Not sure what to do?
Results 1 to 9 of 9

Thread: Not sure what to do?

  1. #1
    Senior Member
    Join Date
    Mar 2003
    Posts
    170

    Question Not sure what to do?

    Well it seems like there were a lot of people in my computer and I just got a firewall and 4 people are out, but it seems that three of them bypassed my firewall, what could I do to get them out, I also set my firewall on high and Ifound that people were in by looking at netstat -a
    should i look at something else just to be sure.

    There IP adress i have if this is any help
    205.188.9.86
    205.188.4.120
    205.188.6.188

    >Thanks.
    [glowpurple]NooNoo\'s [/glowpurple]

  2. #2
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830
    Are you sure there aren't existing Trojan horse or backdoor programs on your system that are initiating the communications?

    If your system was already compromised before you put up the firewall the malicious software may already live on your computer. Depending on your firewall, it may block incoming connections, but allow any incoming communication that is in response to a request from your system.

    So, possibly your system remains compromised and because the software on your computer is initiating the communications your firewall won't block it.

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Like Tony said... you may already be infected from previous intrusions...

    Get The Cleaner from here and run it. Then check your open ports and close every one that you don't need... either shutdown services (Check out the link in this thread for more info.) and then filter whatever ports are left open with your firewall....

  4. #4
    Senior Member problemchild's Avatar
    Join Date
    Jul 2002
    Posts
    551
    I agree with Tony. You probably have one or more backdoors already installed that are letting the intruders in. If that's the case, a firewall will probably do little to help you. Once the system is compromised, nothing on it can be trusted.

    The only way to be sure everything is fixed is to back up your important data and reinstall the OS from a trusted source, usually the original CD. If you want to get your system going immediately, you can make images of the hard drive with something like Norton Ghost or Linux dd and analyse the images later to try and determine what actually happened.

    [edit]Trojan cleaners do a good job, but if I knew I had a security breach like that, I wouldn't trust one to find everything that might be amiss. Absolutely anything could have been done, and a cleaner presupposes knowing what the intruder could have done.
    Do what you want with the girl, but leave me alone!

  5. #5
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Those IPs are all AOL. Are you sure that people are connected to you?

    When you are online, you are sure to see some of these connections. If you use AIM or AOL, you are connecting to a server(s). They will all show...

    Same if you visit a web page... that connection(s) will show in your netstat output.

    You should def run those trojan detection & cleaners and virus scans though.

    You can use a program like active ports and then get online. It will show all of the connections in real time and you can find out who and why they are connecting. fport will also map the connection to the program being used.

  6. #6
    Senior Member problemchild's Avatar
    Join Date
    Jul 2002
    Posts
    551
    Oops... I think I got the cart before the horse, there.

    phishphreek is absolutely right.... be sure you actually have a breach before you go and do what I said.
    Do what you want with the girl, but leave me alone!

  7. #7
    Senior Member
    Join Date
    Mar 2003
    Posts
    452
    Using netstat will show you connections on your machine that could be websites you've visited or any number of traffic that your computer can be sending or receiving. Try reconnecting to the net if you haven't already done so, and see if those same connections come back. If they do, send me a private message.



    PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  8. #8
    Senior Member
    Join Date
    Mar 2003
    Posts
    170
    Originally posted here by PuReExcTacy
    Using netstat will show you connections on your machine that could be websites you've visited or any number of traffic that your computer can be sending or receiving. Try reconnecting to the net if you haven't already done so, and see if those same connections come back. If they do, send me a private message.



    PuRe
    I had already stated that I used netstat. I was just wondering if there was another way to boot them out but I think its just something else because I did some more research on it.

    Originally posted here by kilerboots
    Well it seems like there were a lot of people in my computer and I just got a firewall and 4 people are out, but it seems that three of them bypassed my firewall, what could I do to get them out, I also set my firewall on high and Ifound that people were in by looking at netstat -a
    should i look at something else just to be sure.

    There IP adress i have if this is any help
    205.188.9.86
    205.188.4.120
    205.188.6.188

    >Thanks.
    [glowpurple]NooNoo\'s [/glowpurple]

  9. #9
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Go and read this thread

    http://www.antionline.com/showthread...674#post580674

    Then decide whether the attacks are genuine. (Hint: ditch P2P and spyware, ad-ware etc)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •