Am I Being Hacked??

[Scorp666]

lol, a flashing light is now the official technique to monitor hack attacks!

Ok well I will leave the paranoid case to Tedob...

[Tedob1]

ok sting im not saying your NOT being hacked im saying it wouldn't be akamai.

what operating system are you running? What kind of connection to the internet do you have?

if you have a network at home with valuble/sensitive material on it get a hardware FW like watchguard firebox SOHO. (especially if you want to keep your job) easy to use and configure. costs around 500 dollars US. If you haven't set up auditing and haven't been logging everything your not going to find out anything. Your asking a serious question here and aren't giving enough info.

What anti-virus are you using and what does netstat tell you when you do update your sigs.

when you open your browser what is the URL of web page your seeing.

DO run adaware from www.lavasoft.de . adware can cause many problems in your computer as the software it installs is not written with your well being in mind

[sting]

Scorp,seriously...the "flashing light" only flashes,when i'm either downloading a file,
or connecting to a web site. Ok,i'm doing nothing right now,(except drinking a cup of tea)Lol
no light flashing... now i'll go to GameDev.net... its flashing,it stops.
This wasn't the case on my other comp.

The minute i connected,it was flashing non stop.
can you explain this please?

[shad0wx]

Dude , this site`s are lame ! Don't even look at them!

[sting]

On my other comp i was running (XP),SP1.
I'm on a 1MB cable connection.

Thanks for the info on watchguard firebox SOHO,i'll look into that.

I have been using an online anti-virus checker,and wasn't using the netstat in windows,
but using an app called
swat it pro,that basiclly shows you connections like windows netstat.


<when you open your browser what is the URL of web page your seeing.

alright,you can all have a good laugh at my expense,only the other night i was browsing a website,then i was redirected to a blank web page,that said " I don't like you!"
on it Lol am i losing it or what?

DO youn run adaware

No, i'm using Spybot.

Actually my main suspects are *cough* www.quest3d.com * cough * www.virtoolsdev.com

[Tedob1]

to illustrate my point(you hard headed son of a bitch) i went to the worst offender i can think of...zdnet heres the result of a netstat after i connected:

TCP <my computer>:1635 a64-12-145-72.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1636 a64-12-145-72.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1640 www.zdnet.com:http CLOSE_WAIT
TCP <my computer>:1641 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1642 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1643 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1644 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1645 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1646 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1647 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1648 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1649 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1650 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1653 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1654 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1655 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1656 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1657 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1658 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1659 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1660 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1661 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1662 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1663 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1664 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1665 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1666 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1667 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED

maybe thats not the exact server thats connecting to your computer but thet literally have thounds of ad servers.

Now when i add this line to my host file:

127.0.0.1 a64-12-145-38.deploy.akamaitechnologies.net

and go back to zdnet this is what a netstat shows:

TCP <my computer>:1732 www.zdnet.com:http ESTABLISHED
TCP <my computer>:1734 a64-12-145-79.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1735 a64-12-145-79.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1736 a64-12-145-79.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1738 a64-12-145-79.deploy.akamaitechnologies.net:http
SYN_SENT

notice a64-12-145-38.deploy.akamaitechnologies.net no longer appears.

SO if you want it to stop...take the full server name, open your hosts file in notepad, located in c:\winnt\system32\drivers\etc and add:

127.0.0.1 <servername>

i know this shows a space between the ip addy and servername...auto-formating but it should be a tab.

this will cause you mach to resolve this url, which is embeded in the html source of the page your viewing, locally and not go to the adserver for it.

[sting]

Tedob1(you straight talking person..you)
yes,that is similar to the logs i was getting,but no spyware was found,and i was getting this akamaitechnologies connections when i went to a website like www.gamedev.net

The flashing light,would flash even before i connected to ANY website.

How can anyone tell the difference,from something like what youv'e proven and a real hack attempt,from a malicious hacker(s).

Please explain,i'm curious to know.

[Tedob1]

re-directed = java script. maybe their web page was hacked. if that happens on other sites as well. then YOU got problems. disable or set to "prompt" for allowing java scripts in tools>>options>>advanced. go back to that site and that page and see if it happens again when you deny js. i go to sites that are not always reputable so my settings prompt for everything.

online virus/trojan scanning is no way for professional to work. scanning after the fact is a loosing proposition. get a good virus scanner and keep it up-dated.

sorry my post are lagging behind your questions. they take some thought for me.

its not easy to tell the differance without kearning how hackers hack. personal firewalls say everything on the internet is a hack attempt to prove their worth. You either have to learn all about hacking and keep on top of the latest developments of trust your firewall to do its job Being a professional programmer you will probably need to go with the latter. So make sure you get a good one and keep up with the latest patches both for the FW and you OS.

[Grinler]

Akamai has nothing to do with hackers. Akamai has nothing to do with port scanning.
Akamai has nothing to do with spyware. Akamai only has to do with content delivery.

They are just a content delivery provider out there. What that means, is they do geographical load balancing for high traffic sites. Everyone from yahoo, apple, msnbc, and I am sure a bunch of others that I missed use akamai to deliver content. If you are getting ad's from them, its the website that is there customer that is giving them to you, not akamai.

As Tedob1 has already mentioned, you are getting all the http established connections, is that when you go to a website that uses akamai as their content delivery provider, you will connect to their servers to download images or other objects.

For example:

If you go to www.apple.com/quicktime and right click on any of the pictures on that site, it will show in the properties that the image, and most likely the download as well, are hosted on a akamai site.

Essentially, when you browse to www.apple.com, the content (text/words) will be provided to you by apple, but the browser will download the images from akamai's server. So if there are 10 akamai images on a apple page, you will get one http established for the apple server, and a bunch of established sessions to the akamai server. This is perfectly normal and fine, you just probably never noticed it before.

Grinler

[sting]

Thanks to everyone that replied to my questions(even if they did seem odd to you)
Iv'e actually come to the conclusion,that the best solution for (me)would be to not use a computer that is connected to the net at all to do work on.

Iv'e actually done some research on "Hacking" since my original post,which has basiclly opened my eyes..to how easy hacking actually is.

Anyone with good experience with comps/hardware,(a good background in programming also helps),especially in the windows enviroment,wouldn't find it too difficult.

From what iv'e read.there is this Glam/moral/ethics rubbish,about hacking,and Big ego's,amongst hackers(which actually made me smile)
As from what i have researched,a 12 year old kid could be a hacker LOl.

What amuses me most,is these guys think they are some kind of 'elite'.
when most of them,i would simply refer to them as 'scripter' kiddies.
i could show them code,that would 'scare' the life out of them

Its a very interesting subject(anti- hacking)and something i am quite interested in,and maybe in the future(when i have more time)might look into taking part in.

But for now,i hardly have time for any hobby projects.

Anyhow,thanks again for your replies.