Hacked for sure, check these logs!
Results 1 to 8 of 8

Thread: Hacked for sure, check these logs!

  1. #1
    Member
    Join Date
    Jan 2004
    Posts
    81

    Hacked for sure, check these logs!

    Hi there, at just gone seven this morning i got hacked. I heard my hard drive going like mad and then checked my ZA firewall and found entry after entry appearing, it said packet received when i checked so it was obvious at this point that it someone had got straight through the firewall.

    It's probably my own fault for being on Windows ME, i'll have to change as soon as i can, check this out :

    Firewall Log from 6:53 - 7:01 7th March

    All in less than ten minutes! It took about seven minutes for whoever it was to get through Zone Alarm.

    I haven't checked the IP's for myself, i figured they'd just be hosts that eventually led to nothing, feel free to check them out if you want.

    Sorry about the messy page, it was neat in the log itself but i don't know how to give you it any other way than to host it.
    \"What is is not, what is not is - - if this is not yet clear to you, you\'re still far from the truth.\"

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I'm no expert on ZA but what in there makes you think a successful attack took place?

    It appears that there was either a DDoS on your IP address or that someone unpleashed a flooder, (both TCP and UDP), that spoofs addresses on your IP. The only other thing i see in there is the LOCK IE entry which, IIRC, means you had the internet lock turned on and IE tried to go out..... Or am I mistaken?

    The FWIN entries mean that ZA blocked the access. I doesn't log successful connections, (also IIRC).
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Senior Member Zonewalker's Avatar
    Join Date
    Jul 2002
    Posts
    949
    TigerShark - no you recall correctly LOCK does mean its locked out internet explorer - I tend to agree with you about your conclusion.

    Eonfire - if its of any use you might want try try ZoneLog analyser... might bring you some peace of mind as it will tell you exactly what every entry means

    Z
    Quis Custodiet Ipsos Custodes

  4. #4
    Member
    Join Date
    Jan 2004
    Posts
    81
    It appears that there was either a DDoS on your IP address or that someone unpleashed a flooder, (both TCP and UDP), that spoofs addresses on your IP. The only other thing i see in there is the LOCK IE entry which, IIRC, means you had the internet lock turned on and IE tried to go out..... Or am I mistaken?
    Yeah sorry, the logs won't actually confirm this, i forgot about that. At about 7:00 my box/harddrive started making a constant noise, just like it would when the computer is being de-fragged or something. I had no programs running though, just the internet on.

    So i looked in the ZA logs and saw the barrage and then i turned the lock on and the noise didn't stop, it only stopped when i reached for the modem and actually unplugged it. That's when i was sure i'd been hacked. IE tried to go out, yes, that was me, i forgot i'd locked it and tried clicking on zone alarm so i could go to the site to see info, but again : the firewall didn't register anything so it wouldn't of been any use anyway.

    It's the only time my box/harddrive has ever made that type of noise on it's own and also the only time i've seen so many things coming in.........maybe it was the firwall logging all of that info at once that made the noise? Sometimes when i turn the PC on aswell the Zone Alarm icon in the tray has a yellow cross symbol on it and it tells me when i click on it that i have a system error and i get asked to reboot.
    \"What is is not, what is not is - - if this is not yet clear to you, you\'re still far from the truth.\"

  5. #5
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    (Suggestion)White Noise, get a router to drop all that noise. Or do you have a router already?

  6. #6
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I'd tend to agree with Tiger Shark and Zonewalker. It was an attack yes, but it looks a hell of a lot more like port flooding than hacking/cracking, unless they are noisy or were attempting to distract you. However since it's a single PC distraction seems mostly useless. Unless there's one or two entries that everyone is over looking. As for hearing your harddrive, how old is it? Maybe it's on it's way out? Did you have anything downloading at the time, or was your AV running? There are many possibilities. If I freaked out everytime one of my HDDs made a noise, I'd be sitting in the corner of my room under a blanket, my arms around my knees.. shaking back and forth and humming.

    Another thing that would lead me to believe it wasn't a hack attempt is this statement.

    It's probably my own fault for being on Windows ME, i'll have to change as soon as i can, check this out
    First off, if you were hacked, it's got nothing to do with which operating system you ran, but rather how well you knew it. Windows ME can be just as secure as any other operating system, read some of the threads around here. In fact because it is Windows ME, I'd be even more inclined to say it wasn't an attack. It's not a multi-user operating system, it's designed to be single user. Unless you had a trojan on your system, they most they could do is browse open shares/maybe write files... However I don't see any NetBIOS type access. I think you are fairly safe. Check your open ports, with a utility like fport from www.foundstone.com and see if there's anything suspicious, however it all looks ok from here.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  7. #7
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    It's probably my own fault for being on Windows ME, i'll have to change as soon as i can, check this out
    I think what he is saying is that the SUE line suxors (SUE = Single User Edition 95, 98, Me). And that he is going to switch to NT.
    Quote: catch
    "SUE is garbage and a dying line"
    But ME lacks Multi-User functionality.

    Source: http://www.antionline.com/showthread...hreadid=250160

    It very well could have been what I like to call a " Drive-by shooting on the information highway" Meaning you were in the wrong place at the wrong time!
    Source: http://www.amazon.com/gp/reader/0072...32#reader-link

    It's a good read !

  8. #8
    Member
    Join Date
    Jan 2004
    Posts
    81
    If I freaked out everytime one of my HDDs made a noise, I'd be sitting in the corner of my room under a blanket, my arms around my knees.. shaking back and forth and humming.
    Haha!

    Yeah i often get wierd noises but this was going on at the same time as this stuff was happening and i didn't have any any antivirus running or anything. Like i said it stopped as soon as i unplugged my modem......well it slowly stopped over about five seconds or so, as if something had just been downloaded or something.

    I don't really know that much about computer security though, but i'm learning bit's as i go along. I know what you mean about noises, i get them quite a lot, but this was just one long continous noise as opposed to the occasional noise that lasts 5 seconds or so. I know that there's a lot more to security than just having a firewall and and antivirus but after reading about twenty tutorials here, (including all of the windows ones except XP etc in negatives list in the tutorials section) i'm still not sure about where to go from here.

    One problem is that i don't own any books, i've just been learning from the net, when i get some money and get a book or two i'm sure i'll understand it a lot more.

    Cheers for the help, am hoping to get a book like the one in the link you gave in your post !mitation, the drive by shooting analogy sounds like it might fit!

    I can get XP from my stepdad, so i'll maybe install that, but this computer is pretty slow so i'll see how it handles it.
    \"What is is not, what is not is - - if this is not yet clear to you, you\'re still far from the truth.\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •