September 22nd, 2003, 09:57 PM
Catching Hackers who are in computer when they are there
What is the best way to follow a hacker from inside your computer to where they are to obtain their IP address? I believe someone is doing screen shots of what I am up to. I want them blocked out (along with everyone else). Any good freeware out there for this?
September 22nd, 2003, 10:05 PM
"netstat -a" should give you a list to all the machines that are connected to your machine.
yeah, I\'m gonna need that by friday...
September 22nd, 2003, 10:06 PM
well netstat will show what connections are made to your box,
get a firewall is probably the best advice you can get, dont let them attack you its that simple really
dont attack back report them to firstname.lastname@example.org or email@example.com
September 22nd, 2003, 10:07 PM
Each attacker is unique and therefore each remediation/forensic process is different. This is similar to asking, "Which roads will that car drive on and how can I tell who the driver is?" See what I'm getting at?
Rather than reinvent the wheel, simply search the site for best practices in securing whichever OS you are using. Also, look at the hundreds of posts on removing back door programs and trojans. If you feel that someone is actually using a remote control tool or trojan then you would be much better served stopping the problem unless you don't care about the integrity of the box.
Perhaps a bit more information would inspire us to give you a more informative answer geared specifically to your issue.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
September 22nd, 2003, 10:07 PM
try using a honeypot trap...as for keeping them out...virus scan w/ new defintions then firewall.
tiny personal firewall or black ice defender are both great firewalls as for a honeypot im not sure i have never used one before.
September 22nd, 2003, 10:18 PM
well right now when doing e-mails and spread sheets i hear a click and an hour-glass by my pointer. when i shutdown the programs my computer starts the background running, like a virus scan. I don't want to attack them just keep them out!!
September 22nd, 2003, 10:47 PM
Go to Zonelabs and download the free version of ZoneAlarm. Install it and watch for the incoming and outgoing connections. That'll tell you where it is going and this will help determine if he has access or whther it is an automated system that calls home on some kind of schedule.
Make a note of all the information Zonealarm gives you, sanitize it and post it here. Then we can give you better advice.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
September 22nd, 2003, 10:52 PM
very cool. i am on a cable modem so i know this is the biggest problem. i just need to keep them out.
September 23rd, 2003, 04:28 AM
Sorry to give you negative vibes, but security is pretty complex. Is your machine physically secure...like can other people get to it?
If the answer is "no" then you might like to search for AdAware6.0 and Spybot Search&Destroy,
download and update them, re-boot in safe mode then run them, and let them kill what they find
Do the same with your antivirus package. Or go to Trend Micro or Panda (or whoever) and run their online scan.
Now ring your cable company and ask them to change your IP address..........I am assuming that yours is fixed, being that it is cable?
This might just get them off your back.
BTW if you have a cable modem, please check the instructions and change the default password if you can
September 23rd, 2003, 05:00 AM
since the guy seems to be in already. best bet would be to remove the system off the network and then install adaware, spybot s&D, update antivirus, os update, firewall. then run scans using adaware, spybot and antivirus to pick up anything. if you can get your hands on a trojan scanner that would be good also. once that is done remove all the offending stuff. also check if there are any tasks or programs running that shouldnt be from teh task manager if urs is windows or the equivalent. also change all passwords on the system to someting more difficult to guess then install and configure your firewall. and liekone of the guys has said, if possible get ur isp to change your system ip addr.
see if this helps in the next few weeks...if it doesnt and it is really bothering you, then the next thing would be a reinstall of the system. but i dont think this is necessary if you takethe write precautions.