Firewall basic question

hi i have a very simple question

iF all inbound rule are disabled on a sfotware + hardware firewall

what are the chances of being hacked by explotation " remotely"
without the infection

 

Without infection? Extremely remote, unless you were personally targetted by a skilled hacker. And they wouldn't waste time on a single random person, ~ Snipped as per TOS ~.

Having a patched OS is critical, too, of course.

 

well as it seem i'm being targeted personally

the question is simple

" Hardware firewall embeded in the router "
software firewall denies All inbound Rules

If i'm not infected " i can easily use a pervious image or format the computer "

but If i'm not infected and the hack is extremly remote

can they pull it off

and i don't know how skilled the hacker is
i can say he is skilled as the previous infection was fully undetected

 

Well, if hackers have penetrated Pentagon's firewalls, which they have, I'm sure they can get through your consumer router, if they were determined and skilled enough.

 

Pentagon introduces a lot of the services which are publicly available, so the huckers do not need to penetrate firewall, all they need to get in is to find vulnerability in the public service

 

If it is properly configured (really blocks everything inbound) the chances are none

 

Wow thanks guys

i really disabled everything that can be accessed over the internet

all not necessary service

i just want this computer to open INTERNET

if consumer firewall will not be penetrated it's good news so all i have to worry about now is the infection

" the pervious infection was FULLY UNDETected
i tried the fowlowing list of antivirus on demand scanners

Hitman .
MBAM
EMISOFT emergency kit
prevex
MSE
avg rescue disk
drweb rescuedisk
sanity check antirootkit
gmer
Node online scanner
SAS
sbybot s&d
Drweb
TDsskiller
Blacklight
sophos anti rootkit "

the thing is this makes me worry how all of those
Didn't detect the Rat or logger

so i formatted the machine and still have 3 ones to go

 

@ Ranget

How do you KNOW that ?

If it was undetected, how can you KNOW there was/is one ?

 

How do i know that i'm hacked ?

well the hacker contacted me

as what he said
he was able to see everything on my computer
he also was able to hear things form other laptops on the same router
i tried about more than 20 ondemand scanner + anti rootkit
didn't detect anything

all of the computer are running
comodo Firewall with all of the in bound Rule disabled

i have a firewall enabled on my router

so i formated my desktop and now i'm trying everything before i reinstall Os on the laptops


any suggestion on what is the next step and what should i do ?
ineed to be sure if i formated the computer that he won't get in again

 

That's terrible. Are you certain this person really hacked into your computer and isn't just making a false claim?

Did you have the HIPS disabled in Comodo? It should have detected something. I would look into a HIPS product if I were you (and more importantly how to properly use it). Malware Defender or Spyshelter are two good choices if you don't want to stay with Comodo. I think you might have better success detecting the behavior of whatever tool this person is using to monitor you than relying on an antivirus.

Your router should block any unsolicited inbound packets (if you don't have port forwarding enabled to one of your computers) - I would focus more on outbound requests to catch the suspect application.

 

Are you using wi-fi?

I would first reset the router, disable wi-fi. Change router password/ disable any remote management etc.

How is the router connecting to Internet. Is it directly through a reputable ISP or, are you going through a private LAN?

- Stem

 

I'm 100% cretin that he did it he also hacked into my facebook account
and told me what i was posting and sharing even that i was making it private

the security setup was MSE + comodo

i added prvex after the hack

and i scanned with a lot of on demand scanner

in the router there is a wireless network WPA encryption with a strong password
i disabled it for now

the router admin password wasn't the default one
i also rehanged it and i changed the support password and the user password

not remote administration is enables

also i connect to the Internet directly

 

Regardless of what scans you did already, make sure there is no malware is running on that machine and ask for assistance from one of the specialised malware removal sites.
https://www.wilderssecurity.com/showpost.php?p=1533481&postcount=3

 

This person most likely is someone you know or lives close by. They seem focused on you for some reason. Contact the police and cease using this setup until it is resolved. NO FINANCIAL ACTIVITY on the www.

Do you live alone or do others have access to your PC?

Are you living in a complex like say a college dorm or condo?

Are your telephone or cable connected? have you contacted your ISP?

On wireless you must be behind a router which also needs setting.

Use WPA 2.

WPA can be cracked easily.


using another pc or personal visits to the bank etc:

Change ALL:

passwords everywhere

your email address use disposables in the future for forums

all bank account numbers

locks on your home/office

phone number etc


You/we are assuming you have been hit with a parasite on your PC (Trojan) but how do we know? Where is the evidence?

This hacker knows you and a lot about you so it is serious stuff here.

He/she could have and probably did sniff you out and lives near by.


Good luck

 

agree with Escalader +


for your router

https://www.wilderssecurity.com/showthread.php?t=272327


please check mac access list......etc as well


please check if your system really compromised or may be your friend having a prank on you

please check the software on system including your OS if it genuine or not

specially games on your system

also check what common software use on all of laptops

if you have your system connected all in lan then better turn lan off i suggest dont connect untill you clean all systems also dont use USB.....etc devices to exchange data

check your logs files firewall if possible check your router logs connect to only site or leave a router on silent and check where its trying to connect ......etc

also reduce your wireless range also check your router firmware if can be updated

Turn of dhcp of your router and give it a static ip range to connect your pc (LAN) and set your pc as well to that specific ip range (please use class C ip range only)

you use tools like secunia, nessus nmap wireshark and check the vulnerability open ports services running and sniffing your own data and see what weird going on what and which port they are listening too before formatting on infected system

also use linux live cd and change all your passwords accounts info.......etc even your system compromised with rootkit it wont going to work on linux live cd

because windows rootkit trojan wont on linux and hackers hardly make rootkit working on both platform at once please avoid pirated games software or OS as most of them coming with inbuilt rootkit.....trojan pre installed


last thing you can do is use DISK manager or your recovery cd and clean formate install on all systems in low formate mode

summery


1. some who know you can make prank on you
2. infected by rootkit
3. flush your bios and for your disk to low level disk manager
4. make your router tight check step 11
5. fresh install and get all software form net rather than backup
6. have a dual boot with linux so if one system compromised you dont have to worry you can use second as alternative
7. if you still feel very fearful about all

put all your sensitive data on external usb by running linux live cd that is run linux live cd 1st and from there put your usb and access your data form there to transfer on net or saving your sensitive data on usb for a while

8. use sandbox environments or best if you have enough ram use virtual box and from there run another OS preferred linux base inside it even your main OS window compromised it cannot make your virtual box os effected or vice versa if you have little ram 1 or 2gb you can still go for puppy linux in virtual box

9. bixbox is kinda same thing what i am talking about above

https://www.wilderssecurity.com/showthread.php?t=299046

10. Dont come in mind game and destroy your pc 1st be sure it actually compromised if any real hacker compromised your system he/she hardly clam so i agree with Escalader

11. router base: disable dhcp, put static ip of class c range, have access list(mac filtering) disable ssid if possible, put harden password, enable wpa2 check logs,update firmware if possible, also check the above routerlink

try above things specially 7, 8, 9 and 11

even you compromise or not they help you

 

The only option for this scenario is he already installed trojan program to your computer. If this program is selfmade than it is hardly can be detected by any signature based scanner. Have you ever made use of the gmer, sysprot, sanitycheck or other antirootkit program? As a first and easy mean I'd recommend to install avast (and disable comodo at least temporarily), it uses gmer engine as far as I know so it can have userfriendly shell over gmer.

And, just in case, can you post the list of your processes?

 

What this thread really illustrates is how much conflicting info. you find on the net. Half the time you end up more confused than when you started.

I see people swearing by disabling SSID broadcast to make your wireless network safer, then some that claim it actually compromises you more (an MS article actually states so).

I saw somebody state that auto-connecting was less secure. Can anybody verify or refute these claims? On the surface it sounds safer to have to enter the key manually every time instead of having some automated task do it for you, but I don't know.

Seems most agree that a strong WPA2 Key makes the rest rather moot, but I'm still curious as to the other stuff.

 

You can add MAC Address Filtering as well, works quite well as a whitelist.

 

IMHO, the original poster Ranget owes this thread the status and some facts and feedback on the posts members have put here in good faith for him/her.

Failing that SOON I for one will drop this thread.

Sometimes over the years a post is made here sort of like a bone thrown into the forum then nothing as others jump on it discuss and speculate lacking the data , facts and feedback.

I took the post on hacking as serious but now I'm doubting the whole situation. Show us some screen images! anything!

 

Yeah I sifted through all of that. That's where I saw the conflicting info. at and what piqued my curiosity. One person will claim one thing, and another the opposite. I don't know what to believe. It'd be nice to have somebody knowledgeable on the subject matter chime in.

SSID... to broadcast, or not to broadcast? That is the question.

The auto-connect thing seems to be a moot point. Even if I uncheck the box "Connect when this network is in range" (XP Pro) it sets itself back to automatic anyway after a reboot. It seems to have a mind of it's own.

 

This is "I have read"-level information as I don't have the source handy, but basically:

Microsoft has stated that you should leave SSID broadcasts on. This is for two reasons: one, attacker can find the SSID through networking tools, and two: your own computer sends information out blindly (something related to that network without SSID) because it can't see the network, so there could be a potential Man-in-the-middle -exploit.

 

Do you live alone or do others have access to your PC?
yes the have access

Are you living in a complex like say a college dorm or condo?
i live in my home not a dorm

Are your telephone or cable connected? have you contacted your ISP?
ADSL through telphone line


i Use a WPA2 i done all the suggested guide to securing Wireless router

i think the Hack came over the internet not over the Wireless


i changed all the passwords i use Linux for now

i thought that it's a prank but how did he know what i had for dinner
and how did he hack my facebook

do you mean like a OTL list ?? or combo fix ??
========== Processes (SafeList) ==========



PRC - [2011/04/19 01:11:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\toshiba\Desktop\programs\OTL.exe

PRC - [2011/03/29 12:36:10 | 002,860,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/01/10 17:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe

PRC - [2011/01/10 17:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe

PRC - [2011/01/10 17:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

PRC - [2009/08/18 23:24:47 | 000,079,360 | ---- | M] (Autodesk) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

PRC - [2008/07/11 03:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe

PRC - [2008/07/11 03:57:30 | 000,634,880 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe

PRC - [2008/06/28 04:46:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe

PRC - [2008/04/17 10:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe

sorry for the bit late feedback

 

Well I don't know who they are but this is probably the source of your trouble.

Nobody should have access to YOUR PC. Once they do they can take all your psws, account numbers everything.

This is probably WHY they know what you had for dinner. Only those living with you know that UNLESS you post what you ate on Facebook.


WIPE your PC to the metal and reformat it. That is the only sure way to get ALL parasites. There is no one scanner or combo of scanners which will do 100%.

As you restore your system with NEW passwords everywhere make sure you keep your PC locked and only open with a password or pass phrase you know. Do not log in with "THEY" in the room.

Done.

 

Attack coming from the home network or through the computer itself are basically the only options, if you have hardware firewall without forwarded ports. I too don't think that this is a serious hacking attempt - more a prank or similar act performed by someone you know and has access to your network or your computer.