OT: Hacker Attempt?
 

I get home today and my PC has rebooted. When I left it was on but not doing anything. No updates were performed for MS so that wasn't the cause. After logging in my McAfee personal firewall thingy popped up with over a 100 items since 11 am this morning ending at 1 pm.

They were all from cds236.lad.linw.net trying to access various ports, use various authorities, and so on.

So I ask you, do you think this is a hacker attempt.

Re: OT: Hacker Attempt?
 

Are you not behind a router?
Probably just a random port scan. I'd point the finger at power, myself.

Re: OT: Hacker Attempt?
 

Yes hiding behind router I am. But its just a cheapy DSL router called actiontech.

Re: OT: Hacker Attempt?
 

If someone from the internet is accessing "various ports" on your PC which connected to the internet through a router (router, not only DSL modem?), the router must be seriously misconfigured: Normally, it should drop any packets from the internet that where not explicitly requested from your PC (and thereby making a Personal Firewall superflous ..) - Unless you have forwarded special ports to your PC, to make it possible to someone on the Internet to access some server you're running.

Having multiple ports 'probed' sounds to me like you activated the DMZ (demilitarized zone or something, completely nonsense name for "let everything go right through"). This is a very bad idea in 99,98% of all cases .. as it takes your best security layer away and leaves you at the mercy of some 'personal firewall', virus scanner and security holes in those, the underlying OS and all the applications you're using.

Btw.- which OS and patch version are you using? There where several attacks on Windows which worked by deliberatly crashing the OS by sending malformed packets and getting some injected code executed on the way.

That said, you can't ever be 100% sure this was or wasn't an (un)succesful hacking attempt. I hope you're running the PC as user with restricted rights (only applies to W2k and XP prof, obviously)? If the answer is no, I give you a 67% chance that your PC is infected and needs reinstallation from ground up.

Re: OT: Hacker Attempt?
 

It might just be a DSL modem and not a router. :0 Thanks for the info Arralen. http://forum.shrapnelgames.com/images/smilies/happy.gif I run it as administrator and have ran several sweeps of Pest Patrol, and AVG anti Virus.

Since all of the attempts to access the ports were made by one listed entity, and they used other known hacker attacks to try and gain entry over a very short period of time, I would suspect that this was a directed attack and not just a random one. I mean over a 100 hits in less than an hour all coming from the same source kind makes one think that whoever is behind this is not a friendly person.

The trace always went from Wa DC to LA to Berlin to Deven to Portland back to DC. Some times Chicgo was listed in the trace.

I need to buy a router I guess. Any suggestions?

Re: OT: Hacker Attempt?
 

I'll agree on the statement that they are probably not friendly. But this is not directed specifically at you, if there are only 100 hits.

As for the reboot, I would blame power, as well. A little noise on the power lines would be all it takes.

Re: OT: Hacker Attempt?
 

100 hits from 1 source to different ports/services over an extended period of time is a hack attempt, not just a random port scan.
Mustn't be the case that it was really targeted at Atrocities PC - even DSL is some form of dial-up and gets changing IP adresses.

If a power surge is more likely to blame for the reboot I cannot say, as I don't know about the situation. (power network quality, the power supply of the PC etc) I know I had 1 reboot due to power surge in over 5 years - and that affected not only my 2 machines, but a whole lot of other things as well, therefore was quite 'noticable'. Surely "a little noise on the power lines" should not be sufficient to make a PC reboot, unless the power supply is really crappy or partly defective.

Concerning the router - there are more models out there then one could count, I guess. Everything that suits your taste and purse should be fine, as long as you stay away from those with known problems http://forum.shrapnelgames.com/images/smilies/wink.gif
See this list for some (bad) examples ...

Re: OT: Hacker Attempt?
 

This combination is very suspicious. If he managed to install something on your system the first thing he'd do is reboot to get it loaded into the OS. I'd run scans with all the virus and spyware checkers you've got and be very suspicious of the machine for a while. Watch all your network activity closely.

Re: OT: Hacker Attempt?
 

perhaps your os http://forum.shrapnelgames.com/images/smilies/happy.gif did you check your system log files

Re: OT: Hacker Attempt?
 

I don't know how to check my system log files Tesco. http://forum.shrapnelgames.com/images/smilies/frown.gif Regrettably I have very little PC skills.

The clocks in the house were fine, so power outage was no the ticked. A power surge could be possible, but unlikely.

Re: OT: Hacker Attempt?
 

Finding your log files is easy: Start/Find/Files or Folders/Files named *.log (assuming some flavor of Windows).

Interpreting the logs is another matter. For several of the 48 files that search finds on my system, I don't know what program created the log.

Re: OT: Hacker Attempt?
 

I ran a HiJack this and posted the report on the security forums. From the looks of it there isn't anything there that wasn't there in my last "ok" report. I think this just might have been a fluke thing. I sincerely hope that it doesn't occur again. Thank you all for your insight and posts.

Re: OT: Hacker Attempt?
 

Personally, I'd guess a power bump was the cause of the reboot. Last night, we had a bit of a power blip that wasn't even enough to hit the electronic clocks, but was enough to kill both the PC's in the house. Computers are much more sensitive to minor power blips that would otherwise go unnoticed by things like lights, clocks, etc. Also, I'd suspect a power blip, due to the huge winds from last night, assuming you got them along the Oregon coast like the BC coast did.

As for the rest, no idea http://forum.shrapnelgames.com/image...ies/tongue.gif

Re: OT: Hacker Attempt?
 

I wonder if the expense of having a battery back up would be worth it? IF the power spikes the battery unit would hopefully protect the PC and if the power fails then the BBU would hopefully provide enough time to properly power down the PC.

Re: OT: Hacker Attempt?
 

If you have a UPS (uninterruptable power supply) that regulates voltage levels, you have 0 need to worry about little power spikes. You can get tolerable ones for around $40; well worth the investment.

If you attach it's USB cord to your PC, Windows will manage it as a battery and automatically shut down after the AC power is cut, and the UPS runs low on juice.

Re: OT: Hacker Attempt?
 

An UPS is worth the investment. They stay up for several minutes after the power goes out, meaning you can stay on the computer(and internet usually) for a while uninterrupted after the power goes out. For small blips, which are much more common than longer outages, they let you simply ignore them, which is really nice.

Re: OT: Hacker Attempt?
 

A router probably isn't necessary (though nice to have) - Slashdot linked an article today about the most secure firewalls and Jetico + Comodo were 2 of the top ones and both are free. I think Comodo came no. 1. I believe the theory is that a decent firewall will prevent you from being "visible" on the internet so someone isn't able to latch onto you for extended probing because when they're scanning IP addresses your PC should act as if nobody's home at the IP address it's using. I've been using filseclab up til now and it scored REALLY poorly so I think I'll be switching to Comodo. Haven't checked to see how heinous either of their user agreements are yet so use your own discretion.

Re: OT: Hacker Attempt?
 

1 layer of defense is always less secure than 2 (properly configured) layers.

Re: OT: Hacker Attempt?
 

http://it.slashdot.org/article.pl?sid=06/12/12/1444251
http://www.matousec.com/projects/win...ts-results.php

The test isn't worth the electrons used for it, though:
They tested for "leakyness", not safety.
This is a fundamental error:

A) They used their own software-tools to test if something can get out from the 'protected' machine. If those tools have any resemblance to real threats, who knows? If they had infected their machines with real, up-to-date viruses and trojans and had scanned the in- and outgoing traffic for 'unauthorized' data (using a proxy with network card in promiscous mode), this would have made at least some sense.

B) If some malware tries to 'phone home' from your system, your security has already been breached and all safety measures failed: As you cannot reliably scan for infection with a virus scanner from the PC in question itself, you can't really keep any malware from doing whatever it wants (phone home, bring in some ads, whatever) because your OS is compromised, and there's no layer 'below' it that could control what its doing.
In fact, there are trojans in devlopment which move the whole operating system into some kind of virtual machine - where it will not and cannot ever know that it's in fact run under the control of a virus/trojan!!

C) Therefore, you don't need a personal firewall to keep something in, you need it to keep everything out if you're running windows, because that OS can't differentiate between internet and local network connections and offers all services to both nets (*) - what is a bad idea considering the fact that most of them are buggy and can be used to take over the machine.
(*this has changed with XP service pack 2, though: the integrated firewall closes all those services off from the internet. Therefore, with XPsp2 you don't need a seperate personal firewall unless you have very special demands)

D) A router is a better solution in 98% of cases, because if configured correctly it will simply throw away all data that your machine hasn't explicitly requested. To get infected, you must (more or less) run some malware yourself - keep in mind, though, that some security holes in browsers and mailprogramms allow for automated code execution if you open the 'wrong' website or mail. Internet Exploder and Outlook (Express) are especially prone to this, unless you turn off all their 'great' features, and even then to some degree.

Re: OT: Hacker Attempt?
 

Does any one have a link to the Security Forums?