Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Interests > Tilted Technology


 
 
LinkBack Thread Tools
Old 11-05-2003, 03:09 PM   #1 (permalink)
Insane
 
Am I being hacked???

I'm using my laptop at school with a wireless network card in the library. When I check the connection status it shows that i'm constantly sending packets. Is this someone else tapping into my connection or is it normal?
Rococo is offline  
Old 11-05-2003, 03:17 PM   #2 (permalink)
Rookie
 
cliche's Avatar
 
Location: Oxford, UK
How 'constantly'? A packet every few seconds, or lots of packets a second? I assume it's when you're not doing much.

If it's lots of packets a second, get the command prompt and type "netstat -an". Commonest reason I've seen this is being infected with Welchia/MSBlast - your machine will be sending out a lot of packets on port 135 (shows up in the netstat column).

For other possibilities, what progs do you have running, what OS?
__________________
I can't understand why people are frightened of new ideas. I'm frightened of the old ones. -- John Cage (1912 - 1992)
cliche is offline  
Old 11-05-2003, 03:22 PM   #3 (permalink)
Desert Rat
 
spived2's Avatar
 
Location: Arizona
its probably just your computer sending it's keep alive signal, making sure that it's still connected every few seconds. like a constant ping.
__________________

"This visage, no mere veneer of vanity, is it vestige of the vox populi, now vacant, vanished, as the once vital voice of the verisimilitude now venerates what they once vilified. However, this valorous visitation of a by-gone vexation, stands vivified, and has vowed to vanquish these venal and virulent vermin vanguarding vice and vouchsafing the violently vicious and voracious violation of volition. The only verdict is vengeance; a vendetta, held as a votive, not in vain, for the value and veracity of such shall one day vindicate the vigilant and the virtuous. Verily, this vichyssoise of verbiage veers most verbose vis-à-vis an introduction, and so it is my very good honor to meet you and you may call me V."
- V
spived2 is offline  
Old 11-05-2003, 03:22 PM   #4 (permalink)
Insane
 
I'm sending lots of packets, somewhere like 50 packets a second. What should I look for in the netstat screen? I just see many different ip addresses. I'm using windows xp, with only internet explorer running.
Rococo is offline  
Old 11-05-2003, 03:28 PM   #5 (permalink)
Devils Cabana Boy
 
Dilbert1234567's Avatar
 
Location: Central Coast CA
maybe, what OS are you running?

first update your system with windows update

next lets close some holes in your system

windows 2k xp by default shares your hard drives (all logical drives acualy) so lets close them off

create a batch file

(make a text document and save it as a .bat)

with the folowing code in it:


Quote:
net share A$ /delete
net share B$ /delete
net share C$ /delete
net share D$ /delete
net share E$ /delete
net share F$ /delete
net share G$ /delete
net share H$ /delete
net share I$ /delete
net share J$ /delete
net share K$ /delete
net share L$ /delete
net share M$ /delete
net share N$ /delete
net share O$ /delete
net share P$ /delete
net share Q$ /delete
net share R$ /delete
net share S$ /delete
net share T$ /delete
net share U$ /delete
net share V$ /delete
net share W$ /delete
net share X$ /delete
net share Y$ /delete
net share Z$ /delete
net share ADMIN$ /delete
net share IPC$ /delete
then run the batch file. this will remove all default shares.

you need to run this file each time you load windows because windows reshares these each time. you can also set it to run each time windows loads.



this will stp any one who is just playing around. and trying to get in.


the best thing you can do is to run a fire wall (Zone Alarm)
__________________
Donate Blood!

"Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen
Dilbert1234567 is offline  
Old 11-05-2003, 04:03 PM   #6 (permalink)
Junkie
 
Location: North Hollywood
networked computers normally send information back and forward, communication with PnP, RIP, routers, domain controllers etc.

run etherpeek/aeropeek and see what its really doing, having a firewall as the others said is a good thing.

50 a second does sound high for when the system is idling though
charliex is offline  
Old 11-05-2003, 04:07 PM   #7 (permalink)
Insane
 
Location: MN
You might have some spyware on your system, or it could be a IM program sending it's signal. It could be windows updating the system clock or downloading something from windows update. I would run a system scan with adaware and/or run a virus scan to know for certain.

Good luck
__________________
I'm Just here to help.
Now, Where is your problem?
yodapaul is offline  
Old 11-05-2003, 05:32 PM   #8 (permalink)
Thats MR. Muffin Face now
 
losthellhound's Avatar
 
Location: Everywhere work sends me
There are alot of reasons why a constant signal would be sent. If you run the command "netstat 2" to see what the connection is to. Most likely it is a keepalive, or a connection to a DHCP server
__________________
"Life is possible only with illusions. And so, the question for the science of mental health must become an absolutely new and revolutionary one, yet one that reflects the essence of the human condition: On what level of illusion does one live?"
-- Ernest Becker, The Denial of Death
losthellhound is offline  
Old 11-05-2003, 05:50 PM   #9 (permalink)
beauty in the breakdown
 
Location: Chapel Hill, NC
Quote:
Originally posted by Dilbert1234567
the best thing you can do is to run a fire wall (Zone Alarm)
Yep, thats what I would recommend. Go get a good firewall (Zone Alarm works, I use Sygate), install it, and make sure it starts with the computer. This is especially necessary in an environment like a college, where there are lots of machines that are not well maintained. I cant tell you how many times the network here at school has been brought to a crawl by someone putting an infected computer onto it... And I sit there and watch all the attempts to infect my machines bounce right off the firewall.
__________________
"Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws."
--Plato
sailor is offline  
Old 11-05-2003, 06:49 PM   #10 (permalink)
Insane
 
Right after I posted this I checked my email and the school had sent me a notice that I was running an infected computer. I installed the avg program and trying to clean this mess right now.

The strangest part is that I was using the laptop yesterday at school and it was fine, and no messages about viruses. I tried to go to the Trend micro anti-virus site today just before the computer started freaking out. I was hoping to test my computer since I haven't run a virus scanner in a while. This is the SECOND time i've had freaky problems (first time with my home pc) right after going to the trend website.

Any chance there's a correlation here?
Rococo is offline  
Old 11-05-2003, 07:07 PM   #11 (permalink)
Junkie
 
Location: North Hollywood
unlikely trend scanner is used by millions of people, if you wan tto a bogus site and did it , its possible it could infect it, but if you went to their site highly unlikely.

are you running any sort of kaaza or bearshare etc, sharing apps of any kind ? most virus infections come from either that or emails.

since you aren't running either a firewall or a virus scanner, you are toast. next you be telling us you dont use windows update

note some clever virus programmers made it so that they will detect you installing a virus scanner and disable it, so if it doesnt find anything,try one from a boot disk.
charliex is offline  
Old 11-05-2003, 11:59 PM   #12 (permalink)
Rookie
 
cliche's Avatar
 
Location: Oxford, UK
Rococo - not likely to be the trend site, most worms come in from local machines (as any sensible school will have firewalled off vulnerable ports).

Did the virus scanner find anything? (if not, make sure it's had the latest definition files installed). Otherwise, get the command prompt and type "netstat -an" and copy the results back here.
__________________
I can't understand why people are frightened of new ideas. I'm frightened of the old ones. -- John Cage (1912 - 1992)
cliche is offline  
Old 11-06-2003, 12:02 AM   #13 (permalink)
Banned
 
Location: 'bout 2 feet from my iMac
ok #1: if you even THINK you're virus-infected or being hacked...
PHYSICALLY DISCONNECT FROM THE NETWORK.

if your being hacked, you break their access to your box till you can clear however they're getting in. if it's a virus, you stop infecting other machines.

#2: you NEED updated anti-virus software. there's freee stuff. school'll probably provide you with some, for free, also. UPDATE IT REGULARLY.

virus software + adaware or other spy-ware removal + firewall + FULLY UPDATED windows == happy, (relatively) safe, computer.
cheerios is offline  
Old 11-06-2003, 02:18 AM   #14 (permalink)
Insane
 
I'm running avg right now, what about a firewall program that uses minimal cpu/memory while working in the background?
Rococo is offline  
Old 11-06-2003, 06:54 AM   #15 (permalink)
Tilted
 
Location: London, UK
sygate's free version has always been my first choice:
http://soho.sygate.com/products/spf_standard.htm
__________________
Time has told me I'm a rare, rare find
Jerry Manderine is offline  
Old 11-06-2003, 10:39 AM   #16 (permalink)
Junkie
 
www.trendmicro.com

run there free viruis scan
dragon2fire is offline  
Old 11-12-2003, 05:36 PM   #17 (permalink)
Tilted
 
Location: Dee mtns. of VA
Quote:
Originally posted by Dilbert1234567
maybe, what OS are you running?

first update your system with windows update

next lets close some holes in your system

windows 2k xp by default shares your hard drives (all logical drives acualy) so lets close them off

create a batch file

(make a text document and save it as a .bat)

with the folowing code in it:




then run the batch file. this will remove all default shares.

you need to run this file each time you load windows because windows reshares these each time. you can also set it to run each time windows loads.



this will stp any one who is just playing around. and trying to get in.


the best thing you can do is to run a fire wall (Zone Alarm)
I'm not having any problems, but just for kicks I tried this. All of them came back as "this shared resource does not exist", except the last one, IPC$, which came back as "Access Denied".

I have admin access on this machine, in fact there's only one user set up, me.

Is "access denied" indicative of a problem?
/\/\etalhea|) is offline  
Old 11-12-2003, 06:03 PM   #18 (permalink)
Confused Adult
 
Shauk's Avatar
 
Location: Spokane, WA
the "one user" account doesnt mean you are admin even though you have "admin rights"

its a safeguard in a way, you actually have to log in as "Administrator" (yes, thats the spelling as well)

doesnt show up on most normal boots, I know there is another way to show that login but I have it hidden so you can only see it in safe mode.

try safe mode then running that bat.

should be ok. I think.

I've never done this so im speaking in theory.
Shauk is offline  
 

Tags
hacked


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 07:53 AM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360