Asking to be hacked

Not sure if this is in accordance with forum policies, but since there doesn't seem to be one for this forum...

I'm trying to find out what's the worst that can happen when a WinXP Pro SP2 system goes for five years without any security patches and doesn't have a firewall installed. Please feel free to intrude into my system any way you can; details are per the attached images.

 

Are you monitoring this machine (or virtual machine) to ensure that any infection or hack actually does not impact other people?

For example, running a phishing site, sending spam, etc?

If not - it would seem a little unethical/irresponsible.

 

Your Net range is assigned to Stony Brook Univ.

Is yours a static or dynamic IP?

Would the server or anyone else on the network be affected in any way by an infection/hack?

 

As best as I know how to, yes. I'm periodically checking to see if port 80 is open, among other things. Since I'm asking to be attacked to see how bad the consequences can be, I'd obviously like to know when I'm compromised.

 

That's... strange. I did a whois of myself, and apparently I'm right where I'm supposed to be. What tools did you use?

And no, I'm the sole user on a home network. So I doubt anyone else would be affected.

 

Except other customers of the ISP, random internet users (in case you're infected but don't know/notice)... do you have something monitoring traffice to/from the box (which is not ON the box)...

While I understand and applaud your curiousity, I have to say that this still strikes me as a little irresponsible.

 

Sorry, I mistyped your IP in whois.

What about static or dynamic?

 

I'm on a wireless router. That IP stays until I reset the router.

 

OK. I assume that eliminates the chances of someone else being compromised with that IP.

 

Any non-OS tools and the rest of the box is pretty hardened IMHO. My gates are wide open, but I sincerely doubt anyone is able to pluck the cameras down on their way in.

 

I wholeheartily agree with this. There are too many improperly secured computers being used without the owners knowledge as spam bots and such without freely providing one and becoming part of the problem.

 

Do you have any sensitive data on it

 

Why not find out.

 

Hostname: ******
TCP ports (1) 21
UDP ports (79) 7,9,11,53,68,69,111,123,135,137,138,191,
192,260,445,500,514,520,1009,1024,1027,1030,1034,1035,
1037,1041,1058,1060,1091,1352,1434,1645,1646,1812,1813,
1900,1978,2002,2049,2140,2301,2493,2631,2967,3179,3327,
3456,4045,4156,4296,4469,4802,5631,5632,11487,31337,32768,
32769,32771,32772,32773,32774,32775,32776,32777,32778,32779,
32780,32781,32782,32783,32784,32785,32786,32787,32788,32789,32790,43981

that's a lot

 

Well, that was the whole point of this exercise in the first place.

The million-dollar question is, can you hack me?

 

NO.
I don't have the time, knowledge, and interest.

The tool for providing this info downloaded in a mouse click. No hacking tools btw, just a port scanner and network utility

Nice topic

 

The point he is making is that it's one thing to have information, or even access (supposedly) to open ports. It's another to do something with it. That is his challenge!

 

Solcroft,

Put your IP on a hacker forum, try for instance http://www.elitehackers.info/forums/

Have fun

 

Well I trust you know what you are doing since it is one thing to ask your friends to hack you it is a whole other to post a request on the www for all and sundry to have a go. One might say the expression "Be careful what you wish for" applies.

 

I agree, that's the challenge.

Question:

What are the most common ports that are scan?

 

Just out of curiosity, has anyone had a go at me yet? Seems awfully quiet on my end - I registered a few Sasser and SQLSlammer attacks from Taiwan sometime this afternoon, but that was it.

 

Here are some typical loggings I see daily.


______________________________________________________________


Ports 1026-1028 are messenger spam:

http://www.linklogger.com/messenger_spam.htm

Port 135 is the entry point for MSBlaster.

http://www.linklogger.com/TCP135.htm

Port 139 is the Netbios Session Service

http://www.linklogger.com/TCP139.htm

Port 445 is the entry point for Sasser.

http://www.linklogger.com/TCP445.htm

The third showing Port 51132 is typical for those like myself using a dynamic IP address (it changes each time I dial up). The previous user of that IP at the time it was assigned to me may have been in a P2P session using that port.

-rich

 

This sounds just like an old thread over ate DSLReports.

Blake ( I believe he is the maker of Link Logger) started. He asked the whole world to try hack him while he was on a cheap nat router.
You might be able to still find the thread or IM Blake to see how many actualy got in. I watched it for a while, then got bored. I think a few were able to send some packets through.


Good luck

controler

 

Thank you, Rmus.

MSBlaster\Sasser nasty's are still out there...

 

My router's configured for DMZ access, in effect disabling its firewall protection.

But at the end of the day, when nothing untoward has happened even with no security patches and wide-open ports, it really makes you wonder whether some of the more recent paranoia about stealthed ports being a necessity is even worth the time.