-
April 29th, 2003, 06:18 AM
#11
When you first turn on your computer
Goto run, cmd
Netstat -a
there shouldn't be anything there that doesn't look 'right'. Connected to other computers on your network is fine, also is being connected to them via port 0.
If you see some remote IP address ie 64.xxx.xxx.xxx:31337 connected to port # 31337 or some other suspicious port (search google for port list) you can even check every connection, there should not be many, for anything out of the ordinary.
-
April 29th, 2003, 07:30 AM
#12
Member
You can also manualy check registry entries. A link for those can be found here.
-
May 3rd, 2003, 09:36 PM
#13
Member
The boops that I am hearing are coming from the computers internal speaker. Its almost akin to a 70's style atari boop or the sound your box makes when you overload the keyboard buffer and ever time you press a button your box boops to let you know that its taking a crap on itself so quit hitting the keyboard...
Anyway thanx for all the help on this subject. I have put most of everthing I read here to use and am fairly confident now that no one has control of my puter but me.
Free Speach is nothing but a giant noose. If you are dumb enough to stick your neck into it, then you had better be prepared for someone else to choke your mouth shut.
-
May 3rd, 2003, 11:54 PM
#14
Member
"My question is, how do you troubleshoot your box to make SURE you are
not brodcasting anything out of it you don't want to"
Hi
Besides using antivirus and spybot
You should always verify your ethernet card is not in
promiscuous mode with a detection program here is one for Windows there
may be others you can find using the google search engine I'm only
famillar with anti-sniff from Lopht..........
http://ntsecurity.nu/toolbox/promiscdetect/
If the answer is yes
then you have to check for any sniffers on your computer
if you discover the hackers sniffer it may be able possible to search
the sniffers log to piece together what he did on your system
Beware
To disguise a backdoor from your attention our friend likes to use tools
from the Windows resource kit such as Srvany.exe and netcat.exe to create
a service on your pc that he/she can connect via a remote shell
once he/she checks out what services are running before installing
the backdoor picks one that's turned off removes it with 'Srvinstw.exe'
tool then install a new service with the same name. This disguises his
backdoor and reduce the chance you'll detect it so you'll be running
around looking for new services or anything weird and won't know....
check everything on your computer not just the odd or
weird stuff that would tip you off to the Intruder when it could
be right under your nose..........
Doc
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|