Strike back

Discussion in 'other anti-malware software' started by JacK, Aug 16, 2002.

Thread Status:
Not open for further replies.
  1. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    [copy]Slap - If your like me you run firewall software that tells you when someone tries to access your system. Sometimes I respond with a few packets of my own just to let them know that I am paying attention. I wrote Slap to make responding to these access attempts easier and more entertaining. Just enter the IP address of the person you wish to slap and click on the Slap button. The program will attempt to access all the ports in the list and send them a packet with a personal message. (The default message is 'Leave Me Alone!') Slap integrates with Black Ice and Zone Alarm and can use information received from these software firewalls to "Auto Slap" intruders and add their attacks to your list of responses.[/copy]

    http://www.securitysoftware.cc/apps.html

    JacK
     
  2. what about the cool wave fileo_O? :)

    Is that your site Jack?
     
  3. controler

    controler Guest

    When will this be avaliable for Outpost?
     
  4. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Hi, JacK!

    Added a few ports (combined the OutPost list with the TDS list + yours):
    1243
    2140
    5000
    5880
    6667
    9400
    10528
    11051
    12345
    12346
    12348
    12349
    15092
    17569
    20034
    23432
    24000
    27374
    31337

    So, three quick questions:

    (a) Are all the ports I listed in there TCP ports?

    (b) Are those ports going to show as 'Open' now?

    (c) Can I make it read OutPost's 'Attack' log by putting in the following path?

    C:\Program Files\Agnitum\Outpost Firewall 1.0\protect.log Pete
     
  5. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi MyNethingman ;)

    You may d/l from the site.

    NO, it is not : mine is in French :
    http://www.les-smileys.inforum-city.com/pentier.gif


    http://www.optimix.be.tf

    Cheers ;)

    JacK
     
  6. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Okay. Thanks.

    Just wondered about the UDP/TCP thing because 27374 is the only one that shows up in the SLAP window as being a UDP port - guess it must know how to automatically assign them? 'Cause I sure don't! Pete

    Note: A quick check at the 'Shields-Up' Nanoprobe site is now showing port 5000 open. Pete
     
  8. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    :) Hi JacK! (Something I can't say in airplanes!) About SLAP! I like it! At last, a way to give them the "finger!" Thank you! Should work okay for Win98se? Great idea!
     
  9. FanJ

    FanJ Guest

    Hm, just a thought:
    What if someones IP shows in your ZA-alert and it was only some kind of internet-background-noise?

    No, just only a personal feeling of myself:
    I'm against these kind of utilities.
     
  10. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    Hi Jan! I deeply value your viewpoint. I can tell the difference between background noise and individual probes. The message can be something like, "Are you aware that you are doing this?" Maybe that person's PC is infected? I still work with D-Shield and will save this for the most persistent probes. I like the idea of being able to wave back. Why should I sit in mute silence when this happens? :D
     
  11. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Internet background noise?

    On a Trojan port? Pete
     
  12. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi FanJ ;)

    I don't use it automatically but when I am sure :)
    I run a Private FTP server with a password and I see all the day long logged IP hammering, trying to crack the password to gain access, eqting up my bandwith and consumming time processor to close the connection 20/a minute. I use it to warn them : "you are logged" is the message.
    Soft way instead to respond with a ping of death or some kind of dissuading DosAttack lol.
    http://smilies.sofrayt.com/1/7/whip.gif
    I am no Jesus Christ
    Rgds,



    JacK
     
  13. snowy

    snowy Guest

    hmmmmmmmmmm......ok now I get how this works...its like a reverse caller-id.......the hacker scans randomly...an would normally be blocked by a stealthed port...only with slap...the hacker now receives a return url with a lil message attached........then the hacker who now has a "precise" address can focus on his new victim.......the hacker sends a massive flood of packets....an the victim sends back this lil message..."oh stop it now" LOL

    Just teasing!!

    snowman
     
  14. I am not going to play Net Nanny here..but if you have a firewall and you are stealthed (or not) this is the last thing you want to play with unless you want to draw attention to yourself.


    It is a script kiddie thing to get back at another kiddie...and thats just fine..but in the real world guys...you do not even know if it is going to hit the right target...but it is funny :D :D :D :D :D :D :D

    Until......... :blink: :blink: :blink:
     
  15. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    So what if the returned IP address is spoofed? Mwahahaha!

    No, no...it isn't a good thing to do. :cool:
     
  16. you have a 10% chance it is not :p :p :p :p :eek: :eek: :eek:
     
  17. FanJ

    FanJ Guest

    Hi JacK,

    I absolutely can understand what you're saying ;)


    Nevertheless, I myself am against it, and I'm with MyNethingyman.

    Yes, until......
    Until for example someone complains at your provider, maybe more persons complain at your provider, your provider gets angry at you, and your account at that provider will be closed....
     
  18. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi ;)

    If you run a server, you are not stealth of course as at least some ports need to be open for allowed access to your clients :)

    If a see somebody probing for half an hour, I think I already drew his attention, is not it ? lol

    As anything one has to use this little gadget in a reasonable manner, not against a ramdom scan or a few pings from some P2P or from your ISP :-D
     
  19. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    JacK - Scan me, would you? I'd like to see if it at least WORKS.

    199.222.167.220

    Pete
     
  20. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi, apparently, you are stealth and not pingable, so and don't get any answer.

    ASFM, I tried from another post on the port of my FTP 6**** and I was able to send back a message to the post.

    Running KPF, I "slapped" to the logged address.

    Rgds

    Depends on your FW if you can log the pings I sent
     
  21. I would let you try it on me also Jack....but if you did..I would have to kill you :D :D :D :D :D :D

    Now Pete, he will try anything.. :-* :-* :-* :-*

    You guys be careful.. the FBI might intercept it in a man in the middle attack and think they should issue a National Alert this weekend and then Pete and I will not be able to come out and play.
     
  22. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Nothing showing in the SLAP 'Activity Log', that's for sure.

    Sometimes I feel like I've 'stealthed' myself out of existence. Pete
     
  23. snowy

    snowy Guest

    Hacker to Slap user: "knock" "knock"

    Slap User to Hacker: "you are logged"

    Hacker to Slap user: "oh ok..if your log gets full just let me know an I will clean it for you"
     
  24. snowy

    snowy Guest

    Hacker to Slap User: Knock...knock!!


    Slap User to Hacker: "Don't bother me!"


    Hacker to Slap User: "just want to tell you that your credit cards are now maxed out...so funds have been transferred from your bank account to make payment...an your paycheck has been electronically transferred to my off-shore account.....ask your boss for a raise....oh..an your girlfriend is planning to leave you for a guy she met in the chat room.........have a nice day....hope you don't mind if I turn up your volume....
     
  25. Wow...that's ok.. for a moment there I thought you had disabled my Kazaa lite and Edonkey...corrupted all my music file and locked me out of port 1214.
     
Thread Status:
Not open for further replies.