Catching Hackers who are in computer when they are there
Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Catching Hackers who are in computer when they are there

  1. #1
    Junior Member
    Join Date
    Sep 2003
    Posts
    9

    Catching Hackers who are in computer when they are there

    What is the best way to follow a hacker from inside your computer to where they are to obtain their IP address? I believe someone is doing screen shots of what I am up to. I want them blocked out (along with everyone else). Any good freeware out there for this?

  2. #2
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    "netstat -a" should give you a list to all the machines that are connected to your machine.
    yeah, I\'m gonna need that by friday...

  3. #3
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    well netstat will show what connections are made to your box,

    get a firewall is probably the best advice you can get, dont let them attack you its that simple really

    dont attack back report them to abuse@thereisp.com or abuse@yourisp.com

    i2c

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Each attacker is unique and therefore each remediation/forensic process is different. This is similar to asking, "Which roads will that car drive on and how can I tell who the driver is?" See what I'm getting at?

    Rather than reinvent the wheel, simply search the site for best practices in securing whichever OS you are using. Also, look at the hundreds of posts on removing back door programs and trojans. If you feel that someone is actually using a remote control tool or trojan then you would be much better served stopping the problem unless you don't care about the integrity of the box.

    Perhaps a bit more information would inspire us to give you a more informative answer geared specifically to your issue.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    Senior Member
    Join Date
    Sep 2003
    Posts
    101
    try using a honeypot trap...as for keeping them out...virus scan w/ new defintions then firewall.

    tiny personal firewall or black ice defender are both great firewalls as for a honeypot im not sure i have never used one before.
    chown -r us ./bases

  6. #6
    Junior Member
    Join Date
    Sep 2003
    Posts
    9
    well right now when doing e-mails and spread sheets i hear a click and an hour-glass by my pointer. when i shutdown the programs my computer starts the background running, like a virus scan. I don't want to attack them just keep them out!!

  7. #7
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Go to Zonelabs and download the free version of ZoneAlarm. Install it and watch for the incoming and outgoing connections. That'll tell you where it is going and this will help determine if he has access or whther it is an automated system that calls home on some kind of schedule.

    Make a note of all the information Zonealarm gives you, sanitize it and post it here. Then we can give you better advice.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #8
    Junior Member
    Join Date
    Sep 2003
    Posts
    9
    very cool. i am on a cable modem so i know this is the biggest problem. i just need to keep them out.

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Hi Astroflux13,

    Sorry to give you negative vibes, but security is pretty complex. Is your machine physically secure...like can other people get to it?

    If the answer is "no" then you might like to search for AdAware6.0 and Spybot Search&Destroy,

    download and update them, re-boot in safe mode then run them, and let them kill what they find

    Do the same with your antivirus package. Or go to Trend Micro or Panda (or whoever) and run their online scan.

    Now ring your cable company and ask them to change your IP address..........I am assuming that yours is fixed, being that it is cable?

    This might just get them off your back.

    Good Luck

    BTW if you have a cable modem, please check the instructions and change the default password if you can

    Johnno

  10. #10
    Senior Member
    Join Date
    Jul 2003
    Posts
    217
    since the guy seems to be in already. best bet would be to remove the system off the network and then install adaware, spybot s&D, update antivirus, os update, firewall. then run scans using adaware, spybot and antivirus to pick up anything. if you can get your hands on a trojan scanner that would be good also. once that is done remove all the offending stuff. also check if there are any tasks or programs running that shouldnt be from teh task manager if urs is windows or the equivalent. also change all passwords on the system to someting more difficult to guess then install and configure your firewall. and liekone of the guys has said, if possible get ur isp to change your system ip addr.

    see if this helps in the next few weeks...if it doesnt and it is really bothering you, then the next thing would be a reinstall of the system. but i dont think this is necessary if you takethe write precautions.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •