On TechRepublic: Why Linux will triumph over Windows
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 43 of 43:
« Previous
I knew about this months ago
Because my machine has been hacked in precisely this way!
Not only my machine but the bios on my router has been hacked in this way. In fact this is how they got in in the first place.
They used a drive by technique to get dns to point to another site. Any downloads were then payloaded with whatever they wanted - bios updates to motherboard, router, graphics cards - indeed any device that has firmware that is updateable is now suspect. Who has done this - I cannot say for sure but it seems to be sourced from Korea/China/Taiwan... All these countries seem to be playing 'games' with each other and using the hardware that we purchased for their DDOS madness. Remember where most hardware is sourced these days - jeez how do we know that 'all' hardware sourced from such regions has not been backdoored. In short we don't.

Welcome to the era of cheap asian hardware - but god you will pay a price...

here is some of my router logs (ignore the time as i have disabled internet time on the router)

trace where the port knock probes come from:
Jan 1 02:12:45 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT= MAC= SRC=222.121.31.67 DST=220.237.239.120 LEN=40 TOS=0x00 PREC=0x00 TTL=102 ID=256 PROTO=TCP SPT=6000 DPT=6588 WINDOW=16384 RES=0x00 SYN URGP=0
Jan 1 02:21:37 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT= MAC= SRC=220.230.143.151 DST=220.237.239.120 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=14295 DF PROTO=TCP SPT=1233 DPT=1433 WINDOW=64240 RES=0x00 SYN URGP=0
Jan 1 02:21:40 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT= MAC= SRC=220.230.143.151 DST=220.237.239.120 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=14712 DF PROTO=TCP SPT=1233 DPT=1433 WINDOW=64240 RES=0x00 SYN URGP=0
Jan 1 02:32:32 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT= MAC= SRC=220.139.130.4 DST=220.237.239.120 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=15101 DF PROTO=TCP SPT=37483 DPT=5900 WINDOW=64240 RES=0x00 SYN URGP=0
Jan 1 02:32:35 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT= MAC= SRC=220.139.130.4 DST=220.237.239.120 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=15206 DF PROTO=TCP SPT=37483 DPT=5900 WINDOW=64240 RES=0x00 SYN URGP=0
Jan 1 02:35:41 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT= MAC= SRC=221.2.234.180 DST=220.237.239.120 LEN=40 TOS=0x00 PREC=0x00 TTL=101 ID=256 PROTO=TCP SPT=6000 DPT=8080 WINDOW=16384 RES=0x00 SYN URGP=0
Jan 1 02:41:43 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT= MAC= SRC=220.202.186.69 DST=220.237.239.120 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=24141 DF PROTO=TCP SPT=1860 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0


china korea taiwan

they are playing games with us!!!

ps: i will pay big money to track down and imprison these sob's as well as big money for *safe* hardware

the whole internet has been ruined by these mongrels, and by the lazy profit driven programing habits of microsoft and co.
Posted by: walkerjian@...   Posted on: 03/30/07 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Scanning peripheral memory  John L. Ries | 02/28/07
Heasmas is a big help for the BAD guys!!  johnydii | 02/28/07
Bad Guys Already Know  pj_mouse | 02/28/07
The bad guys hate Haesman because he's warning...  Boomslang | 02/28/07
Scanning peripherial memory?  mtien888@... | 02/28/07
HEY LOOK!  Linux User 147560 | 02/28/07
It can, and does happen  DJnRF | 02/28/07
Re: It can, and does happen.  DJnRF | 02/28/07
Ummmmmm...  jjarman | 02/28/07
Ummmmm  DJnRF | 02/28/07
So, let me get this straight, you got a virus from a CD?  Scrat | 03/01/07
So, let me get this straight  DJnRF | 03/01/07
sorry to hear about your problems...  jjarman | 03/02/07
My ignorance showing?  archetuthus | 02/28/07
My corrective post.  DJnRF | 02/28/07
I realy cant See what all the fuss is about  rick200565@... | 02/28/07
pc='personal' computer  inertman@... | 02/28/07
Sometimes being  DarbyOhara | 02/28/07
Naive, Foolish, or Games?  DataArchitect | 02/28/07
Who says this problem is only for invasion of personal data?  DJnRF | 02/28/07
LLF impossible for 20 years now  r_widell | 02/28/07
LLF impossible for 20 years now  DJnRF | 03/01/07
no it is not  bluescreen_z | 03/03/07
LLF can't be done by drive itself  wolf_z | 03/30/07
LLF impossible for 20 years now  r_widell | 04/08/07
Senseless RANT!  DarbyOhara | 02/28/07
Most of us have EEPROM tools  CodeCurmudgeon | 03/01/07
RE: I realy cant See what all the fuss is about  texan46 | 03/01/07
Still not seeing an answer  gretel111 | 02/28/07
Ok Here... EPROM 101  DarbyOhara | 02/28/07
What an insulting moron...  BigThunder1 | 03/03/07
Hi Gretel...  BigThunder1 | 03/03/07
I heard of Viruses infecting firmware  Zolar | 02/28/07
CMOS memory scare, anyone?  Martin.Taylor@... | 03/01/07
Although a remote attack would take MANY steps to achieve...  Scrat | 03/01/07
Routers  Kungfoofighterx | 03/01/07
So that's what it is...  rmcguire@... | 03/01/07
it happened with AGP ATI Radeon 9800PRO AIW card & W9x  peter.michalakis@... | 03/02/07
IMHO... As per usual,...  BigThunder1 | 03/03/07
Just wanted to say...  wolf_z | 03/30/07
Kudos, BigThunder -- This is Serious, and...  Jeff Hayes | 04/01/07
Any and All Threatening software  spacepioneer | 03/06/07
I knew about this months ago  walkerjian@... | 03/30/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Meet Doc

  • Here to help you with your Document Management Needs
  • Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
  • To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
  • Produced by
    ZDNet and