Question- was I hacked?
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Question- was I hacked?

  1. #1
    Junior Member
    Join Date
    Jan 2003

    Unhappy Question- was I hacked?


    I am new here and I was wondering if someone could give me some help.
    I have Norten Internet security 2003 running on windows XP and recently when I took a look at my Norten Internet Security log file, I noticed this whenever I boot up:

    -Rule "Block Windows File Sharing" blocked communication. Local address: Forensics(
    Process name is "System"

    I never noticed this message before and that is definitely not my IP address.
    I also noticed that my computer would automatically shut down for no reason whatsoever whenever I'm on the internet. It has happened about 3 times in the last 2 weeks or so, most recently today.

    I scanned my entire computer with Norton antivirus today but it found nothing.
    Can anyone help explain what's going on? Should I be alarmed by this?

    I've also been getting a lot of these message popping up on my Norton Internet Security:

    -Rule "Default Block Microsoft Windows 2000 SMB" stealthed (,microsoft-ds(445))
    Inbound TCP connection
    Local address,service is (,microsoft-ds(445))
    Remote address,service is (,32801)
    Process name is "System"

    Whenever that occurred, I would just copy the IP address and put them under the "restricted" section with Norton Firewall which prevents any type of communication with that IP address and my computer.
    But it's been happening a lot lately. Should I be alarmed?

    I'd appreciate any help!

  2. #2
    Senior Member
    Join Date
    Jul 2001
    I would not worry about the 169.x.x.x traffic on boot, it sounds like typical behavior. I am assuming that you are on dialup, or dsl, and have to actually dial out to connect to the internet, which means when you boot your machine recieves no ip address for that interface, and uses a linklocal address 169.x.x.x. Then windows attempts to talk to itself and ends up sending traffic to that address for some reason. Norton can probably be configured to ignore that if you want, without much danger, as the 169.x.x.x addresses are not internet routeable(although someone could send traffic TO your machine FROM that address, assuming there are lots and lots of misconfigured routers between them and you, they would never recieve the responses though.

    As far as shutting down while you are on the internet, I would be a bit concerned about this, but, there are so many likely causes that I would think first about other things than a hacker. I have no suggestions though for a fix. Is there any other strange behavior like this. Also, are there any unusual firewall log entries about the time this happens?

    As for all those other connections, those look fairly innocuos as well. Sure some machine is attempting to connect to yours for some reason, either due to misconfiguration or intent on the users part, but norton is doing what it is supposed to do, alert you and block the connection if you desire. I would not worry to much about it. Make a mental note of it when it happens, perhaps add it to the always drop list. Of course make sure you keep an eye on your logs etc.

  3. #3
    Junior Member
    Join Date
    Jan 2003

    Smile Thanks

    I really appreciate your reply!
    Thanks for the info!

  4. #4
    Senior Member
    Join Date
    Nov 2001
    even though your fire wall is doing its job unless you have need of it it would be prudent to remove file and print sharing. firewall have be known to crash on their own or from DoS Attacks meant to accomplish this and even though your FW may have all the latest patches and fixs you never know when a new one will come out.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    Junior Member
    Join Date
    Jan 2003

    Question How to?

    Although I have a printer attached to my computer I have no need to share files.
    How would you recommend I disable file sharing? Would it be through the firewall or through
    the general control panel?

    Sorry, I am new at this sort of thing. I would greatly appreciate any instructions you could offer me.

  6. #6
    Senior Member
    Join Date
    Aug 2001
    Disable it through the Control Panel.
    I\'d rather die on my feet than live my life on my knees.

    (Emiliano Zapata, a Mexican revolutionary in the early 1900s)

  7. #7
    Go to your network settings and not only unselect file and printer sharing but remove it from your hard drive.

  8. #8
    Join Date
    Jul 2001
    Ideally you want to disable file/print sharing if possible and/or remove from control panel (under network), and also block it in the firewall. I am not familiar with Norton Firewall (I use Outpost) but you may want to set it up to log connection attempts to that port just so you can see if anything is going on. But is Microsoft's IP address when the machine can't get an IP from a DHCP server.

    It\'s a long life, until you die

  9. #9
    Junior Member
    Join Date
    Jan 2003

    Smile Thanks!

    Thanks to everyone for all your helpful information!

  10. #10
    Senior Member
    Join Date
    Dec 2001
    The request to port 445 could have been the deloder worm stumbling accross your IP and decided to give it a try to to see if you have a weak admin password. But the firewall did its job... Just for anyone else that stumbles accross this post if you are using windows your administrator password should not be one of the following:

    Violence breeds violence
    we need a world court
    not a republican with his hands covered in oil and military hardware lecturing us on world security!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts