[fubr]

It will take me some time to put together a file but for starters all who are freaking out over this shit start by doing this.
go into your advanced firewall settings and set the frirewall to ask permission for any program to access the web.
update spybot, adware spyblaster,
do NOT sign on as adminstrator on your NT machines,
create a limited account that will not let any changes be made to your machine unless you are signed on with admin priviliges.

USE a proxy server, Slows you down but will help masking your ISP and IP.
Disable ALL clients, protocols and services under your networkconnection that is HOT to the internet.
Internal networks only need the client and file and printer sharing shit ALL you need to get on line is TCP/IP. Thats for broadband espeasically

go to administrator tools and diable evrything except what you need to get on line.
If you have a dynamic IP (changes evrytime you get online) then disconnect frequently.

If you have a static ip then by all means USE a proxy server.

evry hit (incoming and out going) do a trace with your firewall and take notice to the destinations and ip's. do a whois and there will be a report abuse address.
this way people who have compramised machines will be notified of their problem by thier ISP and steps can be taken to fix there machine, Most of them probily never heard of DSSFTP or have a sattellitte receiver, they are just inocent internet browsers.
active ports to be used to see what ports are open so you can close them or the app....
hijack this is to be used to see what programs have hijacked you machine,NOT ALL HIJACKINGS ARE BAD IF YOU DO NOT UNDERSTAND THE PROGRAM CREATE A LOG FILE AND PASTE IT HERE.
I will tell you wich ones to disable.

If you are using dail up connection then set your modem to always dail when connection is not present and then get off line and open some programs to see if the connection box pops up. if it does then you have a program wanting to "call home"
you can pm me the hijack report if you want to keep it out of public view.
it will also generate a start up list to show you what all is loading at start up.
for now I would suggest removing all start up apps except the ones needed to operate and cut them on as needed.
3 places to look.
msconfig>start up.
admin tools>services> set to manual any services you dont need.
right click start>click on programs and select start up. delete all the shortcuts in that folder.

this is sketchy guys but it will help a little for more security.
anything you are not sure of set firewall to BLOCK!!!
if you find you need it then unblock later.

FUCK these assholes!!!!!!!


Use firefox if you got it.
here is a program that will tell you all open ports and what proggy is opening them. I seen one LIGHT up with 30 ports once and we got a call the next day from the ISP telling us we were spamming. We did not even have email on that machine.

[Ohms]

Great info Fubr and I'm really glad you posted it.

The links from your post are not working right now, but I found both applications on download.com and I really like the aports app. Very revealing.

I wanted to add to your info from a public server perspective. I C&Ped this text from a post I had on the 2 day forum. I hope this informaiton proves helpful to someone.


************************************************** ***************

I love coming to this site almost every night and reading and learning. It has been horrible having it hacked into temporary non-existence. I can only hope that Mili has called upon some top security professionals to help him prevent this from happening again.

High profile sites require powerful defense. Layered security is desirable because it's much harder to run a gauntlet than it is to just break down a door. Multiple firewalls create different zones with different security levels to create the gauntlet. Public facing servers should not contain data, but instead talk to other servers deeper within the protected zones. Intrusion Detection/Prevention is required at multiple points within the network.

This type of security can help to prevent a DDOS from crashing the server. The front end web server can be protected by IDS/IPS shunning, firing on multiple embryonic connections from a single source, blocking the attacker for a pre determined time period.

Then we have the other problem of the DDOS overwhelming the pipe. This is more difficult to mitigate, and pretty much impossible if all you host on is a T1 line. It’s VERY difficult to consume all the bandwidth on DS3 and faster pipes, but it can be done. Most decent ISPs consider these types of high bandwidth customers a top priority, and will usually (when pushed) assist in controlling the flooding by filtering within their network. DRDOS attacks actually use the routers to do the attacking. Properly secured routers will prevent this too.

Much of network security is philosophical in nature and the above is only my opinion, and is not set in stone. Each system requires careful analysis before an effective solution can be architected.

Check out the articles that were published by a friend of mine Aaron Sullivan. They are a bit dated, but still represent a solid design philosophy even today. You can find the articles by googleing this string. “the crux of NT security”. There are 4 parts, and I think the forth one is most pertinent to Mili’s type of site. Excellent reading and I highly recommend them to anyone who is interested in security.


Here are some urls to the documents.
Phase 1 www dot securityfocus dot com/infocus/1323
Phase 2 www dot securityfocus dot com/infocus/1324
Phase 3 www dot securityfocus dot com/infocus/1325
Phase 4 www dot securityfocus dot com/infocus/1326

Also, you can check your own servers and entire networks for vulnerabilities. below is url to a great utility for doing this. It takes a little setup, and is best in Linux, but worth the effort if you run or have publicly facing servers out there.
www dot nessus dot org