Fair warning.
Moderator: Project members
Fair warning.
Sygate Log.
Seems my Services.exe seems to have your very questionable Server attached to it.
I place the blame for this entirely in your hands.
Especially considering I have never (and will never) even consider using FileZilla.
------------------------------------------------
File Version : 0.9.23.0
File Description : Windows Services Control (services.exe)
File Path : c:\WINDOWS\system32\drivers\services.exe
Process ID : 0x3E8 (Heximal) 1000 (Decimal)
Connection origin : local initiated
Protocol : TCP
Local Address : 192.168.2.11
Local Port : 4048
Remote Name : ip.filezilla-project.org
Remote Address : 82.96.98.58
Remote Port : 80 (HTTP - World Wide Web)
Ethernet packet details:
Ethernet II (Packet Length: 76)
Destination: 00-13-a3-34-dc-07
Source: 00-18-f3-53-1f-da
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 64
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0x689f (Correct)
Source: 192.168.2.11
Destination: 82.96.98.58
Transmission Control Protocol (TCP)
Source port: 4048
Destination port: 80
Sequence number: 1880395583
Acknowledgment number: 0
Header length: 28
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Checksum: 0x6d01 (Correct)
Data (0 Bytes)
Binary dump of the packet:
0000: 00 13 A3 34 DC 07 00 18 : F3 53 1F DA 08 00 45 00 | ...4.....S....E.
0010: 00 30 24 12 40 00 40 06 : 9F 68 C0 A8 02 0B 52 60 | .0$.@.@..h....R`
0020: 62 3A 0F D0 00 50 70 14 : 8F 3F 00 00 00 00 70 02 | b:...Pp..?....p.
0030: FA F0 01 6D 00 00 02 04 : 05 B4 01 01 04 02 7A 69 | ...m..........zi
0040: 6C 6C 61 2D 70 72 6F 6A : 65 63 74 03 | lla-project.
Seems my Services.exe seems to have your very questionable Server attached to it.
I place the blame for this entirely in your hands.
Especially considering I have never (and will never) even consider using FileZilla.
------------------------------------------------
File Version : 0.9.23.0
File Description : Windows Services Control (services.exe)
File Path : c:\WINDOWS\system32\drivers\services.exe
Process ID : 0x3E8 (Heximal) 1000 (Decimal)
Connection origin : local initiated
Protocol : TCP
Local Address : 192.168.2.11
Local Port : 4048
Remote Name : ip.filezilla-project.org
Remote Address : 82.96.98.58
Remote Port : 80 (HTTP - World Wide Web)
Ethernet packet details:
Ethernet II (Packet Length: 76)
Destination: 00-13-a3-34-dc-07
Source: 00-18-f3-53-1f-da
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 64
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0x689f (Correct)
Source: 192.168.2.11
Destination: 82.96.98.58
Transmission Control Protocol (TCP)
Source port: 4048
Destination port: 80
Sequence number: 1880395583
Acknowledgment number: 0
Header length: 28
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Checksum: 0x6d01 (Correct)
Data (0 Bytes)
Binary dump of the packet:
0000: 00 13 A3 34 DC 07 00 18 : F3 53 1F DA 08 00 45 00 | ...4.....S....E.
0010: 00 30 24 12 40 00 40 06 : 9F 68 C0 A8 02 0B 52 60 | .0$.@.@..h....R`
0020: 62 3A 0F D0 00 50 70 14 : 8F 3F 00 00 00 00 70 02 | b:...Pp..?....p.
0030: FA F0 01 6D 00 00 02 04 : 05 B4 01 01 04 02 7A 69 | ...m..........zi
0040: 6C 6C 61 2D 70 72 6F 6A : 65 63 74 03 | lla-project.
I agree. Filezilla is a generic FTP server. Thousands of organizations legitimately use it.
Imagine this scenario: You have your box at home. While you walk away for a couple minutes to get a drink, a malicious nerd walks up and installs an FTP server (in this case, Filezilla) on your machine so he can get to your files later. Was that the makers of the FTP server's fault? Or was it the fault of the person who installed it?
FileZilla is not a cracking tool. Just as OpenSSH is not a cracking tool, but it can be used as such without adequate security. Just as the Windows RDP server that ships with WinXP professional is not a cracking tool, but if it is not secured properly, it can be used maliciously.
I would suggest installing a firewall that blocks incoming connections if you are that concerned about it. Not only will your uninvited FileZilla guest be blocked, but other threats won't be dangerous either. That way, even if your box does become compromised again, then hackers won't be able to log in so it won't do any damage.
Imagine this scenario: You have your box at home. While you walk away for a couple minutes to get a drink, a malicious nerd walks up and installs an FTP server (in this case, Filezilla) on your machine so he can get to your files later. Was that the makers of the FTP server's fault? Or was it the fault of the person who installed it?
FileZilla is not a cracking tool. Just as OpenSSH is not a cracking tool, but it can be used as such without adequate security. Just as the Windows RDP server that ships with WinXP professional is not a cracking tool, but if it is not secured properly, it can be used maliciously.
I would suggest installing a firewall that blocks incoming connections if you are that concerned about it. Not only will your uninvited FileZilla guest be blocked, but other threats won't be dangerous either. That way, even if your box does become compromised again, then hackers won't be able to log in so it won't do any damage.
There are so many different ways of possible information flow. For example one can easily tunnel arbitary traffic through DNS requests, or simply invoking other programs which are whitelisted in the firewall (Internet Explorer? Firefox? Or whatever the browser is)
The _ONLY_ way to secure a system with a firewall is a whitelist approach which blocks all traffic in any direction on a packet level except to a very tiny set of ultimately trusted hosts.
Just look at the evolution of malware. In the past we had simple trojans, with the more publicly known ones being trojans like BackOrifice, Subseven or Netbus which just listened on some incoming port.
And now we have things like the infamous Storm worm. Fully encrypted, P2P based traffic, fully decentralized. This is a direct result on the typical user machine getting more 'secure'. Note that in most cases, infection is the direct result of a stupid user and not to some other security vulnerability.
- Computer A contacts computer B
- B's firewall blogs this
- Malware on B sees that there was a connection attempt from A
- Repeat this in a special rythm
Result: Arbitrary data exchange through a fully working firewall. Security gain through firewall: NONE.
The _ONLY_ way to secure a system with a firewall is a whitelist approach which blocks all traffic in any direction on a packet level except to a very tiny set of ultimately trusted hosts.
Just look at the evolution of malware. In the past we had simple trojans, with the more publicly known ones being trojans like BackOrifice, Subseven or Netbus which just listened on some incoming port.
And now we have things like the infamous Storm worm. Fully encrypted, P2P based traffic, fully decentralized. This is a direct result on the typical user machine getting more 'secure'. Note that in most cases, infection is the direct result of a stupid user and not to some other security vulnerability.
For the future, I can very much imagine malware that actively exploits firewalls without compromising the firewall.Oh, free pr0n in my inbox, I so much need to open this executable *unzips his fly*
- Computer A contacts computer B
- B's firewall blogs this
- Malware on B sees that there was a connection attempt from A
- Repeat this in a special rythm
Result: Arbitrary data exchange through a fully working firewall. Security gain through firewall: NONE.
-
- 504 Command not implemented
- Posts: 6
- Joined: 2007-12-12 22:57
- First name: Gennifer
- Last name: Flowers
Re: Fair warning.
FIREWALLS ONLY EXIST FOR THOSE WHO CANNOT CROSS TO THE OTHER SIDE!