I am in the middle of an ecommerce transaction that I was about to give my CC# to and I got probed w/ a severity of 79. I am going ot report it but want to know if BlackICE stops an attack or should I log back on as another IP address through my ISP. What should I do? Thanks-Dave

It should stop them, but i'd still report it. Fry the dumb b******, real hackers dont allow themselves to get caught that easily.

Look at:

http://www.networkice.com/Advice/Support/KB/q000040/default.htm

http://www.netice.com/Advice/Support/KB/default.htm

BID has a message board also.

When I got my first Level 79, I was pretty anxious about it. But it seems to be just another reporting level - a louder "knock on the door", if you will.

No matter what kind of internet connection you're on (DSL/cable/modem), you may want to consider using a proxy address (dummy IP). Make sure you do your homework - some proxies will "leak" your real IP. http://www.sysopt.com/forum/wink.gif

By all means, if it gives you peace of mind by logging off/on, then do so, but I don't believe it's necessary.



[This message has been edited by socalgal (edited 12-21-1999).]

Thanks. I have been reporting what I can (the IP addresses from Mindspring and AOL) but I am getting some that don't give IP addresses and some from Europe. Thanks for the links Socalgal. I haven't been to the second one you gave me yet. Where is that forum for BID? Thanks-dave

The typical response to a 'probe' is to send any record of the attack to the ISP of the offending IP Address. This is often easier said than done, as tracking the real ISP of an IP address is not always easy. You should be able to learn a little about it by going to www.networksolutions.com (http://www.networksolutions.com) and doing a WHOIS search on the IP. Once you've got a place to send your info to, contact them with the problem and they can track the exact user down and take some action.
It is becoming more frequent thought that people are using other people's machines for this sort of thing. Say someone sets up a Redhat 6.0 Linux machine on a cable modem. Hacker1 decides to break in using known exploits in the Redhat 6.0 default configuration and use the box to port scan other machines.
I personally try not to be too worried. A 'probe' means something was looking. Keep things locked down and that is all they will do, look. I've run NukeNabber for a month now, not so much as a ping has hit my machine. DSL hath its priviledges over cablemodems, IMHO. I got port scanned more with a modem than I do now.

Hi daveleau

Look for the Message Board here. http://www.netice.com/Support/default.htm

EDIT: (Previous info not confirmed)

In the BID config where the levels are (paranoid, nervous, cautious, trusting) there is the option to uncheck/check Allow Internet File Sharing. Unless you want the option to share online, uncheck that box.

Good info, 800XL!


[This message has been edited by socalgal (edited 12-22-1999).]

My boss actually had someone use his Redhat 6 machine just like I described. Thought I'd share the tale to help spread paranoia. http://www.sysopt.com/forum/wink.gif By keeping after these offenders, you can at least help curb the casual hackers. Those like the one(s) who used my boss's machine are the ones we really have to worry about. They cover their tracks and may leave you holding the bag.

If you get a rep with your ISP as one who reports these things, they will no doubt be more likely to believe you if you get 'framed'.

Thanks guys and gals. As usual, great info.
Dave