I used Hack tracer 2 find that my isp has been hacking into my computer. as a result, whenever i visit a site and they dont like the contents, they block it off to all of its members. I now Use Norton Personal Firewall and want 2 know if i am safe now and if not how can i?

No firewall will prevent your ISP from tracking where you go if it wants to. What you need is not a firewall but a proxy. A proxy is simply another person's computer that you hook into first, and surf from there. Then all your ISP sees is the IP of that computer, not where you go!

If you're surfing websites you want to put a proxy in your browser that has port 80 or 8080 open. If you're surfing newsgroups you want a SOCKS proxy, port 1080 open, in your newsreader. For newgroups (Usenet) never use your ISP's. Subscribe to an independent news provider to bypass your ISP.

Here's a good site for all types of proxies:

http://tools.rosinstrument.com/proxy/

Hope that helped.

Would you care to name this censoring ISP?

I had an ISP that tried hard to hack my PC:

1] Running port scans from IPs in ISP's netblock.
2] When that didn't work he tried running port scans from ISP DNS IPs thinking he could get thru my firewall and/or I wouldn't notice scan packets. That didn't work either.
3] Then he "accidentally" emailed me virus. That didn't work also.

I dumped the bastard and got another ISP. I'm not going to pay anyone to hack/track/censor me.

I suggest you:

1] Get a good firewall that will block outbound traffic (trojans) from your PC. Personally I prefer ZoneAlarm Pro. GRC firewall scoreboard:

http://grc.com/lt/scoreboard.htm

If this link doesn't work, try later. Steve has been getting DDoS attacks.

2] Get good anti-virus prog and keep virus database up to date. Kaspersky AVP is probably the best. I use Grisoft AVG because I like interface and am careful what I do.

3] Get a good packet sniffer and learn how to use it.

http://www.tamos.com/products/commview/

That's the only way you'll know what's going in and out of your computer. Launch your firewall first, then sniffer. That way sniffer is outside firewall and will display/log hits (attacks/probes/etc.).

Packet sniffers are intimidating for newbies but is worth learning. Besides, everyone was once a newbie.

4] Dump that crappy ISP and get a new one.

By johnny:
No firewall will prevent your ISP from tracking where you go if it wants to. What you need is not a firewall but a proxy. A proxy is simply another person's computer that you hook into first, and surf from there. Then all your ISP sees is the IP of that computer, not where you go!
IMHO one must connect to proxy through ISP. ISP has access to all packets and can reconstruct Web pages. Therefore, it is impossible to prevent ISP tracking unless all proxy traffic is encrypted. Maybe SafeWeb?

HELLO THERE,

ii have nt used hack tracer and has no idea how it detects attack.

i still feel sharon is still vulnerable because if any one use anonymous port scan or ftp bounce or similar methods it would be difficult to determine if any port scan has been done on ur comp.

to prevent attacks its advisable to close all ur unused open ports.
how to do that i dont know,i hope some expertise in this group will help u.
good luck sharon.
i will try yo find get u a little more details,but i have to go now.

DATA if u need 2 close open ports just
close the program opening them
if u use say WS_ftp it would open port
21 or the one u set it should open
but in my opinion u should get a good firewall because its one big mess if u manege it alone .

Nirvman

[i]Originally posted by Blacksheep
IMHO one must connect to proxy through ISP. ISP has access to all packets and can reconstruct Web pages. Therefore, it is impossible to prevent ISP tracking unless all proxy traffic is encrypted. Maybe SafeWeb?
[/B]

I'm not sure about that. Say you do a traceroute (tracert) from your computer to another IP address. Your real (ISP) IP doesn't show in any of the hops but your proxy does. That would seem to mean that your ISP is cut out of the loop, as far as detection goes, because it's not involved in the packet processing. All packet activity is passing through the proxy, not your ISP. For all anyone can tell your computing begins at the proxy machine, not yours.

If this is wrong let me hear about it.

[Edited by johnny on 06-25-2001 at 12:54 PM]

HI again,

i think this is an exemption to what jhonny said.
our college is behind a class c proxy server.
however when i send emails frm behind the proxy,i tried sending a mail to myself.

i then went through the e-mail header and found that it was the ip address of the computer which was assigned to the college by our isp was displayed in the header and not the proxies ip address.
our proxy is not an anonymous proxy either.
so yes the isp ip addy is involved even when u sent through proxy.

hi,

some of other port scans which may not be easily detected are stealth port scanners,sys and fin attacks(half opening of ports),sending ip fragments and ftp bounce.

normal port scanners just scan the port,no data is sent through the port.
since the port was scanned for and no data was transmitted through it the server an error will be issued and the attempt logged.

some firewalls even help detect sys attacks,so do as black sheep says.get a firewall .then get sleath port scanners and a port scan detection tool.
run them on ur system and find out if attacks r logged by ur detection programme.why let a hacker hack u first?
when u can analyse the whole thing urself.

thanx to nirvman and every one else for the update

By johnny:
I'm not sure about that. Say you do a traceroute (tracert) from your computer to another IP address. Your real (ISP) IP doesn't show in any of the hops but your proxy does. That would seem to mean that your ISP is cut out of the loop, as far as detection goes, because it's not involved in the packet processing. All packet activity is passing through the proxy, not your ISP. For all anyone can tell your computing begins at the proxy machine, not yours.

I believe you're thinking of it from the remote host side; tracking by IPs. Think of it like this: Your ISP is your portal to the Internet. They connect you to the Internet. All your traffic flows through the ISP's servers. They can monitor all your packets regardless of IPs. The only way to prevent ISP tracking you is: Use a SSL tunneling proxy (https) or possibly an anonymizer service. This will give the ISP only the proxy's IP and the ISP can't read your packets to determine what Web sites you visit because they are encrypted.

Thanks DATA,

By DATA:
firewalls/port scan
hi,

some of other port scans which may not be easily detected are stealth port scanners,sys and fin attacks(half opening of ports),sending ip fragments and ftp bounce.
In ZA Pro firewall I can block all fragments. Maybe I should select this option?

Hack tracer is a program that scans all ur ports for any possible hack threats. Wow while im writing this, my isp is trying hard 2 hack in. But now blackice defender seems 2 b doing the job. the isp tried lots of different ports from different computers. the isp name is etisalat. i live in the united arab emirates(but im not arab). they try hacking from something like:
cwd209.emirates.net.ae
nwa422.emirates.net.ae,etc
sometimes they try it from
alshamil.net.ae which is their dsl service. a friend told me they shoved a virus into his computer and he had 2 format. he doesnt use antivirus software cuz hes a dumbass. i used some link above and got this info about it.

Network Information
Name
EMIRNET-EMIRNET
Network Range
213.42.192.0 - 213.42.206.255
Owner
Emirates Internet, Public Internet Service Provider
Location
Emirates Telecommunication Corporation, P O Box 1150, Dubai, UAE
Contact Information
Abdulla Hashim, hashim@emirates.net.ae, +971 4 2948222, +971 4 2948300, Mahir El Fadil, mahir@emirates.net.ae, +971 2 2084300, Saleem Mohd Albalooshi, +971 2 2084610, Sultan Al Shamsi, sultan@uaenic.ae, +971 4 2948222, +971 4 2948300

im trying to provide all the details i can cuz they see if i go 2 any porno site, wank over it and finally block it off to all users! they even block of anonymous surfing sites like surfola.com and everythin cuz we can access the blocked sites from here. i tried all those free proxy servers but it doesnt work. unfortunately i cant dump this isp cuz it is the only one in the country(!)
btw hack tracer seems to be damajed cuz it keeps hanging whenever i restart the comp. i tried reinstalling but no use.i remember it saying it had bloccked some inbound or somethin but hey, im just a newbie so forgive me for not being able to provide more info. so, anyway i can get through?

hi sharon,

u seem stuck with 1 isp in uae.sorry to hear that.
will accepting mails also look out for the annakournikova virus,its a jpeg file with vb code hidden it.so see that u never open an email attachment of this file thinking that it is a jpg file and will cause no harm.

the internet rules are pretty strict in uae.
see what it bill is passed in uae?
get as many ppl to know about these attacks.
the internet was never meant to be any bodys rite...the govt..has no rite to take it in on us because of a few ppl who ruin everything for us.
the inter net should have been a self regulated body were the ppl themselves are able to take care of it.
the growth of the internet itself is the result of freedom of expression and thought and doing so will only hamper its growth.The rite to ur privacy to access using anonymous is an individual rite.what i feel is that ur isp got a new admin who thinks he is a technical buff and try and regulate every thing what he thinks is rite because he has the power to do so since he is {admin) of ur isp.
we will let u know if we find something u can do about it. :)

thanx guyz, i appreciate that. im not afraid to post on the forum blacksheep.
I dont give a f_ck what those dicks in etisalat think they can do. frankly these arabs are big fucks and i think they r 2 dumb to run an isp. half of the uae does know aout these hack attacks. i use norton antivirus but i dont think it can protect me from everything. i am extremely careful about attatchments and norton does warn me when i open files in vbs. they sent me the mtx trojan but i got rid of that from the registry and by using tds3. is it against the international law or somethin? cuz i could f_ck them by filing a complaint. i guess they r more strict cuz they r muslims. if u were caught for doing something wrong i n saudi arabia, u would definitely have some part of ur body cut off. im still puzzled why none of those free public proxies dont work for me.

for some reason, they havent been able to block completely http://www.surfola.com. when i try to login it blocks the first time but if i hit back and try again it works. any idea why(apart from those arabs being dimwits)

Well Sharon, I see you're not bashful after all. :)

By Sharon:
im still puzzled why none of those free public proxies dont work for me.
Does your ISP require you to surf through a proxy like SA?

By Sharon:
for some reason, they havent been able to block completely http://www.surfola.com. when i try to login it blocks the first time but if i hit back and try again it works. any idea why(apart from those arabs being dimwits)

Have you tried SafeWeb?

https://www.safeweb.com/

TriangleBoy?

https://fugu.safeweb.com/webpage/tboy1.php3

Sharon the best way out of this endless
mess is like Blacksheep said is Safeweb
but i think they charge money
any way i think the isp won't leave u alone so if u look back in the forum it
was advised in a simular case 2 actualy
dail 2 another county :)
again if u got the cash
btw isn't Sharon an Israly name ?

no i dont have cash. Sharon is an israeli name only if u pronounce it shah-rown and not if u pronounce it shah-run. safeweb cant take me to the blocked sites. triangleboy is only for linux and windows 2000. ive got win98 SE. This shit keeps coming wen i go to a blocked site:
http://proxy.emirates.net.ae

is there any way 2 figure out how this shit works and work a way around it?
i got commview, i dont see anything unusual. hey what else can u expect from a newbie? what am i supposed to look out for? they have somehow got through my norton personal firewall but blackice is doin a good job. how do i upload the log file?

You don't need cash to use SafeWeb. I don't like SafeWeb because scripting is required but you may need SafeWeb's SSL connection.

You do not need to download TriangleBoy to use it. The download is only for those who want to host a TB router to help people like you. Just go to a TriangleBoy URL. Read the docs.

Does UAE require surfing thru a proxy like SA? If you have MSIE5x go to Tools-Internet options-Connections-Settings... Is Use a proxy checked? You could email me and I could determine if you're coming from a UAE server or anon mailer. If you are a UAE agent, naturally you'd use an anon mailer like faq, from SA, when he was asking similar questions. :)

Norton personal firewall? Bloatware.

Blackice Defender? Not a real firewall.

Do you have a UAE trojan in your machine? You can determine this by using CommView sniffer or ZA Pro firewall.

P.S.
I'll post a note here for the "smart guy" Arab Internet censor who may be reading these posts. The problem for you "smart guy" is finding all those TriangleBoy URLs. Soon there will be other methods to defeat Internet censorship.

[Edited by Blacksheep on 07-18-2001 at 11:49 PM]

Hello Blacksheep I know this post is a litle of topic here but I wanna know it any way .
here goes what do the people acting as servers in the "TriangleBoy" get for
there blind devotion ?

I dunno for sure nirvman. I think it's mostly unpaid volunteers who donate some of their PC idle time resources because they hate censorship and love a free and unrestricted Internet. I would run a TriangleBoy if my PC would handle it. The problem with TriangleBoy is getting the URLs to the censored people who need it without the censors obtaining the TB URLs, otherwise, the censors will block all TB IPs they can find like they blocked SafeWeb. So, all the TriangleBoy URLs cannot be posted on Internet.

i use commview but i dont see anything suspicious. moreover safeweb is blocked whatever site i try to go to. If u go to the norton site and do some sort of checkup it says u r tootally safe. i dont really believe in this bullshit. I downloaded zonealarm pro but it doesnt find anything suspicious either. i do get frequent messages :
Zonealarm has blocked internet access to ur computer.
As for Blackice i think its pretty good. its been tracking and blocking those asswipes. Ill mention a few:
nwa818.emirates.net.ae
nwa858.emirates.net.ae
tad505.emirates.net.ae
nde288.emirates.net.ae
venus.ebc.co.ae
and so on. ok ill send u mail.
in fact ill do it rite now...

Not all of those hits may be coming from your ISP. If you're now using CommView and ZoneAlarm Pro do this: Set up CV and ZAP to launch manually. When you first boot your PC launch ZAP first, then launch CV. CV will then be outside of ZAP firewall and will capture hit packets. Look at the packets In & Out columns in the CV IP Statistics window. If you get a blocked attempted connect (hit) from a new IP there will be a number of packets in the In column, and 0 in the Out column. If you have SmartWhois, right click on line for automatic lookup. If you get a hit from an IP already with Out packets, ZAP will flag it. With ZAP you can block your attackers IPs, netblocks, or entire domains. You can also block ad server netblocks like my favorite, Doubleclick. If you've got a trojan that tries to phone home or you install a new version of an existing prog, ZAP will pop a flag and say "so and so is requesting permission to use Internet? yes/no/remember answer."

I think this is pretty suspicious. happened when i tried to go to http://www.warezgalaxy.net. another on comes later:




0x0000 44 45 53 54 00 00 20 53-52 43 00 00 08 00 45 00 DEST.. SRC....E.
0x0010 02 40 30 E7 40 00 3D 06-E6 C1 C2 AA A8 ED D5 2A .@0ç@.=.æÁª¨íÕ*
0x0020 E3 4C 1F 90 08 B2 84 39-57 8C 00 C6 70 9C 50 10 ãL.�.²„9WŒ.ÆpœP.
0x0030 21 80 1C B6 00 00 48 54-54 50 2F 31 2E 30 20 33 !€.¶..HTTP/1.0 3
0x0040 30 32 20 43 61 63 68 65-20 44 65 74 65 63 74 65 02 Cache Detecte
0x0050 64 20 45 72 72 6F 72 0D-0A 43 6F 6E 74 65 6E 74 d Error..Content
0x0060 2D 54 79 70 65 3A 20 74-65 78 74 2F 68 74 6D 6C -Type: text/html
0x0070 0D 0A 43 6F 6E 74 65 6E-74 2D 4C 65 6E 67 74 68 ..Content-Length
0x0080 3A 20 35 38 32 0D 0A 44-61 74 65 3A 20 53 75 6E : 582..Date: Sun
0x0090 2C 20 30 31 20 4A 75 6C-20 32 30 30 31 20 31 35 , 01 Jul 2001 15
0x00A0 3A 35 32 3A 30 34 20 47-4D 54 0D 0A 45 78 70 69 :52:04 GMT..Expi
0x00B0 72 65 73 3A 20 53 75 6E-2C 20 30 31 20 4A 75 6C res: Sun, 01 Jul
0x00C0 20 32 30 30 31 20 31 35-3A 35 32 3A 30 34 20 47 2001 15:52:04 G
0x00D0 4D 54 0D 0A 4C 61 73 74-2D 4D 6F 64 69 66 69 65 MT..Last-Modifie
0x00E0 64 3A 20 53 75 6E 2C 20-30 31 20 4A 75 6C 20 32 d: Sun, 01 Jul 2
0x00F0 30 30 31 20 31 35 3A 35-32 3A 30 34 20 47 4D 54 001 15:52:04 GMT
0x0100 0D 0A 4C 6F 63 61 74 69-6F 6E 3A 20 68 74 74 70 ..Location: http
0x0110 3A 2F 2F 70 72 6F 78 79-2E 65 6D 69 72 61 74 65 ://proxy.emirate
0x0120 73 2E 6E 65 74 2E 61 65-0D 0A 0D 0A 3C 48 54 4D s.net.ae....<HTM
0x0130 4C 3E 0A 3C 48 45 41 44-3E 3C 54 49 54 4C 45 3E L>.<HEAD><TITLE>
0x0140 45 52 52 4F 52 3A 20 54-68 65 20 72 65 71 75 65 ERROR: The reque
0x0150 73 74 65 64 20 55 52 4C-20 63 6F 75 6C 64 20 6E sted URL could n
0x0160 6F 74 20 62 65 20 72 65-74 72 69 65 76 65 64 3C ot be retrieved<
0x0170 2F 54 49 54 4C 45 3E 3C-2F 48 45 41 44 3E 0A 3C /TITLE></HEAD>.<
0x0180 4D 45 54 41 20 63 68 61-72 73 65 74 3D 49 53 4F META charset=ISO
0x0190 2D 38 38 35 39 2D 31 3E-0A 3C 42 4F 44 59 20 42 -8859-1>.<BODY B
0x01A0 47 43 4F 4C 4F 52 3D 23-46 46 46 46 46 46 20 54 GCOLOR=#FFFFFF T
0x01B0 45 58 54 3D 23 30 30 30-30 30 30 3E 0A 3C 48 32 EXT=#000000>.<H2
0x01C0 3E 45 52 52 4F 52 3A 20-54 68 65 20 72 65 71 75 >ERROR: The requ
0x01D0 65 73 74 65 64 20 55 52-4C 20 63 6F 75 6C 64 20 ested URL could
0x01E0 6E 6F 74 20 62 65 20 72-65 74 72 69 65 76 65 64 not be retrieved
0x01F0 3C 2F 48 32 3E 0A 3C 48-52 3E 0A 3C 50 3E 0A 57 </H2>.<HR>.<P>.W
0x0200 68 69 6C 65 20 74 72 79-69 6E 67 20 74 6F 20 72 hile trying to r
0x0210 65 74 72 69 65 76 65 20-74 68 65 20 55 52 4C 3A etrieve the URL:
0x0220 0A 3C 41 20 48 52 45 46-3D 22 68 74 74 70 3A 2F .<A HREF="http:/
0x0230 2F 77 77 77 2E 77 61 72-65 7A 67 61 6C 61 78 79 /www.warezgalaxy
0x0240 2E 6E 65 74 2F 22 3E 68-74 74 70 3A 2F 2F .net/">http://


next:
0x0000 44 45 53 54 00 00 20 53-52 43 00 00 08 00 45 00 DEST.. SRC....E.
0x0010 01 4C 4D 38 40 00 3D 06-CB 64 C2 AA A8 ED D5 2A .LM8@.=.Ëdª¨íÕ*
0x0020 E3 4C 1F 90 08 B2 84 39-59 A4 00 C6 70 9C 50 19 ãL.�.²„9Y¤.ÆpœP.
0x0030 21 80 1D AB 00 00 77 77-77 2E 77 61 72 65 7A 67 !€.«..www.warezg
0x0040 61 6C 61 78 79 2E 6E 65-74 2F 3C 2F 41 3E 0A 3C alaxy.net/</A>.<
0x0050 50 3E 0A 54 68 65 20 66-6F 6C 6C 6F 77 69 6E 67 P>.The following
0x0060 20 65 72 72 6F 72 20 77-61 73 20 65 6E 63 6F 75 error was encou
0x0070 6E 74 65 72 65 64 3A 0A-3C 55 4C 3E 0A 3C 4C 49 ntered:.<UL>.<LI
0x0080 3E 3C 53 54 52 4F 4E 47-3E 45 52 52 4F 52 20 32 ><STRONG>ERROR 2
0x0090 31 30 20 2D 2D 20 53 6D-61 72 74 46 69 6C 74 65 10 -- SmartFilte
0x00A0 72 20 64 65 6E 69 65 64-20 61 63 63 65 73 73 20 r denied access
0x00B0 74 6F 20 74 68 65 20 55-52 4C 2E 3C 2F 53 54 52 to the URL.</STR
0x00C0 4F 4E 47 3E 0A 3C 2F 55-4C 3E 0A 3C 50 3E 54 68 ONG>.</UL>.<P>Th
0x00D0 69 73 20 6D 65 61 6E 73-20 74 68 61 74 3A 0A 3C is means that:.<
0x00E0 50 3E 0A 3C 54 54 3E 0A-20 20 20 20 54 68 65 20 P>.<TT>. The
0x00F0 55 52 4C 20 62 65 6C 6F-6E 67 73 20 74 6F 20 61 URL belongs to a
0x0100 20 67 72 6F 75 70 20 6F-66 20 55 52 4C 73 20 74 group of URLs t
0x0110 68 61 74 20 69 73 20 6E-6F 74 20 61 6C 6C 6F 77 hat is not allow
0x0120 65 64 2E 0A 3C 2F 54 54-3E 0A 3C 50 3E 20 3C 48 ed..</TT>.<P> <H
0x0130 52 3E 0A 3C 21 2D 2D 20-4E 65 74 43 41 63 48 65 R>.<!-- NetCAcHe
0x0140 45 72 72 4F 52 20 2D 2D-3E 0A 3C 2F 42 4F 44 59 ErrOR -->.</BODY
0x0150 3E 3C 2F 48 54 4D 4C 3E-0A 0A ></HTML>..

A hacking, censoring isp? Egad, the bounder should be caned!

Originally posted by DATA
hi,

some of other port scans which may not be easily detected are stealth port scanners,sys and fin attacks(half opening of ports),sending ip fragments and ftp bounce.

normal port scanners just scan the port,no data is sent through the port.
since the port was scanned for and no data was transmitted through it the server an error will be issued and the attempt logged.

some firewalls even help detect sys attacks,so do as black sheep says.get a firewall .then get sleath port scanners and a port scan detection tool.
run them on ur system and find out if attacks r logged by ur detection programme.why let a hacker hack u first?
when u can analyse the whole thing urself.

thanx to nirvman and every one else for the update

sorry, made a mistake

Try www.access-it-now.com

Originally posted by johnny
No firewall will prevent your ISP from tracking where you go if it wants to. What you need is not a firewall but a proxy. A proxy is simply another person's computer that you hook into first, and surf from there. Then all your ISP sees is the IP of that computer, not where you go!

If you're surfing websites you want to put a proxy in your browser that has port 80 or 8080 open. If you're surfing newsgroups you want a SOCKS proxy, port 1080 open, in your newsreader. For newgroups (Usenet) never use your ISP's. Subscribe to an independent news provider to bypass your ISP.

Here's a good site for all types of proxies:

http://tools.rosinstrument.com/proxy/

Hope that helped.

Hack tracer is a program that scans all ur ports for any possible hack threats. Wow while im writing this, my isp is trying hard 2 hack in. But now blackice defender seems 2 b doing the job. the isp tried lots of different ports from different computers. the isp name is etisalat. i live in the united arab emirates(but im not arab). they try hacking from something like:
cwd209.emirates.net.ae
nwa422.emirates.net.ae,etc
sometimes they try it from
alshamil.net.ae which is their dsl service. a friend told me they shoved a virus into his computer and he had 2 format. he doesnt use antivirus software cuz hes a dumbass. i used some link above and got this info about it.

Network Information
Name
EMIRNET-EMIRNET
Network Range
213.42.192.0 - 213.42.206.255
Owner
Emirates Internet, Public Internet Service Provider
Location
Emirates Telecommunication Corporation, P O Box 1150, Dubai, UAE
Contact Information
Abdulla Hashim, hashim@emirates.net.ae, +971 4 2948222, +971 4 2948300, Mahir El Fadil, mahir@emirates.net.ae, +971 2 2084300, Saleem Mohd Albalooshi, +971 2 2084610, Sultan Al Shamsi, sultan@uaenic.ae, +971 4 2948222, +971 4 2948300

im trying to provide all the details i can cuz they see if i go 2 any porno site, wank over it and finally block it off to all users! they even block of anonymous surfing sites like surfola.com and everythin cuz we can access the blocked sites from here. i tried all those free proxy servers but it doesnt work. unfortunately i cant dump this isp cuz it is the only one in the country(!)
btw hack tracer seems to be damajed cuz it keeps hanging whenever i restart the comp. i tried reinstalling but no use.i remember it saying it had bloccked some inbound or somethin but hey, im just a newbie so forgive me for not being able to provide more info. so, anyway i can get through? pls help me to open block sites in uae my email is karime_alikarime@yahoo.com