Strike back

[JacK]

[copy]Slap - If your like me you run firewall software that tells you when someone tries to access your system. Sometimes I respond with a few packets of my own just to let them know that I am paying attention. I wrote Slap to make responding to these access attempts easier and more entertaining. Just enter the IP address of the person you wish to slap and click on the Slap button. The program will attempt to access all the ports in the list and send them a packet with a personal message. (The default message is 'Leave Me Alone!') Slap integrates with Black Ice and Zone Alarm and can use information received from these software firewalls to "Auto Slap" intruders and add their attacks to your list of responses.[/copy]

http://www.securitysoftware.cc/apps.html

JacK

what about the cool wave file?

Is that your site Jack?

[controler]

When will this be avaliable for Outpost?

[spy1]

Hi, JacK!

Added a few ports (combined the OutPost list with the TDS list + yours):
1243
2140
5000
5880
6667
9400
10528
11051
12345
12346
12348
12349
15092
17569
20034
23432
24000
27374
31337

So, three quick questions:

(a) Are all the ports I listed in there TCP ports?

(b) Are those ports going to show as 'Open' now?

(c) Can I make it read OutPost's 'Attack' log by putting in the following path?

C:\Program Files\Agnitum\Outpost Firewall 1.0\protect.log Pete

[JacK]

Quote:

quoting: MyNethingyman link=board=20;threadid=3064;start=0#20596 date=1029507316]
what about the cool wave file?

Is that your site Jack?

Hi MyNethingman

You may d/l from the site.

NO, it is not : mine is in French :
http://www.les-smileys.inforum-city.com/pentier.gif


http://www.optimix.be.tf

Cheers

JacK

[JacK]

Quote:

quoting: spy1 link=board=20;threadid=3064;start=0#20610 date=1029510968]
Hi, JacK!

Added a few ports (combined the OutPost list with the TDS list + yours):
1243
2140
5000
5880
6667
9400
10528
11051
12345
12346
12348
12349
15092
17569
20034
23432
24000
27374
31337

Hi Pete
So, three quick questions:

(a) Are all the ports I listed in there TCP ports?
>> All ports are TCP and UDP

(b) Are those ports going to show as 'Open' now?
No, they don't

(c) Can I make it read OutPost's 'Attack' log by putting in the following path?

C:\Program Files\Agnitum\Outpost Firewall 1.0\protect.log Pete
>> Give it a try, I don't know, I just discoverd this proggy today and shall try with KPF for I have a lot of probes on my FTP (no anonymous access allowed )

Cheers,

JacK

[spy1]

Okay. Thanks.

Just wondered about the UDP/TCP thing because 27374 is the only one that shows up in the SLAP window as being a UDP port - guess it must know how to automatically assign them? 'Cause I sure don't! Pete

Note: A quick check at the 'Shields-Up' Nanoprobe site is now showing port 5000 open. Pete

[Prince_Serendip]

Hi JacK! (Something I can't say in airplanes!) About SLAP! I like it! At last, a way to give them the "finger!" Thank you! Should work okay for Win98se? Great idea!

Hm, just a thought:
What if someones IP shows in your ZA-alert and it was only some kind of internet-background-noise?

No, just only a personal feeling of myself:
I'm against these kind of utilities.

[Prince_Serendip]

Hi Jan! I deeply value your viewpoint. I can tell the difference between background noise and individual probes. The message can be something like, "Are you aware that you are doing this?" Maybe that person's PC is infected? I still work with D-Shield and will save this for the most persistent probes. I like the idea of being able to wave back. Why should I sit in mute silence when this happens?

[spy1]

Internet background noise?

On a Trojan port? Pete

[JacK]

Quote:

quoting: FanJ link=board=20;threadid=3064;start=0#20621 date=1029515334]
Hm, just a thought:
What if someones IP shows in your ZA-alert and it was only some kind of internet-background-noise?

No, just only a personal feeling of myself:
I'm against these kind of utilities.

Hi FanJ ;)

I don't use it automatically but when I am sure :)
I run a Private FTP server with a password and I see all the day long logged IP hammering, trying to crack the password to gain access, eqting up my bandwith and consumming time processor to close the connection 20/a minute. I use it to warn them : "you are logged" is the message.
Soft way instead to respond with a ping of death or some kind of dissuading DosAttack lol.
http://smilies.sofrayt.com/1/7/whip.gif
I am no Jesus Christ
Rgds,



JacK

hmmmmmmmmmm......ok now I get how this works...its like a reverse caller-id.......the hacker scans randomly...an would normally be blocked by a stealthed port...only with slap...the hacker now receives a return url with a lil message attached........then the hacker who now has a "precise" address can focus on his new victim.......the hacker sends a massive flood of packets....an the victim sends back this lil message..."oh stop it now" LOL

Just teasing!!

snowman

I am not going to play Net Nanny here..but if you have a firewall and you are stealthed (or not) this is the last thing you want to play with unless you want to draw attention to yourself.


It is a script kiddie thing to get back at another kiddie...and thats just fine..but in the real world guys...you do not even know if it is going to hit the right target...but it is funny

Until.........

[Checkout]

So what if the returned IP address is spoofed? Mwahahaha!

No, no...it isn't a good thing to do.

you have a 10% chance it is not

Hi JacK,

I absolutely can understand what you're saying


Nevertheless, I myself am against it, and I'm with MyNethingyman.

Yes, until......
Until for example someone complains at your provider, maybe more persons complain at your provider, your provider gets angry at you, and your account at that provider will be closed....

[JacK]

Quote:

quoting: MyNethingyman link=board=20;threadid=3064;start=0#20635 date=1029518357]
I am not going to play Net Nanny here..but if you have a firewall and you are stealthed (or not) this is the last thing you want to play with unless you want to draw attention to yourself.

Hi

If you run a server, you are not stealth of course as at least some ports need to be open for allowed access to your clients

If a see somebody probing for half an hour, I think I already drew his attention, is not it ? lol

As anything one has to use this little gadget in a reasonable manner, not against a ramdom scan or a few pings from some P2P or from your ISP :-D

[spy1]

JacK - Scan me, would you? I'd like to see if it at least WORKS.

199.222.167.220

Pete

[JacK]

Quote:

quoting: spy1 link=board=20;threadid=3064;start=15#20645 date=1029520354]
JacK - Scan me, would you? I'd like to see if it at least WORKS.

199.222.167.220

Pete

Hi, apparently, you are stealth and not pingable, so and don't get any answer.

ASFM, I tried from another post on the port of my FTP 6**** and I was able to send back a message to the post.

Running KPF, I "slapped" to the logged address.

Rgds

Depends on your FW if you can log the pings I sent

I would let you try it on me also Jack....but if you did..I would have to kill you

Now Pete, he will try anything..

You guys be careful.. the FBI might intercept it in a man in the middle attack and think they should issue a National Alert this weekend and then Pete and I will not be able to come out and play.

[spy1]

Nothing showing in the SLAP 'Activity Log', that's for sure.

Sometimes I feel like I've 'stealthed' myself out of existence. Pete

Hacker to Slap user: "knock" "knock"

Slap User to Hacker: "you are logged"

Hacker to Slap user: "oh ok..if your log gets full just let me know an I will clean it for you"

Hacker to Slap User: Knock...knock!!


Slap User to Hacker: "Don't bother me!"


Hacker to Slap User: "just want to tell you that your credit cards are now maxed out...so funds have been transferred from your bank account to make payment...an your paycheck has been electronically transferred to my off-shore account.....ask your boss for a raise....oh..an your girlfriend is planning to leave you for a guy she met in the chat room.........have a nice day....hope you don't mind if I turn up your volume....

Quote:

quoting: snowy link=board=20;threadid=3064;start=15#20674 date=1029528220]


Hacker to Slap User: Knock...knock!!


Slap User to Hacker: "Don't bother me!"


Hacker to Slap User: "just want to tell you that your credit cards are now maxed out...so funds have been transferred from your bank account to make payment...an your paycheck has been electronically transferred to my off-shore account.....ask your boss for a raise....oh..an your girlfriend is planning to leave you for a guy she met in the chat room.........have a nice day....hope you don't mind if I turn up your volume....

Wow...that's ok.. for a moment there I thought you had disabled my Kazaa lite and Edonkey...corrupted all my music file and locked me out of port 1214.