Singnet Users: any intrusion attempts?
-
I had encountered the intrusion continously for a period of around two hours two days back. No problem faced today though.
-
u got ur firewall up?Originally posted by duotiga83:recently theres lots of attacks......get dc quite a lot of tmes already...... -
afew month ago got some mail that send to singnet server end up in my email a/c.
-
i on 2 of them still like that......Originally posted by casshern:u got ur firewall up? -
Don't use 2 firewalls, they'll neutralize each other.Originally posted by duotiga83:i on 2 of them still like that......
Just use the better one... -
http://hosted.ap.org/dynamic/stories/I/INTERNET_ATTACK?SITE=ASIAONE&SECTION=TECHNOLOGY&TEMPLATE=DEFAULT
websites such as channelnewsasia were affected for a brief period as well.. -
i'm wondering if it is due to the price war promotion that screwed things up.
supposed to fax in my application form for 3500 today but my printer no ink... -
it sets me thinking of those who get d/c regularly and having lags on online games have their firewall up.
cos if its not up most likely the traffic volume will be so great due to the uploading downloading of information on the victim's comp to the attacker's comp. this could lead to the lags and frequent d/c if me not wrong. -
Ok, I have been around checking their server for signs of attacks, but so far nothing has been detected. It seems like the server is not being attacked. Rather, the address might have been spoofed, making it look like Singnet users attacking each other. Not quite sure though, everything looks alright.Originally posted by casshern:This noon i got all these warnings from my Norton
Intrusion: MS ASN1 Interger Overflow TCP.
Intruder: 219.74.186.88 (181) <--- this address is variable
Risk Level: High.
Protocol: TCP
Attacked IP: ROOM (192.168.1.2) <<--- my room's comp addy
someone from Chit Chat also kena this thing. Using Singnet also...
there's supposed to be an update from windows for this but i installed liao no use. this keep popping up. I wonder if its on Singnet's side
Edit: casshern, you sure you are using Singnet? 192.168.x.x IP addresses belongs to Starhub users. Or you are affected by them as well? -
Looks like one of the ports is opened to attacks. Most likely the common ports that we use and Norton is using. It specifically targetted Symantec, your antivirus. And Yahoo! programs is the catalyst which it will launch the attack. If I am not wrong, it could be the work of script kiddies. They have downloaded some trojan horses off the net is attacking you, which obviously didn't work.Originally posted by browniebaobao:Erm.. i juz enabled TAMPER PROTECTION ALERT and sysmantec anti virus notification pops up.. with 14 results..
This is one of them..
SYMANTEC TAMPER PROTECTION ALERT
Target: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Event Info: Open Process
Action Taken: Blocked
Actor Process: C:\Program Files\Yahoo!\YPSR\ypsr.exe (PID 536)
Time: Friday, March 17, 2006 10:43:20 PM
What does this mean? -
2 completely different firewalls and antivirus are never meant to work together. Choose the one you trust and use.Originally posted by duotiga83:i on 2 of them still like that...... -
Price war probably screwed things up and caused the connections problems, but it will not cause intrusion attacks. And if competitors are using this trick to make Singnet go out of business, security people will discover it and they will be put out of business by the government. Either some professionals are doing this, or we got ourselves some semi-professionals, halfway in between script kiddies and professionals.Originally posted by casshern:i'm wondering if it is due to the price war promotion that screwed things up.
supposed to fax in my application form for 3500 today but my printer no ink... -
so what can i do? cannot delete right?Originally posted by ndmmxiaomayi:Looks like one of the ports is opened to attacks. Most likely the common ports that we use and Norton is using. It specifically targetted Symantec, your antivirus. And Yahoo! programs is the catalyst which it will launch the attack. If I am not wrong, it could be the work of script kiddies. They have downloaded some trojan horses off the net is attacking you, which obviously didn't work. -
Full details on MS ASN1
http://www.symantec.com/avcenter/attack_sigs/s20409.html
As for bbb, the reason why you are attacked via Yahoo! programs is because this attack makes use of a loophole in Yahoo! Messenger. If I didn't guess wrongly, you are using Yahoo! Messenger right? -
Do a scan for your computer first. If nothing is detected, then there should be nothing. As the attempt has been reported as being blocked, so nothing should be wrong.Originally posted by browniebaobao:so what can i do? cannot delete right? -
scanned.Originally posted by ndmmxiaomayi:Do a scan for your computer first. If nothing is detected, then there should be nothing. As the attempt has been reported as being blocked, so nothing should be wrong.
no prob.
thanks ant.
-
You are welcome.Originally posted by browniebaobao:scanned.
no prob.
thanks ant. 
-
ahahhhhaa i cant get wrong with which ISP i'm using. paying them like 65 bucks each month for 1.5mb/sOriginally posted by ndmmxiaomayi:Ok, I have been around checking their server for signs of attacks, but so far nothing has been detected. It seems like the server is not being attacked. Rather, the address might have been spoofed, making it look like Singnet users attacking each other. Not quite sure though, everything looks alright.
Edit: casshern, you sure you are using Singnet? 192.168.x.x IP addresses belongs to Starhub users. Or you are affected by them as well?
the 192.168 is actually my wireless internal address. my external ip address is 219.xx.xx.xx -
there's supposely an update from the symantec website. its actually a MS windows security update. but this update doesnt do the trick for me.Originally posted by ndmmxiaomayi:Full details on MS ASN1
http://www.symantec.com/avcenter/attack_sigs/s20409.html
As for bbb, the reason why you are attacked via Yahoo! programs is because this attack makes use of a loophole in Yahoo! Messenger. If I didn't guess wrongly, you are using Yahoo! Messenger right?
but seems like the intrusion attacks are getting lesser -
it would be interesting to see how SN react to this if it really happens. imagine the servers getting screwed by external. and if personal information really really leaks out, i wonder how things will turn out.Originally posted by ndmmxiaomayi:Price war probably screwed things up and caused the connections problems, but it will not cause intrusion attacks. And if competitors are using this trick to make Singnet go out of business, security people will discover it and they will be put out of business by the government. Either some professionals are doing this, or we got ourselves some semi-professionals, halfway in between script kiddies and professionals. -
No patches are perfect. But it seems to be getting lesser, so it should be good news. Have to monitor for a few more days to know better.Originally posted by casshern:there's supposely an update from the symantec website. its actually a MS windows security update. but this update doesnt do the trick for me.
but seems like the intrusion attacks are getting lesser -
Oh...Originally posted by casshern:ahahhhhaa i cant get wrong with which ISP i'm using. paying them like 65 bucks each month for 1.5mb/s
the 192.168 is actually my wireless internal address. my external ip address is 219.xx.xx.xx -
btw, nope, im not using yahoo messenger.
-
Hmm, Yahoo! programs...Originally posted by browniebaobao:btw, nope, im not using yahoo messenger.
Let me do some more research. -
wahh..... more den 24hrs and not solved yet