Firewall basic question

Discussion in 'other firewalls' started by Ranget, May 14, 2011.

Thread Status:
Not open for further replies.
  1. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    hi i have a very simple question

    iF all inbound rule are disabled on a sfotware + hardware firewall

    what are the chances of being hacked by explotation " remotely"
    without the infection o_O o_O
     
  2. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    Without infection? Extremely remote, unless you were personally targetted by a skilled hacker. And they wouldn't waste time on a single random person, ~ Snipped as per TOS ~.

    Having a patched OS is critical, too, of course.
     
    Last edited by a moderator: May 14, 2011
  3. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/

    well as it seem i'm being targeted :-* personally :-* :doubt:

    the question is simple

    " Hardware firewall embeded in the router "
    software firewall denies All inbound Rules

    If i'm not infected " i can easily use a pervious image or format the computer "

    but If i'm not infected and the hack is extremly remote

    can they pull it off

    and i don't know how skilled the hacker is
    i can say he is skilled as the previous infection was fully undetected
     
    Last edited by a moderator: May 14, 2011
  4. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    Well, if hackers have penetrated Pentagon's firewalls, which they have, I'm sure they can get through your consumer router, if they were determined and skilled enough.
     
  5. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Pentagon introduces a lot of the services which are publicly available, so the huckers do not need to penetrate firewall, all they need to get in is to find vulnerability in the public service :)
     
  6. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    If it is properly configured (really blocks everything inbound) the chances are none :)
     
  7. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    Wow thanks guys

    i really disabled everything that can be accessed over the internet

    all not necessary service

    i just want this computer to open INTERNET

    if consumer firewall will not be penetrated it's good news so all i have to worry about now is the infection

    " the pervious infection was FULLY UNDETected
    i tried the fowlowing list of antivirus on demand scanners

    Hitman .
    MBAM
    EMISOFT emergency kit
    prevex
    MSE
    avg rescue disk
    drweb rescuedisk
    sanity check antirootkit
    gmer
    Node online scanner
    SAS
    sbybot s&d
    Drweb
    TDsskiller
    Blacklight
    sophos anti rootkit "

    the thing is this makes me worry how all of those
    Didn't detect the Rat or logger

    so i formatted the machine and still have 3 ones to go
     
  8. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ Ranget

    How do you KNOW that ?

    If it was undetected, how can you KNOW there was/is one ?
     
  9. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    How do i know that i'm hacked ?

    well the hacker contacted me

    as what he said
    he was able to see everything on my computer
    he also was able to hear things form other laptops on the same router
    i tried about more than 20 ondemand scanner + anti rootkit
    didn't detect anything

    all of the computer are running
    comodo Firewall with all of the in bound Rule disabled

    i have a firewall enabled on my router

    so i formated my desktop and now i'm trying everything before i reinstall Os on the laptops


    any suggestion on what is the next step and what should i do ?
    ineed to be sure if i formated the computer that he won't get in again
     
    Last edited: May 14, 2011
  10. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    That's terrible. Are you certain this person really hacked into your computer and isn't just making a false claim?

    Did you have the HIPS disabled in Comodo? It should have detected something. I would look into a HIPS product if I were you (and more importantly how to properly use it). Malware Defender or Spyshelter are two good choices if you don't want to stay with Comodo. I think you might have better success detecting the behavior of whatever tool this person is using to monitor you than relying on an antivirus.

    Your router should block any unsolicited inbound packets (if you don't have port forwarding enabled to one of your computers) - I would focus more on outbound requests to catch the suspect application.
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Are you using wi-fi?

    I would first reset the router, disable wi-fi. Change router password/ disable any remote management etc.

    How is the router connecting to Internet. Is it directly through a reputable ISP or, are you going through a private LAN?

    - Stem
     
  12. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    I'm 100% cretin that he did it he also hacked into my facebook account
    and told me what i was posting and sharing even that i was making it private

    the security setup was MSE + comodo

    i added prvex after the hack

    and i scanned with a lot of on demand scanner

    in the router there is a wireless network WPA encryption with a strong password
    i disabled it for now

    the router admin password wasn't the default one
    i also rehanged it and i changed the support password and the user password

    not remote administration is enables

    also i connect to the Internet directly
     
  13. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  14. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    This person most likely is someone you know or lives close by. They seem focused on you for some reason. Contact the police and cease using this setup until it is resolved. NO FINANCIAL ACTIVITY on the www.

    Do you live alone or do others have access to your PC?

    Are you living in a complex like say a college dorm or condo?

    Are your telephone or cable connected? have you contacted your ISP?

    On wireless you must be behind a router which also needs setting.

    Use WPA 2.

    WPA can be cracked easily.


    using another pc or personal visits to the bank etc:

    Change ALL:

    passwords everywhere

    your email address use disposables in the future for forums

    all bank account numbers

    locks on your home/office

    phone number etc


    You/we are assuming you have been hit with a parasite on your PC (Trojan) but how do we know? Where is the evidence?

    This hacker knows you and a lot about you so it is serious stuff here.

    He/she could have and probably did sniff you out and lives near by.


    Good luck
     
  15. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
    agree with Escalader +


    for your router

    https://www.wilderssecurity.com/showthread.php?t=272327


    please check mac access list......etc as well


    please check if your system really compromised or may be your friend having a prank on you

    please check the software on system including your OS if it genuine or not

    specially games on your system

    also check what common software use on all of laptops

    if you have your system connected all in lan then better turn lan off i suggest dont connect untill you clean all systems also dont use USB.....etc devices to exchange data

    check your logs files firewall if possible check your router logs connect to only site or leave a router on silent and check where its trying to connect ......etc

    also reduce your wireless range also check your router firmware if can be updated

    Turn of dhcp of your router and give it a static ip range to connect your pc (LAN) and set your pc as well to that specific ip range (please use class C ip range only)

    you use tools like secunia, nessus nmap wireshark and check the vulnerability open ports services running and sniffing your own data and see what weird going on what and which port they are listening too before formatting on infected system

    also use linux live cd and change all your passwords accounts info.......etc even your system compromised with rootkit it wont going to work on linux live cd

    because windows rootkit trojan wont on linux and hackers hardly make rootkit working on both platform at once please avoid pirated games software or OS as most of them coming with inbuilt rootkit.....trojan pre installed :rolleyes:


    last thing you can do is use DISK manager or your recovery cd and clean formate install on all systems in low formate mode

    summery


    1. some who know you can make prank on you
    2. infected by rootkit
    3. flush your bios and for your disk to low level disk manager
    4. make your router tight check step 11
    5. fresh install and get all software form net rather than backup
    6. have a dual boot with linux so if one system compromised you dont have to worry you can use second as alternative
    7. if you still feel very fearful about all

    put all your sensitive data on external usb by running linux live cd that is run linux live cd 1st and from there put your usb and access your data form there to transfer on net or saving your sensitive data on usb for a while

    8. use sandbox environments or best if you have enough ram use virtual box and from there run another OS preferred linux base inside it even your main OS window compromised it cannot make your virtual box os effected or vice versa if you have little ram 1 or 2gb you can still go for puppy linux in virtual box

    9. bixbox is kinda same thing what i am talking about above

    https://www.wilderssecurity.com/showthread.php?t=299046

    10. Dont come in mind game and destroy your pc 1st be sure it actually compromised if any real hacker compromised your system he/she hardly clam so i agree with Escalader

    11. router base: disable dhcp, put static ip of class c range, have access list(mac filtering) disable ssid if possible, put harden password, enable wpa2 check logs,update firmware if possible, also check the above routerlink

    try above things specially 7, 8, 9 and 11

    even you compromise or not they help you
     
    Last edited: May 16, 2011
  16. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    The only option for this scenario is he already installed trojan program to your computer. If this program is selfmade than it is hardly can be detected by any signature based scanner. Have you ever made use of the gmer, sysprot, sanitycheck or other antirootkit program? As a first and easy mean I'd recommend to install avast (and disable comodo at least temporarily), it uses gmer engine as far as I know so it can have userfriendly shell over gmer.

    And, just in case, can you post the list of your processes?
     
    Last edited: May 16, 2011
  17. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    What this thread really illustrates is how much conflicting info. you find on the net. Half the time you end up more confused than when you started.

    I see people swearing by disabling SSID broadcast to make your wireless network safer, then some that claim it actually compromises you more (an MS article actually states so).

    I saw somebody state that auto-connecting was less secure. Can anybody verify or refute these claims? On the surface it sounds safer to have to enter the key manually every time instead of having some automated task do it for you, but I don't know.

    Seems most agree that a strong WPA2 Key makes the rest rather moot, but I'm still curious as to the other stuff.
     
  18. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    You can add MAC Address Filtering as well, works quite well as a whitelist.
     
  19. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,974
    Location:
    U.S.A.
    luciddream, here's an article: 6 Steps to Secure Your Home Wireless Network posted in an older Thread and LowWaterMark's Post dissecting that article. Just FYI.
     
  20. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    IMHO, the original poster Ranget owes this thread the status and some facts and feedback on the posts members have put here in good faith for him/her.

    Failing that SOON I for one will drop this thread.

    Sometimes over the years a post is made here sort of like a bone thrown into the forum then nothing as others jump on it discuss and speculate lacking the data , facts and feedback.

    I took the post on hacking as serious but now I'm doubting the whole situation. Show us some screen images! anything!
     
  21. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Yeah I sifted through all of that. That's where I saw the conflicting info. at and what piqued my curiosity. One person will claim one thing, and another the opposite. I don't know what to believe. It'd be nice to have somebody knowledgeable on the subject matter chime in.

    SSID... to broadcast, or not to broadcast? That is the question.

    The auto-connect thing seems to be a moot point. Even if I uncheck the box "Connect when this network is in range" (XP Pro) it sets itself back to automatic anyway after a reboot. It seems to have a mind of it's own.
     
  22. Spysnake

    Spysnake Registered Member

    Joined:
    Apr 11, 2009
    Posts:
    187
    This is "I have read"-level information as I don't have the source handy, but basically:

    Microsoft has stated that you should leave SSID broadcasts on. This is for two reasons: one, attacker can find the SSID through networking tools, and two: your own computer sends information out blindly (something related to that network without SSID) because it can't see the network, so there could be a potential Man-in-the-middle -exploit.
     
  23. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    Do you live alone or do others have access to your PC?
    yes the have access

    Are you living in a complex like say a college dorm or condo?

    i live in my home not a dorm

    Are your telephone or cable connected? have you contacted your ISP?

    ADSL through telphone line


    i Use a WPA2 i done all the suggested guide to securing Wireless router

    i think the Hack came over the internet not over the Wireless
    :doubt:

    i changed all the passwords i use Linux for now

    i thought that it's a prank but how did he know what i had for dinner o_O
    and how did he hack my facebook o_O

    do you mean like a OTL list ?? or combo fix ??
    ========== Processes (SafeList) ==========



    PRC - [2011/04/19 01:11:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\toshiba\Desktop\programs\OTL.exe

    PRC - [2011/03/29 12:36:10 | 002,860,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

    PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

    PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

    PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

    PRC - [2011/01/10 17:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe

    PRC - [2011/01/10 17:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe

    PRC - [2011/01/10 17:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

    PRC - [2009/08/18 23:24:47 | 000,079,360 | ---- | M] (Autodesk) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

    PRC - [2008/07/11 03:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe

    PRC - [2008/07/11 03:57:30 | 000,634,880 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe

    PRC - [2008/06/28 04:46:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe

    PRC - [2008/04/17 10:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe


    sorry for the bit late feedback o_O
     
  24. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Well I don't know who they are but this is probably the source of your trouble.

    Nobody should have access to YOUR PC. Once they do they can take all your psws, account numbers everything.

    This is probably WHY they know what you had for dinner. Only those living with you know that UNLESS you post what you ate on Facebook.


    WIPE your PC to the metal and reformat it. That is the only sure way to get ALL parasites. There is no one scanner or combo of scanners which will do 100%.

    As you restore your system with NEW passwords everywhere make sure you keep your PC locked and only open with a password or pass phrase you know. Do not log in with "THEY" in the room.

    Done.

     
  25. Spysnake

    Spysnake Registered Member

    Joined:
    Apr 11, 2009
    Posts:
    187
    :thumb:

    Attack coming from the home network or through the computer itself are basically the only options, if you have hardware firewall without forwarded ports. I too don't think that this is a serious hacking attempt - more a prank or similar act performed by someone you know and has access to your network or your computer.
     
Loading...
Thread Status:
Not open for further replies.