Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Jesam li zrtva ili nesto trece

[es] :: Zaštita :: Jesam li zrtva ili nesto trece

Strane: 1 2

[ Pregleda: 6739 | Odgovora: 24 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

zentriks

Član broj: 192824
Poruke: 665



+23 Profil

icon Jesam li zrtva ili nesto trece21.12.2013. u 18:47 - pre 124 meseci
Pozdrav svima. U zadnje vreme ni se desava nesto cudno sa ruterom. U pitanju je tp link td-w8901g i koristim PTT-net.
Problem je u tome sto ruter ili neko treci sa strane menja DNS servere u neke skroz leve koji nemaju vezu sa vezom. Takodje podesavanja u lan tabu u ruteru vezana za dns servere su promenjena. Juce je bio bas zeznuto jer su mi bili promenjeni serveri i jos pride iskljuceni lan portovi, i stalno am dobijao gresku UNDEFINED NETWORK.
Pojma nisam imao sta je dok nisam slucajno preko wifi proverio ruter.


A ovo je od sinoc



Jel zna neko sta se ovo dogadja?
 
Odgovor na temu

SlobaBgd

Član broj: 70350
Poruke: 2348



+5071 Profil

icon Re: Jesam li zrtva ili nesto trece21.12.2013. u 19:03 - pre 124 meseci
Nisi jedini sa tim problemom, pogledaj ovde: http://security.stackexchange....ns/46966/dsl-modem-compromised
 
Odgovor na temu

zentriks

Član broj: 192824
Poruke: 665



+23 Profil

icon Re: Jesam li zrtva ili nesto trece21.12.2013. u 19:40 - pre 124 meseci
Video sam ovo sinoc kad sam sredio ali i dalje ne znam kao to resiti da se ne desava i gde je uzrok? Malopre naletim na decka na jednom forumu koji je imao isti problem kao i ja[samo jos da potvrdim da li je isti provajder i vreme i serveri.] tako da nisam usamljen slucaj.
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.dynamic.isp.telekom.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Jesam li zrtva ili nesto trece22.12.2013. u 09:22 - pre 124 meseci
Preuzmi FRST - (Farbar Recovery Scan Tool) i sacuvaj ga na Desktop

Napomena: Potrebno je preuzeti onu verziju koja je kompatibilna sa tvojim sistemom.


[*]Dvoklikom pokreni FRST;
[*] Kada se alat startuje, klikni Yes na disclaimer.
[*]Klikni na dugme Scan;
[*]Alat ce kreirati izvestaj (FRST.txt) u isti direktorijum gde je i FRST.exe sacuvan.
[*] Iskopiraj sadrzaj tog loga u poruku.
[*]Alat bi takodje pri prvom pokretanju trebao da kreira i dodatni izvestaj (Addition.txt). Taj izvestaj okaci u poruku koristeci opciju "Prikaci file".

 
Odgovor na temu

zentriks

Član broj: 192824
Poruke: 665



+23 Profil

icon Re: Jesam li zrtva ili nesto trece22.12.2013. u 12:10 - pre 124 meseci
Evo log-a:
Citat:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2013 02
Ran by STORMBAY (administrator) on STORMBAY-PC on 22-12-2013 13:01:38
Running from C:\Users\STORMBAY\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files\gigabyte\RCService\RCService.exe
() C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerCinema\PCMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(SRWare) C:\Users\STORMBAY\Downloads\IronPortable\IronPortable\Iron\iron.exe
(SRWare) C:\Users\STORMBAY\Downloads\IronPortable\IronPortable\Iron\iron.exe
(SRWare) C:\Users\STORMBAY\Downloads\IronPortable\IronPortable\Iron\iron.exe
(SRWare) C:\Users\STORMBAY\Downloads\IronPortable\IronPortable\Iron\iron.exe
(REALiX) C:\Users\STORMBAY\Desktop\hardware info\HWiNFO32.exe
(AIMP DevTeam) C:\Program Files\AIMP2\AIMP2.exe
(SRWare) C:\Users\STORMBAY\Downloads\IronPortable\IronPortable\Iron\iron.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [PCMService] - C:\Program Files\CyberLink\PowerCinema\PCMService.exe [151552 2006-04-18] (CyberLink Corp.)
HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5110672 2013-09-12] (ESET)
HKCU\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
MountPoints2: {32ba2375-12ca-11e3-a3e8-001d602cad4c} - H:\Startme.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB00610CA7EA2CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\STORMBAY\AppData\Roaming\Mozilla\Firefox\Profiles\yrcrgv3m.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Extension: Ghostery - C:\Users\STORMBAY\AppData\Roaming\Mozilla\Firefox\Profiles\yrcrgv3m.default\Extensions\[email protected]
FF Extension: Adblock Plus - C:\Users\STORMBAY\AppData\Roaming\Mozilla\Firefox\Profiles\yrcrgv3m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe

========================== Services (Whitelisted) =================

R2 CLCapSvc; C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [266338 2006-04-18] ()
R2 CLSched; C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [118880 2006-04-18] ()
S2 CyberLink Media Library Service; C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe [1073152 2006-04-18] (Cyberlink)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1337752 2013-09-12] (ESET)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14650144 2013-10-18] (NVIDIA Corporation)
R2 RCService; C:\Program Files\gigabyte\RCService\RCService.exe [538624 2006-04-26] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)

==================== Drivers (Whitelisted) ====================

R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [1121536 2006-11-22] (Philips Semiconductors GmbH)
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.)
S3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [25728 2012-03-02] (Google Inc)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [37416 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [49240 2013-09-17] (ESET)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 HWiNFO32; C:\Users\STORMBAY\Desktop\hardware info\HWiNFO32.SYS [20088 2010-09-29] (REALiX(tm))
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [33568 2013-09-28] (NVIDIA Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [20040 2013-11-18] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-22 13:01 - 2013-12-22 13:02 - 00007916 _____ C:\Users\STORMBAY\Downloads\FRST.txt
2013-12-22 13:01 - 2013-12-22 13:01 - 00000000 ____D C:\FRST
2013-12-22 13:00 - 2013-12-22 13:01 - 01325858 _____ (Farbar) C:\Users\STORMBAY\Downloads\FRST.exe
2013-12-21 23:26 - 2013-12-21 23:29 - 09935622 _____ C:\Users\STORMBAY\Downloads\Sony Album 5.3.A.0.22.zip
2013-12-21 23:16 - 2013-12-22 00:01 - 357790059 _____ C:\Users\STORMBAY\Downloads\[Aroma]Honami MoonWalker HD V7 By Pandemic.zip
2013-12-21 22:28 - 2013-12-21 22:28 - 00690358 _____ C:\Users\STORMBAY\Downloads\extension_2_6_16.crx
2013-12-21 22:20 - 2013-12-21 22:23 - 23968710 _____ C:\Users\STORMBAY\Downloads\LGCameraApp.apk
2013-12-21 22:19 - 2013-12-21 22:19 - 00955669 _____ C:\Users\STORMBAY\Downloads\PurePerformances™X_Uninstaller.zip
2013-12-21 22:16 - 2013-12-21 22:17 - 01791796 _____ C:\Users\STORMBAY\Downloads\PurePerformances™X_Stock.1.4 (1)(7).zip
2013-12-21 22:09 - 2013-12-21 22:09 - 00000000 ____D C:\Users\STORMBAY\Downloads\IronPortable
2013-12-21 22:07 - 2013-12-21 22:10 - 32026585 _____ C:\Users\STORMBAY\Downloads\amazingwalls.zip
2013-12-21 21:31 - 2013-12-21 21:39 - 44318541 _____ C:\Users\STORMBAY\Downloads\IronPortable.zip
2013-12-21 19:10 - 2013-12-21 19:10 - 00015322 _____ C:\Users\STORMBAY\Downloads\Nikita - 04x05 - Bubble HDTV XviD SR.rar
2013-12-21 19:10 - 2013-12-21 12:30 - 00037822 _____ C:\Users\STORMBAY\Desktop\Nikita.S04E05.HDTV.XviD-FUM.srt
2013-12-21 18:59 - 2013-12-21 18:59 - 00000000 ____D C:\Users\STORMBAY\Desktop\God Mode.{ED7BA470-8E54-465E-825C-99712043E01C}
2013-12-21 18:46 - 2013-12-21 18:46 - 00000000 ____D C:\ProgramData\ESET
2013-12-21 18:46 - 2013-12-21 18:46 - 00000000 ____D C:\Program Files\ESET
2013-12-21 17:36 - 2013-12-21 17:45 - 73101312 _____ C:\Users\STORMBAY\Downloads\ess_nt32_srl.msi
2013-12-20 20:55 - 2013-12-20 20:55 - 00001784 _____ C:\Windows\PFRO.log
2013-12-19 21:54 - 2010-11-28 09:39 - 00076003 _____ C:\Users\STORMBAY\Desktop\Home Alone 3.srt
2013-12-19 21:53 - 2013-12-19 21:53 - 00029756 _____ C:\Users\STORMBAY\Downloads\7d0f1235ba8f3994d3197c76f1ec58254b92c279.zip
2013-12-19 21:52 - 2013-12-19 21:52 - 00030851 _____ C:\Users\STORMBAY\Downloads\2802-HomeAlone3_SR.zip
2013-12-19 21:52 - 2003-02-20 15:21 - 00076290 _____ C:\Users\STORMBAY\Desktop\Film-Srp.Sub
2013-12-19 21:49 - 2013-12-19 21:49 - 00029045 _____ C:\Users\STORMBAY\Downloads\42823-home.alone.3.1997.internal.dvdrip.xvid-ils.zip
2013-12-19 21:49 - 2013-11-05 18:40 - 00073289 _____ C:\Users\STORMBAY\Desktop\ils.home.alone.3.1997.internal.dvdrip.xvid.srt
2013-12-19 19:44 - 2013-12-19 19:44 - 00012251 _____ C:\Users\STORMBAY\Downloads\174726-aqosninja.shadow.of.a.tear.2013.hdrip.xvid.zip
2013-12-19 19:44 - 2013-12-18 21:38 - 00027520 _____ C:\Users\STORMBAY\Desktop\aqos-ninja.shadow.of.a.tear.2013.hdrip.xvid.srt
2013-12-19 19:32 - 2013-12-19 21:04 - 925892608 _____ C:\Users\STORMBAY\Downloads\ubuntu-13.10-desktop-amd64.iso
2013-12-19 18:42 - 2013-12-19 18:42 - 00000000 ____D C:\Users\STORMBAY\Documents\My Games
2013-12-19 18:42 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2013-12-19 18:42 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-12-19 18:42 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-12-19 18:42 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-12-19 18:42 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-12-19 18:42 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-12-19 18:41 - 2013-12-19 18:42 - 00044440 _____ C:\Windows\DirectX.log
2013-12-19 18:41 - 2013-12-19 18:41 - 00001314 _____ C:\Users\Public\Desktop\Crysis SP Demo.lnk
2013-12-19 18:34 - 2013-12-19 18:34 - 00000000 ____D C:\Program Files\Electronic Arts
2013-12-19 18:30 - 2013-12-19 18:30 - 00000000 __SHD C:\Windows\ftpcache
2013-12-18 20:07 - 2013-12-18 20:09 - 00074608 _____ C:\Users\STORMBAY\Desktop\Home Alone 2 Lost in New York.srt
2013-12-17 11:48 - 2013-12-22 12:50 - 00000840 _____ C:\Windows\setupact.log
2013-12-17 11:48 - 2013-12-17 11:48 - 00000000 _____ C:\Windows\setuperr.log
2013-12-15 21:36 - 2013-12-15 21:37 - 00068139 _____ C:\Users\STORMBAY\Desktop\Home Alone.srt
2013-12-15 17:02 - 2013-12-15 17:03 - 00000000 ____D C:\Program Files\Nightly
2013-12-15 14:04 - 2013-12-15 14:07 - 00000000 ____D C:\Users\STORMBAY\AppData\Roaming\Crystal Player
2013-12-15 14:04 - 2013-12-15 14:04 - 00001000 _____ C:\Users\Public\Desktop\Crystal Player.lnk
2013-12-15 14:04 - 2013-12-15 14:04 - 00000000 ____D C:\Program Files\Crystal Player
2013-12-05 19:09 - 2013-12-05 19:09 - 00000000 ____D C:\ProgramData\McAfee
2013-12-04 12:40 - 2013-12-04 12:40 - 00001275 _____ C:\Users\STORMBAY\Desktop\FoxitReaderPortable - Shortcut.lnk
2013-11-28 16:50 - 2013-11-28 16:50 - 00001279 _____ C:\Users\STORMBAY\Desktop\SkypePortable - Shortcut.lnk
2013-11-28 15:49 - 2013-11-28 15:49 - 00000000 ____D C:\Program Files\Rockstar Games
2013-11-26 17:54 - 2013-11-26 17:54 - 00000000 ____D C:\Windows\Sun
2013-11-26 17:54 - 2013-11-26 17:54 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2013-11-26 17:54 - 2013-11-26 17:54 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-11-26 17:33 - 2013-11-26 17:33 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-26 17:33 - 2013-11-26 17:33 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-26 17:33 - 2013-11-26 17:33 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-26 17:33 - 2013-11-26 17:33 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-26 17:33 - 2013-11-26 17:33 - 00000000 ____D C:\ProgramData\Sun
2013-11-26 17:33 - 2013-11-26 17:33 - 00000000 ____D C:\Program Files\Java
2013-11-26 17:33 - 2013-11-26 17:33 - 00000000 ____D C:\Program Files\Common Files\Java

==================== One Month Modified Files and Folders =======

2013-12-22 13:02 - 2013-12-22 13:01 - 00007916 _____ C:\Users\STORMBAY\Downloads\FRST.txt
2013-12-22 13:01 - 2013-12-22 13:01 - 00000000 ____D C:\FRST
2013-12-22 13:01 - 2013-12-22 13:00 - 01325858 _____ (Farbar) C:\Users\STORMBAY\Downloads\FRST.exe
2013-12-22 13:00 - 2013-08-09 10:44 - 00000000 ____D C:\Users\STORMBAY\AppData\Roaming\AIMP
2013-12-22 12:50 - 2013-12-17 11:48 - 00000840 _____ C:\Windows\setupact.log
2013-12-22 00:01 - 2013-12-21 23:16 - 357790059 _____ C:\Users\STORMBAY\Downloads\[Aroma]Honami MoonWalker HD V7 By Pandemic.zip
2013-12-21 23:29 - 2013-12-21 23:26 - 09935622 _____ C:\Users\STORMBAY\Downloads\Sony Album 5.3.A.0.22.zip
2013-12-21 22:28 - 2013-12-21 22:28 - 00690358 _____ C:\Users\STORMBAY\Downloads\extension_2_6_16.crx
2013-12-21 22:23 - 2013-12-21 22:20 - 23968710 _____ C:\Users\STORMBAY\Downloads\LGCameraApp.apk
2013-12-21 22:19 - 2013-12-21 22:19 - 00955669 _____ C:\Users\STORMBAY\Downloads\PurePerformances™X_Uninstaller.zip
2013-12-21 22:17 - 2013-12-21 22:16 - 01791796 _____ C:\Users\STORMBAY\Downloads\PurePerformances™X_Stock.1.4 (1)(7).zip
2013-12-21 22:10 - 2013-12-21 22:07 - 32026585 _____ C:\Users\STORMBAY\Downloads\amazingwalls.zip
2013-12-21 22:09 - 2013-12-21 22:09 - 00000000 ____D C:\Users\STORMBAY\Downloads\IronPortable
2013-12-21 21:39 - 2013-12-21 21:31 - 44318541 _____ C:\Users\STORMBAY\Downloads\IronPortable.zip
2013-12-21 19:50 - 2013-08-09 19:00 - 01740072 _____ C:\Windows\WindowsUpdate.log
2013-12-21 19:10 - 2013-12-21 19:10 - 00015322 _____ C:\Users\STORMBAY\Downloads\Nikita - 04x05 - Bubble HDTV XviD SR.rar
2013-12-21 19:01 - 2013-08-09 10:42 - 00062728 _____ C:\Users\STORMBAY\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-21 18:59 - 2013-12-21 18:59 - 00000000 ____D C:\Users\STORMBAY\Desktop\God Mode.{ED7BA470-8E54-465E-825C-99712043E01C}
2013-12-21 18:59 - 2013-09-10 12:51 - 00000000 ____D C:\Program Files\Opera
2013-12-21 18:57 - 2013-08-09 10:17 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-21 18:57 - 2009-07-14 05:34 - 00020000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-21 18:57 - 2009-07-14 05:34 - 00020000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-21 18:51 - 2013-11-21 14:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-21 18:51 - 2013-08-09 11:17 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-21 18:51 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-21 18:51 - 2009-07-14 05:33 - 00282608 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-21 18:49 - 2013-10-01 18:48 - 00000000 ____D C:\Program Files\PeerBlock
2013-12-21 18:46 - 2013-12-21 18:46 - 00000000 ____D C:\ProgramData\ESET
2013-12-21 18:46 - 2013-12-21 18:46 - 00000000 ____D C:\Program Files\ESET
2013-12-21 18:40 - 2013-08-09 11:44 - 00000000 ____D C:\Users\STORMBAY\AppData\Roaming\uTorrent
2013-12-21 17:45 - 2013-12-21 17:36 - 73101312 _____ C:\Users\STORMBAY\Downloads\ess_nt32_srl.msi
2013-12-21 17:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2013-12-21 12:30 - 2013-12-21 19:10 - 00037822 _____ C:\Users\STORMBAY\Desktop\Nikita.S04E05.HDTV.XviD-FUM.srt
2013-12-20 20:55 - 2013-12-20 20:55 - 00001784 _____ C:\Windows\PFRO.log
2013-12-19 21:53 - 2013-12-19 21:53 - 00029756 _____ C:\Users\STORMBAY\Downloads\7d0f1235ba8f3994d3197c76f1ec58254b92c279.zip
2013-12-19 21:52 - 2013-12-19 21:52 - 00030851 _____ C:\Users\STORMBAY\Downloads\2802-HomeAlone3_SR.zip
2013-12-19 21:49 - 2013-12-19 21:49 - 00029045 _____ C:\Users\STORMBAY\Downloads\42823-home.alone.3.1997.internal.dvdrip.xvid-ils.zip
2013-12-19 21:04 - 2013-12-19 19:32 - 925892608 _____ C:\Users\STORMBAY\Downloads\ubuntu-13.10-desktop-amd64.iso
2013-12-19 19:44 - 2013-12-19 19:44 - 00012251 _____ C:\Users\STORMBAY\Downloads\174726-aqosninja.shadow.of.a.tear.2013.hdrip.xvid.zip
2013-12-19 18:42 - 2013-12-19 18:42 - 00000000 ____D C:\Users\STORMBAY\Documents\My Games
2013-12-19 18:42 - 2013-12-19 18:41 - 00044440 _____ C:\Windows\DirectX.log
2013-12-19 18:41 - 2013-12-19 18:41 - 00001314 _____ C:\Users\Public\Desktop\Crysis SP Demo.lnk
2013-12-19 18:34 - 2013-12-19 18:34 - 00000000 ____D C:\Program Files\Electronic Arts
2013-12-19 18:30 - 2013-12-19 18:30 - 00000000 __SHD C:\Windows\ftpcache
2013-12-18 21:38 - 2013-12-19 19:44 - 00027520 _____ C:\Users\STORMBAY\Desktop\aqos-ninja.shadow.of.a.tear.2013.hdrip.xvid.srt
2013-12-18 20:09 - 2013-12-18 20:07 - 00074608 _____ C:\Users\STORMBAY\Desktop\Home Alone 2 Lost in New York.srt
2013-12-18 18:35 - 2013-11-13 12:44 - 00000000 ____D C:\Program Files\Counter-Strike Source
2013-12-17 21:51 - 2013-08-12 16:43 - 00000000 ____D C:\Users\STORMBAY\AppData\Roaming\Media Player Classic
2013-12-17 11:48 - 2013-12-17 11:48 - 00000000 _____ C:\Windows\setuperr.log
2013-12-15 21:37 - 2013-12-15 21:36 - 00068139 _____ C:\Users\STORMBAY\Desktop\Home Alone.srt
2013-12-15 17:03 - 2013-12-15 17:02 - 00000000 ____D C:\Program Files\Nightly
2013-12-15 14:07 - 2013-12-15 14:04 - 00000000 ____D C:\Users\STORMBAY\AppData\Roaming\Crystal Player
2013-12-15 14:04 - 2013-12-15 14:04 - 00001000 _____ C:\Users\Public\Desktop\Crystal Player.lnk
2013-12-15 14:04 - 2013-12-15 14:04 - 00000000 ____D C:\Program Files\Crystal Player
2013-12-15 14:01 - 2013-08-13 13:30 - 00000000 ____D C:\Users\STORMBAY\AppData\Roaming\AIMP3
2013-12-15 14:01 - 2013-08-09 19:57 - 00000000 ____D C:\Windows\Panther
2013-12-14 17:06 - 2013-11-03 17:57 - 00000000 ____D C:\Games
2013-12-10 14:14 - 2009-07-14 08:48 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-05 19:52 - 2013-09-19 19:14 - 00000000 ____D C:\Users\STORMBAY\AppData\Local\Adobe
2013-12-05 19:09 - 2013-12-05 19:09 - 00000000 ____D C:\ProgramData\McAfee
2013-12-05 19:09 - 2013-08-09 12:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-05 19:09 - 2013-08-09 12:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-04 12:40 - 2013-12-04 12:40 - 00001275 _____ C:\Users\STORMBAY\Desktop\FoxitReaderPortable - Shortcut.lnk
2013-11-28 16:50 - 2013-11-28 16:50 - 00001279 _____ C:\Users\STORMBAY\Desktop\SkypePortable - Shortcut.lnk
2013-11-28 15:50 - 2013-09-18 19:21 - 00000000 ____D C:\Users\STORMBAY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-11-28 15:49 - 2013-11-28 15:49 - 00000000 ____D C:\Program Files\Rockstar Games
2013-11-27 13:08 - 2013-10-01 18:48 - 00001891 _____ C:\Users\STORMBAY\Desktop\PeerBlock.lnk
2013-11-26 19:53 - 2013-08-25 18:28 - 00000031 _____ C:\ProgramData\droidcam-settings
2013-11-26 17:54 - 2013-11-26 17:54 - 00000000 ____D C:\Windows\Sun
2013-11-26 17:54 - 2013-11-26 17:54 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2013-11-26 17:54 - 2013-11-26 17:54 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-11-26 17:33 - 2013-11-26 17:33 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-26 17:33 - 2013-11-26 17:33 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-26 17:33 - 2013-11-26 17:33 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-26 17:33 - 2013-11-26 17:33 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-26 17:33 - 2013-11-26 17:33 - 00000000 ____D C:\ProgramData\Sun
2013-11-26 17:33 - 2013-11-26 17:33 - 00000000 ____D C:\Program Files\Java
2013-11-26 17:33 - 2013-11-26 17:33 - 00000000 ____D C:\Program Files\Common Files\Java

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-21 20:09

==================== End Of Log ============================



Prikačeni fajlovi
 
Odgovor na temu

sdurut
Mašinski šloser

Član broj: 76787
Poruke: 673



+66 Profil

icon Re: Jesam li zrtva ili nesto trece22.12.2013. u 12:18 - pre 124 meseci
Situacija je sledeća. Iz adresnog opsega vidim da koristiš PTT ADSL internet. U opsegu adresa 82.208.233.1 - 254 ima 83 rutera TP-Link TD-W8901G kojima je otvoren port 80 za http pristup spolja i kojma je user: admin i pass: admin
Za probu sam prišao na nekoliko rutera i svaki je otključan. Tako da sad može ko hoće da ti menja parametre na ruteru.

Za početak promeni pass i idi u meni Advanced Setup opcija firewall imas opciju SPI: i čekiraj Enabled, a onda klikni na SAVE.

U atachmentu imaš print screen kad sam pristupio nasumično nekom od rutera.
Prikačeni fajlovi
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.dynamic.isp.telekom.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Jesam li zrtva ili nesto trece22.12.2013. u 13:00 - pre 124 meseci
Uradi takodje i ovo:

Preuzmi fix iz attacmenta i postavi ga na isto mesto gde je i FRST (vidim da je u Downloads)

Pokreni FRST i klikni Fix.





Preuzmi na desktop [B]zoek.zip[/B]

zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) ;
dvoklikom pokreni zoek.exe;

U beli okvir prozora iskopiraj sledeci tekst:



Code:



emptyalltemp;
autoclean;
emptyclsid;
netsh int ip reset >> %temp%\log.txt;b
ipconfig /flushdns >> %temp%\log.txt;b




Klikni na dugme [B]Run Script[/B] i pricekaj da se skeniranje završi.

Zoek ce na kraju rada otvoriti [B]Notepad[/B] sa izvestajem.


Iskopiraj sadrzaj izvestaja




edit.
Moraces da kopiras ovo u Notepad pod nazivom Fixlist.





Prikačeni fajlovi
 
Odgovor na temu

zentriks

Član broj: 192824
Poruke: 665



+23 Profil

icon Re: Jesam li zrtva ili nesto trece22.12.2013. u 15:17 - pre 124 meseci
Uradio sam fix, zatim ukljucio spi i promenio sifru na ruteru[posle resetovanja zaboravio promeniti]. Zanimam me kako si pronasao to da je otvoreno toliko rutera? sad sam probao moju ip i neverovatno je kako sam bio nemaran.

Evo i log iz ovog programcica:

Citat:
Zoek.exe v5.0.0.0 Updated 21-December-2013
Tool run by STORMBAY on Sun 12/22/2013 at 15:34:11.47.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\STORMBAY\Downloads\zoek\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12/22/2013 3:34:54 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================

Reseting Global, OK!
Reseting Interface, OK!
Reseting Route, OK!
Restart the computer to complete this action.


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

==== Deleting Files \ Folders ======================

C:\Users\STORMBAY\.android deleted
C:\Program Files\Common Files\DVDVideoSoft\bin deleted
C:\Users\STORMBAY\AppData\Roaming\coreavc.ini deleted
C:\Users\STORMBAY\AppData\Roaming\Network Monitor II_Traffic.ini deleted
C:\ProgramData\Package Cache deleted
C:\Users\STORMBAY\AppData\Roaming\Mozilla\Firefox\Profiles\yrcrgv3m.default\extensions\[email protected] deleted
C:\Users\STORMBAY\AppData\Roaming\Mozilla\Firefox\Profiles\yrcrgv3m.default\jetpack deleted
"C:\ProgramData\droidcam-settings" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\STORMBAY\AppData\Roaming\Mozilla\Firefox\Profiles\yrcrgv3m.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\STORMBAY\AppData\Roaming\Mozilla\Firefox\Profiles\yrcrgv3m.default
EE8D96E7899D12FC3AA5DB2034C0853C - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll - Shockwave Flash
6768C724599214E4F9ADD9F8FF5097EB - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U45
F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.450.18
4C1D3BBCF6CA8B5C7427B9AD608D5DBA - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision
C4113EDE22EF006F679EC17618578D61 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={...c=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q...ex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Keyboard Inf. deleted successfully

==== Empty IE Cache ======================

C:\Users\STORMBAY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\STORMBAY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\STORMBAY\AppData\Local\Mozilla\Firefox\Profiles\yrcrgv3m.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\STORMBAY\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\STORMBAY\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sun 12/22/2013 at 15:52:46.55 ======================

 
Odgovor na temu

sdurut
Mašinski šloser

Član broj: 76787
Poruke: 673



+66 Profil

icon Re: Jesam li zrtva ili nesto trece22.12.2013. u 19:10 - pre 124 meseci
Alat za skeniranje portova NMAP. Ovde je samo deo spiska. Opseg adresa iz koga dolazis vidi se ES postu.

Code:
nmap -v -sT -p 80 82.208.233.0/24

Nmap scan report for 82.208.233.250
Host is up (0.034s latency).
PORT   STATE SERVICE
80/tcp open  http

Nmap scan report for 82.208.233.251
Host is up (0.035s latency).
PORT   STATE SERVICE
80/tcp open  http

Nmap scan report for 82.208.233.252
Host is up (0.022s latency).
PORT   STATE SERVICE
80/tcp open  http

Nmap scan report for 82.208.233.254
Host is up (0.028s latency).
PORT   STATE SERVICE
80/tcp open  http

Read data files from: /usr/bin/../share/nmap
Nmap done: 256 IP addresses (83 hosts up) scanned in 13.20 seconds
           Raw packets sent: 1485 (55.632KB) | Rcvd: 97 (3.734KB)
 
Odgovor na temu

zentriks

Član broj: 192824
Poruke: 665



+23 Profil

icon Re: Jesam li zrtva ili nesto trece22.12.2013. u 19:44 - pre 124 meseci
Ovo je bio neki masivni "napad" malo sam se igrao sa mojom ip adersom i smesno kako sam ostavio otvoren ruter. Nije ni cudo sto su mi menjani DNS serveri. A vidim da je i lik kojeg si posetio isto ima DNS kao i ja cudo da nije primetio nista.
 
Odgovor na temu

sdurut
Mašinski šloser

Član broj: 76787
Poruke: 673



+66 Profil

icon Re: Jesam li zrtva ili nesto trece22.12.2013. u 19:51 - pre 124 meseci
Na svim ruterima koje sam skenirao otvoren je i port 69 UDP za TFTP. Preko TFTP-a može da se uplouduje html strana na ruter koja hakeru omogućava da ti upadne na ruter i bez pasword-a. Imaš na netu dosta o tome.
 
Odgovor na temu

zentriks

Član broj: 192824
Poruke: 665



+23 Profil

icon Re: Jesam li zrtva ili nesto trece22.12.2013. u 19:58 - pre 124 meseci
Hoce li praviti problem torentima to sto je ukljucen SPI na ruteru?
 
Odgovor na temu

Aleksandar Đokić

Član broj: 13478
Poruke: 4793
*.dynamic.isp.telekom.rs.



+638 Profil

icon Re: Jesam li zrtva ili nesto trece22.12.2013. u 20:44 - pre 124 meseci
Ne tj. imaces problema sa seed-ovanjem, ali ne sa download-om. SPI (statefull) firewall ne dozvoljava uspostavljanje konekcije "spolja", vec samo saobracaj sa adresa sa kojima je vec uspostavljena veza "iznutra".
 
Odgovor na temu

code797

Član broj: 230640
Poruke: 79
77.46.175.*



+3 Profil

icon Re: Jesam li zrtva ili nesto trece23.12.2013. u 00:49 - pre 124 meseci
Pa ja sam mislio da firewall po default-u blokira sve dolazne veze inicirane spolja, evo ja bez problema pingujem moj ruter od spolja. Sta onda blokira firewall kada se podesi na enable?



I ako podesim SPI na enable kakve cu posledice imati, mislim na pristup mom ruteru od strane ISP-a?
Prikačeni fajlovi
 
Odgovor na temu

Mile-Lile
Beograd

Član broj: 269936
Poruke: 1176
*.ptt.rs.



+79 Profil

icon Re: Jesam li zrtva ili nesto trece23.12.2013. u 07:52 - pre 124 meseci
@code797
Možeš sa Gibsonom da proveriš koji su ti portovi otvoreni "spolja". Preko opcije "All common port" ti skenira prvih 1024 portova i izbaci izveštaj... https://www.grc.com/x/ne.dll?bh0bkyd2

Ovo sa DNS-om se odavno radi. Preusmere se korisnici na određeni DNS. Na DNS-u se postave reklame (što popupovi što onaj deo što se umeće u zaglavlje pretraživača) koje kada žrtva klikne donose novac napadaču. Što više klikova više para... ne bi trebalo da bude veće štete za korisnike.
kod mene je SPI pod "must do"... nisam imao problema sa torrentima, niti sa jednim servisom. Malo bolji firewallovi kao što su iptables lepo to rešavaju sa TARPIT (La Brea) targetom koji prihvate inicijalnu konekciju i zadrže je 20-ak minuta što napadača mnogo uspori.
 
Odgovor na temu

zentriks

Član broj: 192824
Poruke: 665



+23 Profil

icon Re: Jesam li zrtva ili nesto trece23.12.2013. u 20:01 - pre 124 meseci
Ko ce ga znati sad moras biti strucnjak za mreze da bi se zastitio od najosnovnijh pretnji. Ja np zaboravio da promenim sifru kad sam resetovo ruter. A koliko ima nas takvih sto na ptt ili telekomu ili veratu. A danas imas alata kojima veoma lako mozes da kompromitujes tudji racunar veoma lako. Strasno jbt...
 
Odgovor na temu

Aleksandar Đokić

Član broj: 13478
Poruke: 4793
*.dynamic.isp.telekom.rs.



+638 Profil

icon Re: Jesam li zrtva ili nesto trece23.12.2013. u 21:04 - pre 124 meseci
Upravo tako, a onda stavi ip racunara u DMZ a Win busan ko sito, jos 445 uglavnom otvoren i tu npr. ms08-067 (da je jedini) prolazi kako hoces.
 
Odgovor na temu

code797

Član broj: 230640
Poruke: 79
*.dynamic.isp.telekom.rs.



+3 Profil

icon Re: Jesam li zrtva ili nesto trece25.12.2013. u 00:54 - pre 124 meseci
Citat:
Mile-Lile: @code797
Možeš sa Gibsonom da proveriš koji su ti portovi otvoreni "spolja". Preko opcije "All common port" ti skenira prvih 1024 portova i izbaci izveštaj... https://www.grc.com/x/ne.dll?bh0bkyd2


Evo skenirao:

Firewall: disable, SPI: disable
Code:
Results from scan of ports: 0-1055

    0 Ports Open
 1023 Ports Closed
   33 Ports Stealth
---------------------
 1056 Ports Tested

TruStealth: FAILED - NOT all tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - A PING REPLY (ICMP Echo) WAS RECEIVED.


Firewall: enable, SPI: disable
Code:
Results from scan of ports: 0-1055

    0 Ports Open
    3 Ports Closed
 1053 Ports Stealth
---------------------
 1056 Ports Tested

TruStealth: FAILED - NOT all tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - A PING REPLY (ICMP Echo) WAS RECEIVED.


Firewall: enable, SPI: enable
Code:
Results from scan of ports: 0-1055

    0 Ports Open
    3 Ports Closed
 1053 Ports Stealth
---------------------
 1056 Ports Tested

TruStealth: FAILED - NOT all tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - NO Ping reply (ICMP Echo) was received.
 
Odgovor na temu

Mile-Lile
Beograd

Član broj: 269936
Poruke: 1176
*.ptt.rs.



+79 Profil

icon Re: Jesam li zrtva ili nesto trece25.12.2013. u 08:47 - pre 124 meseci
code797 pošto vidim da postuješ sa Telekoma tu je druga priča. Bilo bi dobro da neko sa PTTnet postuje probu sa Gibsona...
telekom, korisnicima daje Huawei rutere koji verovali ili ne uopšte nisu loši. Možda su kratki sa opcijama ali što se tiče mrežne zaštite u samom su vrhu.
Čak imaju i BusyBox.
pošto su bazirani na linux-u imaju tri vrste zaštite.
1)NAT
2)SPI
3)iptables
iptables je napredni firewall koji ima nekoliko mogućnosti hendlovanja dolaznih paketa.
nmap pošalje paket(SYN) na određeni port da vidi da li je otvoren. Ako je u firewallu pravilo ACCEPT nmap će dobiti odgovor da može da pošalje (ACK) pakete da se uspostavi konekcija...
Ako je pravilo REJECT šalje se povratni ICMP koji potvrđuje da je host nedostupan... (to je ovo što je kod tebe pisalo u prvom primeru "1023 Ports Closed")
Ako je pravilo DROP paket se odbacuje bez odgovora. Ovo dovodi do outdate-ovanja nmapa ako se šalje puno paketa na isti port a napadač misli da ne postoji niko na toj IP jer se paketi ne varćaju... (to je kod tebe "33 Ports Stealth").... Gibsonov test ti je ispisao "failed" jer port scan attacker ipak može da zaključi da na toj IP adresi postoji neko jer ima zatvorenih portova... može3 da zaključi ali ne znači da može i da ti naudi, tako da ne brini zbog gibsona. Kod ovih korisnika PTTnet bi bilo otvorenih portova, a to je već potencijalni rizik... Meni je otvoren samo SSH i 1723 (pptp) ali o tove već brine "dropbear" i 128bit hash...

razlika između SPI i iptables je što SPI može da propušta paket po paket i može da prati odakle dolaze konekcije... SPI malo usporava internet (latencija se povećava nekoliko milisekundi što nekad može da bude problem kada je zagušenje a neko koristi VOIP ili online gameing i bitna mu je latencija)...
Mislim da bi PTTnet trebalo da se pozabavi ovom problematikom i da malo više brine o svojim korisnicima. Korisnicima mogu da pristupaju sa lokalnih adresa (tipa a klase 10.x.x.x) ako je baš potrebna intervencija a ne da ih izlažu bespotrebim rizicima sa otvorenim portovima na WAN interfejsu... kod Telekoma je barem tako rešeno. Dobija se jedna javna IP adresa i jedna iz privatnog opsega...
 
Odgovor na temu

code797

Član broj: 230640
Poruke: 79
*.dynamic.isp.telekom.rs.



+3 Profil

icon Re: Jesam li zrtva ili nesto trece25.12.2013. u 12:52 - pre 124 meseci
Vracam podesavanja kao sto je po default-u, Firewall: Enable, SPI: Disable. Negde sam procitao da Huawei HG530 ima sasvim solidan hardverski firewall pa nema potrebe instalirati i softverski firewall na kompjuteru.
 
Odgovor na temu

[es] :: Zaštita :: Jesam li zrtva ili nesto trece

Strane: 1 2

[ Pregleda: 6739 | Odgovora: 24 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.