hacked?

Discussion in 'other security issues & news' started by 2792, Jun 12, 2003.

Thread Status:
Not open for further replies.
  1. 2792

    2792 Guest

    If I suspect someone of hacking into my computer [ :mad: ] using NetBIOS (as far as I can gather from reading around the web by creating a null user account) how would I confirm this? I mean what files would have been modified by the action of hacking , are there any system logs I could check out? I don't think they did any malicious damage as the computer is still working fine, but what ways would a good hacker try to avoid my seeing their trail, like modifying the system files. If they did cover their tracks well is there any way of seeing this? I'm running WinXP.

    Also, is there any tracing software I could use to track this type of thing in the future and are there ways around this?

    Thanks a lot.
     
  2. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :Dwill most hackers arnt evill just very nosey but i have ran into the most vile of them which usealy consit of them wipeing out my hard drive

    i dont know wouldnt programs like dimond regystry and hta stop kinda protect you from that

    stuffs usealy in the free tool section

    xp has alot of problems to many security holes
     
  3. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi 2792,

    This is a daunting question to answer as there are just too many items to cover. So, please do not consider this by any means whatsoever a comprehensive reply!

    What footprints might be left by an intruder could vary quite a bit. If they are looking to create a WAREZ server than you might see more network activity than you are accustomed to seeing and you will have more disk space used than you can otherwise account for.

    Generally, you will want to look for

    * Additions in the Running Tasks list

    (for this you can use taskmgr.exe but it does not help you much unless you have an idea of what is usually there)

    * Additions in the Auto-Start areas of the system

    (to get a snapshot of all current autostart entries you can use DiamondCS's freeware Autostart Viewer from

    http://www.diamondcs.com.au/downloads/asviewer.zip

    * Additional use of Internet than you can otherwise account for
    (for this I would recommend DiamondCS's PortExplorer which is NOT freeware but can be used free for a trial period

    http://www.diamondcs.com.au/portexplorer/

    what this tool will let you do is get a realtime glimpse of all applications using the net, who they are talking to, etc. And all this can be logged to a file)

    * Changed files. This will not help you much if you have not already been monitoring your files. There are a number of systems you can use to monitor file changes

    * If you have security logging enabled you can check those logs but I believe the default in XP is not to enable it. I'm not sure in XP where you enable Security logging

    * You might also obtain a good Anti-Trojan product and scan your system with that

    (my preferred scanner is TDS3 by DiamondCS, again. Not trying to lock you in to using only their products, there are lots of others around but just letting you know which one prefer. Hopefully, others will speak up on their recommendations!)

    The bottom line is prevention. Have a good firewall, have the firewall keep logs on what it keeps out (so you know if someone has tried to attack). However, most people do want to communicate across the firewall and a way must be used to monitor that traffic to ensure that nothing unexpected is happening. In this latter regard, the PortExplorer app I already mentioned works well.

    If you have any specifics on what happened to your system (why you think you have been hacked) feel free to post what you can here and we will try to advise you on more specific recommendations.

    Hope this begins to help :D
     
Loading...
Thread Status:
Not open for further replies.