|
|
|
|
 |
|
December 12th, 2006, 12:29 AM
|
 |
Shrapnel Fanatic
|
|
Join Date: Dec 2000
Location: USA
Posts: 15,630
Thanks: 0
Thanked 30 Times in 18 Posts
|
|
OT: Hacker Attempt?
I get home today and my PC has rebooted. When I left it was on but not doing anything. No updates were performed for MS so that wasn't the cause. After logging in my McAfee personal firewall thingy popped up with over a 100 items since 11 am this morning ending at 1 pm.
They were all from cds236.lad.linw.net trying to access various ports, use various authorities, and so on.
So I ask you, do you think this is a hacker attempt.
__________________
Creator of the Star Trek Mod - AST Mod - 78 Ship Sets - Conquest Mod - Atrocities Star Wars Mod - Galaxy Reborn Mod - and Subterfuge Mod.
|
December 12th, 2006, 02:46 AM
|
 |
Sergeant
|
|
Join Date: Dec 2003
Posts: 251
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Re: OT: Hacker Attempt?
Are you not behind a router?
Probably just a random port scan. I'd point the finger at power, myself.
|
December 12th, 2006, 03:12 AM
|
|
Shrapnel Fanatic
|
|
Join Date: Dec 2000
Location: USA
Posts: 15,630
Thanks: 0
Thanked 30 Times in 18 Posts
|
|
Re: OT: Hacker Attempt?
Yes hiding behind router I am. But its just a cheapy DSL router called actiontech.
__________________
Creator of the Star Trek Mod - AST Mod - 78 Ship Sets - Conquest Mod - Atrocities Star Wars Mod - Galaxy Reborn Mod - and Subterfuge Mod.
|
December 12th, 2006, 09:40 AM
|
 |
Major General
|
|
Join Date: Nov 2000
Location: 500km from Ulm
Posts: 2,279
Thanks: 9
Thanked 18 Times in 12 Posts
|
|
Re: OT: Hacker Attempt?
If someone from the internet is accessing "various ports" on your PC which connected to the internet through a router (router, not only DSL modem?), the router must be seriously misconfigured: Normally, it should drop any packets from the internet that where not explicitly requested from your PC (and thereby making a Personal Firewall superflous ..) - Unless you have forwarded special ports to your PC, to make it possible to someone on the Internet to access some server you're running.
Having multiple ports 'probed' sounds to me like you activated the DMZ (demilitarized zone or something, completely nonsense name for "let everything go right through"). This is a very bad idea in 99,98% of all cases .. as it takes your best security layer away and leaves you at the mercy of some 'personal firewall', virus scanner and security holes in those, the underlying OS and all the applications you're using.
Btw.- which OS and patch version are you using? There where several attacks on Windows which worked by deliberatly crashing the OS by sending malformed packets and getting some injected code executed on the way.
That said, you can't ever be 100% sure this was or wasn't an (un)succesful hacking attempt. I hope you're running the PC as user with restricted rights (only applies to W2k and XP prof, obviously)? If the answer is no, I give you a 67% chance that your PC is infected and needs reinstallation from ground up.
__________________
As for AI the most effective work around to this problem so far is to simply use an American instead, they tend to put up a bit more of a fight than your average Artificial Idiot.
... James McGuigan on rec.games.computer.stars somewhen back in 1998 ...
|
December 12th, 2006, 03:46 PM
|
|
Shrapnel Fanatic
|
|
Join Date: Dec 2000
Location: USA
Posts: 15,630
Thanks: 0
Thanked 30 Times in 18 Posts
|
|
Re: OT: Hacker Attempt?
It might just be a DSL modem and not a router. :0 Thanks for the info Arralen.  I run it as administrator and have ran several sweeps of Pest Patrol, and AVG anti Virus.
Since all of the attempts to access the ports were made by one listed entity, and they used other known hacker attacks to try and gain entry over a very short period of time, I would suspect that this was a directed attack and not just a random one. I mean over a 100 hits in less than an hour all coming from the same source kind makes one think that whoever is behind this is not a friendly person.
The trace always went from Wa DC to LA to Berlin to Deven to Portland back to DC. Some times Chicgo was listed in the trace.
I need to buy a router I guess. Any suggestions?
__________________
Creator of the Star Trek Mod - AST Mod - 78 Ship Sets - Conquest Mod - Atrocities Star Wars Mod - Galaxy Reborn Mod - and Subterfuge Mod.
|
December 12th, 2006, 06:54 PM
|
 |
Lieutenant Colonel
|
|
Join Date: Mar 2001
Location: Emeryville, CA
Posts: 1,412
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Re: OT: Hacker Attempt?
Quote:
Atrocities said:
I mean over a 100 hits in less than an hour all coming from the same source kind makes one think that whoever is behind this is not a friendly person.
|
I'll agree on the statement that they are probably not friendly. But this is not directed specifically at you, if there are only 100 hits.
As for the reboot, I would blame power, as well. A little noise on the power lines would be all it takes.
__________________
GEEK CODE V.3.12: GCS/E d-- s: a-- C++ US+ P+ L++ E--- W+++ N+ !o? K- w-- !O M++ V? PS+ PE Y+ PGP t- 5++ X R !tv-- b+++ DI++ D+ G+ e+++ h !r*-- y?
SE4 CODE: A-- Se+++* GdY $?/++ Fr! C++* Css Sf Ai Au- M+ MpN S Ss- RV Pw- Fq-- Nd Rp+ G- Mm++ Bb@ Tcp- L+
|
December 12th, 2006, 07:36 PM
|
|
General
|
|
Join Date: Aug 2000
Location: Ohio, USA
Posts: 4,323
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Re: OT: Hacker Attempt?
Quote:
Atrocities said:
I get home today and my PC has rebooted. When I left it was on but not doing anything. No updates were performed for MS so that wasn't the cause. After logging in my McAfee personal firewall thingy popped up with over a 100 items since 11 am this morning ending at 1 pm.
They were all from cds236.lad.linw.net trying to access various ports, use various authorities, and so on.
So I ask you, do you think this is a hacker attempt.
|
This combination is very suspicious. If he managed to install something on your system the first thing he'd do is reboot to get it loaded into the OS. I'd run scans with all the virus and spyware checkers you've got and be very suspicious of the machine for a while. Watch all your network activity closely. |
December 12th, 2006, 08:01 PM
|
|
General
|
|
Join Date: Jul 2001
Location: Canada
Posts: 4,603
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Re: OT: Hacker Attempt?
perhaps your os did you check your system log files
__________________
RRRRRRRRRRAAAAAGGGGGGGGGHHHHH
old avatar = http://www.shrapnelgames.com/cgi-bin...1051567998.jpg
Hey GUTB where did you go...???
He is still driving his mighty armada at 3 miles per month along the interstellar highway bypass and will be arriving shortly
|
December 12th, 2006, 08:26 PM
|
|
Shrapnel Fanatic
|
|
Join Date: Dec 2000
Location: USA
Posts: 15,630
Thanks: 0
Thanked 30 Times in 18 Posts
|
|
Re: OT: Hacker Attempt?
I don't know how to check my system log files Tesco.  Regrettably I have very little PC skills.
The clocks in the house were fine, so power outage was no the ticked. A power surge could be possible, but unlikely.
__________________
Creator of the Star Trek Mod - AST Mod - 78 Ship Sets - Conquest Mod - Atrocities Star Wars Mod - Galaxy Reborn Mod - and Subterfuge Mod.
|
December 12th, 2006, 09:10 PM
|
 |
General
|
|
Join Date: Feb 2001
Location: Pittsburgh, PA, USA
Posts: 3,070
Thanks: 13
Thanked 9 Times in 8 Posts
|
|
Re: OT: Hacker Attempt?
Finding your log files is easy: Start/Find/Files or Folders/Files named *.log (assuming some flavor of Windows).
Interpreting the logs is another matter. For several of the 48 files that search finds on my system, I don't know what program created the log.
__________________
Cap'n Q
"Good morning, Pooh Bear," said Eeyore gloomily. "If it is a good morning," he said. "Which I doubt," said he.
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is On
|
|
|
|
|
Hybrid Mode