View Full Version : Internet Security

11-21-2002, 01:07 PM
Hello there Everyone,
How can you tell if someone is accessing your computer from the Internet?
I'm running XP and just now enabled the firewall. Used it other times before but didn't know how to set it up to let the other computer on my home network to share. When XP firewall is enabled, I can't access the other computer as well. I've also used Norton's Internet Security as well and still am on the other computer. I know how to set that one to allow for sharing. I took it off mine for some reason, I can't remember.:rolleyes: Well anyway, I'm seeing things changing on my computer quite often. Nothing serious just settings being changed, mostly back to the default setting. Why wife said that when she's on her computer and she's on it every day, that the MS IM will pop up saying that I just signed on and I'm not even on my computer. This has happen quite often. The computers are on 24/7 and we're using Linksys router as the access point. I know I can down load the Zone alarm firewall for it but I believe there's already one on there. My wife's computer is wire connected and I'm using the wireless adapter. The router is wireless and has four ports. Here's an example: I woke up to find that my computer had rebooted (just mine) and the power had not gone off. Also the Atomica software had autostarted when the computer booted up which it will do, if it's configured to do that but it wasn't and hasn't been. I would dismiss all of this (and still am tempted to do so)if it happened once in a blue moon. So what do you think? I'm not overly concerned about all of this but would like some input. Maybe what more I can do to protect my computers. Sincerely, William L. Trotter Jr.

11-22-2002, 11:08 AM
Actually, I would be concerned! You need one of our networking experts, though, because I know diddley about networking. You might look at this thread: XP too user friendly (http://www.pcguide.com/vb/showthread.php?s=&threadid=18510), because Ghost said something there that sailed over my head.

The way I "know" someone is trying to get into mine is all the pings on ZA. Here lately, will be a couple of days of normal pinging..say 2 or 3 an hour..and then WHAM :eek:..for several days, will jump to 50 or more an hour.

Another to look at is Some basic security (http://www.pcguide.com/vb/showthread.php?s=&threadid=17794).

Truly..a puter shouldn't do things not called upon, in my opinion, and you should persist here with questions until you get that fixed. You do have AV software, right? And maybe something like AdAware to check for spyware? And when you say that you could download ZA, but think you already have one..do you mean ZA or something else?

11-22-2002, 11:33 AM
It sounds to me like you have a Trojan that is using your computer for a server. I really hope you don't have credit card numbers or other useful info on that computer. Your networked computer is probably also at risk. I urge you to spend some time on the Security Forum learning more about this stuff and consider getting a Firewall up now to prevent further problems.


11-22-2002, 01:00 PM
My wife's computer is wire connected and I'm using the wireless adapter. The router is wireless and has four ports.

Actually I don't think you have a trojan, but quite possibly you have a parasite.....a slimy bandwidth sucking slime ball that is using your internet connection by way of your wireless access point. Try disconnecting your machine from the network by turning off the wireless...if she stops getting the connected mesages then that is the source, and you will probably have a very POd teenager somewhere in your neighborhood.....

A misconfigured wireless setup is the same as giving someone else unfettered access to your network/machine/connection...no trojan needed.

11-22-2002, 03:41 PM
You suffer from 2 possible avenues of attack because you have file sharing enabled on an interface that is both connected to the internet and is wireless. Access to your computer can be had from anyone across the globe to anyone within range of your wireless access point. So, the first thing I would do is setup any and all security your router provides for both it's internet and wireless interfaces.

As Kay has already pointed out, anytime your computer does "things by itself"( like rebooting, changing settings or starting programs that aren't set to startup) you should suspect a compromised system. Normally in such a situation I would recommend you wipe the drive and reinstall everthing. However, for a home system, reinstalling the operating system should be enough. If you don't wish to go this route then you should download a trojan scanner and run it on your system. (After you have turned off file sharing.) Some can be found here download.com's antivirus page (http://download.com.com/3150-2239-0.html?tag=dir) Trojans can also be found by most anti-virus programs. (Still the only guaranteed way to rid your system of trojans is to wipe and reinstall.)

The final step would be to install a firewall before you turn file sharing back on.

How can you tell if someone is accessing your computer from the Internet?

Most of the tools needed for this require some basic knowledge of TCP/IP. (as does the IPSEC interface that Kay mentioned went over her head. :) ) If your interested in learning about those tools or IPSEC let me know and I can post some links to them.

Hope this helps :)

11-22-2002, 03:59 PM
I didn't mean to sound like you can't have a trojan....just that it would be easier to do with an unsecure wirelss setup, and that could be checked by a simple flick of a switch.

What Ghost_Hacker said, I agree 100%....

11-23-2002, 01:43 AM
Hey Guys,
Thanks for all the response. At the time of my first post I had already reenabled my firewall that comes with XP. Also I reinstalled the Norton's Internet Security 2002 software and have everything on it up and running. I don't know if it matters if I have both firewalls going. Actually that would be three firewalls counting the one that's on the router. There is one on the router for sure but don't know what brand. I've also updated the firmware on the router not to long ago. To anwser the "you do have AV software, right?" Yes, but don't always us it. Sometimes I find that these things (AV,firewalls,third party utilities) cause me proplems, rather than try to figure out why I just take them off. Useing the Norton's AV, I scanned the whole system, nothing. Also since I reenabled the firewall nothing has happened. I asked my wife about the IM phantom and she doesn't recall it happening today (11/22) but she wasn't for sure, because it happened so much that she just ignored it. She said, some times it would happen several times within the hour. I appreciate the links and will check them out. And yes Ghost_Hacker ("If your interested in learning about those tools or IPSEC let me know and I can post some links to them.") I am. By the way Ghost_Hacker, you're not a hacker are ya?:D And finally for all those would be hackers, here's a little info for ya: The U.S. House of Representatives approved the Homeland Security bill Wednesday, (11/14/02) which includes the Cyber Security Enforcement Act (CSEA). A last-minute addition to the proposal calls for punishing malicious hackers with life in prison. CSEA also increases police powers to conduct online eavesdropping and obtain user information from ISPs.:cool:

11-23-2002, 02:23 AM
A last-minute addition to the proposal calls for punishing malicious hackers with life in prison. CSEA also increases police powers to conduct online eavesdropping and obtain user information from ISPs.

One should be careful of what one wishes for......:(

11-23-2002, 02:46 AM
I didn't. But what I do wish for, is that we would all walk in love.:)

11-23-2002, 08:14 AM
IPSEC is mostly used to create secure channels between computers, however in Windows 2000 and above IPSEC can also be used to create firewall like rules so long as IPSEC security options are not enabled. (a basic knowledge of TCP/IP is needed to use this tool.)

The following article explains how to use this with Windows 2000. IPSEC filter rules are setup the same way in XP.

IPSEC filters (http://online.securityfocus.com/infocus/1559)
EDIT This page comes up really slow sometimes, so you'll need to be patience.

The next set of tools really require that you know TCP/IP in order to get the most out of them. Still even with just some basic knowledge you should be able to understand their output. Most of these tools (except Nessus) come in both a Linux and Windows version. Of course, I prefer the Linux versions. :) These tools can be "hosted" on any computer on your network, since they look at all network traffic.

Snort is a free Intrusion Detection System that has many uses. But I use it only as an IDS. It can be found here: Linux (http://www.snort.org/) or Windows (http://www.silicondefense.com/techsupport/downloads.htm). Be sure to pick up the needed extra files and rule sets, links are provide on Snort's download page. Also be sure to read the "trojan" warning on the Linux version's download page.

Snort will monitor your network traffic and alert you to "hacker" type traffic. Be warned that it does give out a lot of false positives (Alarms) Which is where the knowledge of TCP/IP comes in handy. (you'll need it to read the packet dumps or create your own snort rules.)

Windump (or tcpdump for Linux) will record all your network traffic. It's a command line tool that isn't easy to read. but if you think you have a trojan on your system. You can fire this up and capture all traffic to and from the infected computer. The file it creates can then be read in any text editor or in Ethereal. (Ethereal has the abilty to follow some network conversations and show you the actual keystrokes typed at the other end. Ethereal can also read Snort "TCPDUMP" format files.)

Windump (http://windump.polito.it/)

Ethereal (http://www.ethereal.com/)

The last tool is Nessus, which runs only on Linux. (The Nesssus "server" runs only on linux. There is a Windows "client", but without the server it's useless. ) Nessus is a vulnerability scanner that can scan a system for trojans and other security problems. Of all the tools I listed this one requires the least amount of TCP/IP know how. Just pick what you want to look for, what computer you want to look for it on,and let it rip.

Nessus (http://www.nessus.org/)

It takes some time to get use to how these tools work and how to use 'em best. But if your really interested you might find them fun to play with. (besides their free) There are many more tools then the ones I listed here, but they aren't for the faint of heart. :D

Good Luck :)

11-23-2002, 11:33 AM
Thank You Mr. Ghost_Hacker.
I'm greatful for your prudence and attentive assistance to those in need. I have great desire to learn as much as I can about computers as time will afford. Sincerely, William L. Trotter Jr.:)
P.S. My wife's computer is running on W2K.