonably secure machine. However, many Windows machines and a lot of Linux/Unix machines aren't really that secure to start with. If you're really serious about security, get a listing of what ports are identified with what programs, and learn the common ones and reference the rest. That'll give you an idea of what you're looking at.

I myself regularly port scan my work machines and particularly any newly installed OS to see what's going on where. Sometimes things get default installed that I really don't want and have to remove, and it's what I believe is a good choice to do so. However, I do not scan machines I don't have permission to scan. At the college I attended port scans were sometimes considered illegal actions and threats would often follow.

To use Cute FTP (I use WS-FTP, but they're close enough), just connect to their IP address. You will need some sort of FTP server to be open though, so you'll need to find that. Look around. (Perhaps Cute includes an FTP server? I haven't messed with it in a long time).

As for port lists, look around. Most good security sites have them, and a lot of the Linux docs have them if you know where to look.

Z.