|
-
April 27th, 2004, 09:28 PM
#1
Junior Member
 LAN hacked ! Ahh!
I attend the University of Connecticut and today I found out that my computer has been hacked into by another computer on the network. The university has told me this because they have blocked me from being on the server, because i guess someone set up some sort of server onto my computer and this is dangerous to the other users on the server. They told me it may take a week for them to fix this problem because they are so backed up. Basically all i want to do is figure out how to get this "server" off of my computer so I can take it down to the computer whizzes who fix students computers here at uconn and show them that its fixed so that I can get back onto the LAN connection rather then waiting for them to do it, because finals are coming up next week and they might not have my computer finished being fixed until next week. I have very limited knowledge of firewalls and the like. All i know is that I am using a dial up connection and i wish to use my broadband connection. Please help!
-
April 27th, 2004, 09:37 PM
#2
First things first...
Take a deep breath and don't panic. I know it's hard because you have just found out how much you use your computer but it's probably the best place to start.
Now, we need some info to help you:
- - what is your operating system and when did you last patch?
- if you are running windows, are you running updated antivirus software (and actively running it)
- do you have a firewall installed and running?
- do you have spyware detection software?
- do you share this computer with others?
- do you use Peer-to-Peer (P2P) software like Kazaa, eDonkey, etc.? (not interested in whether you pirate or not but rather the software can open possibilities)
That said, we can probably find out what's running with a simple command. Go to start-->run and type in cmd (I'm going to guess that you're using a variation of Windows XP). Once the command window opens type in netstat -ao. Copy and paste that into a post here, removing your IP from the posting. You've probably been "0wned" and might have a ftp server running.
Now possible reasons:
- - someone has broken in to your machine and "0wned" you
- your infected with a worm
- your infected with a trojan
- your P2P, if you have any, is sharing
- you have setup the computer with default settings and have something like IIS running
This should get us started in the right direction. 
-
April 27th, 2004, 09:38 PM
#3
What operating system are you using? Then I can start asking intelligent and helpful questions.... 
[Edit]
Ms. M: You gotta get a life gal...... You beat me to it again......
[/Edit]
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
April 27th, 2004, 09:38 PM
#4
I'd start with a virus/spyware/trojan scan to try and see if some one has put a backdoor on your machine.
\"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn
-
April 27th, 2004, 09:39 PM
#5
OK Mate, everyone here is going to need a lot more info in order to help you out.
1) What's the operating system?
2) What's your hardware?
3) What kind of LAN are you on?
4) Are you running Antivirus software (which one)?
5) Do you have a firewall?
And last, what was the name of the 'server ' they said was installed on your system? Was it a Trojan, or a p2p server? or just a virus?
Fill us in with a little more info, and somebody should be able to give you a hand.
Cheers:
/EDIT As usual, everybody else beat me to it, I am just getting to damm old. 
-
April 27th, 2004, 09:46 PM
#6
Junior Member
im using windows xp, ive updated my norton antivirus and it runs every night, and it doesnt have a new virus, and i download every critical security patch that windows offers me. I dont exactly know what type of LAN I am on, its not wireless i can tell you that and umm i believe is 10 megabites per second, i have spyware detection and ive run it, i use peer- to- peer software but the peer to peer software only allows people from the Uconn Network to use the program
-
April 27th, 2004, 09:47 PM
#7
i use peer- to- peer software but the peer to peer software only allows people from the Uconn Network to use the program
Is this software approved by UConn itself?
-
April 27th, 2004, 09:49 PM
#8
Junior Member
they really didnt give me much information about what was set up on my computer, i believe they said it was an FTP server or something like that if i recall correctly... which makes me believe someone has "owned" my computer
-
April 27th, 2004, 09:51 PM
#9
Junior Member
I don't believe Uconn endorses the software, but from my understanding it does not take up any bandwith because it allows no outside users at all.
-
April 27th, 2004, 09:53 PM
#10
Junior Member
heres what it came up with when i did the netstat -ao thing
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Dan Travis>netstat -ao
Active Connections
Proto Local Address Foreign Address State PID
TCP DanTravis:epmap DanTravis:0 LISTENING 880
TCP DanTravis:microsoft-ds DanTravis:0 LISTENING 4
TCP DanTravis:1025 DanTravis:0 LISTENING 904
TCP DanTravis:1026 DanTravis:0 LISTENING 1476
TCP DanTravis:1029 DanTravis:0 LISTENING 4
TCP DanTravis:2667 DanTravis:0 LISTENING 904
TCP DanTravis:2869 DanTravis:0 LISTENING 1216
TCP DanTravis:2908 DanTravis:0 LISTENING 904
TCP DanTravis:2979 DanTravis:0 LISTENING 1924
TCP DanTravis:3256 DanTravis:0 LISTENING 35400
TCP DanTravis:3261 DanTravis:0 LISTENING 1048
TCP DanTravis:4332 DanTravis:0 LISTENING 224
TCP DanTravis:5000 DanTravis:0 LISTENING 1148
TCP DanTravis:7600 DanTravis:0 LISTENING 1040
TCP DanTravis:1030 DanTravis:0 LISTENING 1924
TCP DanTravis:4707 DanTravis:0 LISTENING 1048
TCP DanTravis:7979 DanTravis:0 LISTENING 1040
TCP DanTravis:11523 DanTravis:0 LISTENING 36204
TCP DanTravis:11523 adcreative.tribuneinteractive.com:1811 TIME_WAI
T 0
TCP DanTravis:11523 adcreative.tribuneinteractive.com:2589 TIME_WAI
T 0
TCP DanTravis:11523 adcreative.tribuneinteractive.com:2652 TIME_WAI
T 0
TCP DanTravis:11523 adcreative.tribuneinteractive.com:3363 TIME_WAI
T 0
TCP DanTravis:11523 adcreative.tribuneinteractive.com:4134 TIME_WAI
T 0
TCP DanTravis:netbios-ssn DanTravis:0 LISTENING 4
TCP DanTravis:2508 VTOT.proxy.aol.com:11523 TIME_WAIT 0
TCP DanTravis:2653 VTOT.proxy.aol.com:11523 TIME_WAIT 0
TCP DanTravis:2716 VTOT.proxy.aol.com:11523 TIME_WAIT 0
TCP DanTravis:3250 DanTravis:0 LISTENING 10580
TCP DanTravis:3250 berp-de06.dial.aol.com:13784 ESTABLISHED 10
580
TCP DanTravis:3256 64.12.25.212:5190 ESTABLISHED 35400
TCP DanTravis:3261 unknown.sagonet.net:6667 ESTABLISHED 1048
UDP DanTravis:microsoft-ds *:* 4
UDP DanTravis:isakmp *:* 716
UDP DanTravis:1034 *:* 1076
UDP DanTravis:1645 *:* 904
UDP DanTravis:1646 *:* 904
UDP DanTravis:1753 *:* 1076
UDP DanTravis:1756 *:* 1076
UDP DanTravis:1758 *:* 1076
UDP DanTravis:1759 *:* 1076
UDP DanTravis:1760 *:* 1076
UDP DanTravis:1761 *:* 1076
UDP DanTravis:1762 *:* 1076
UDP DanTravis:1763 *:* 1076
UDP DanTravis:radius *:* 904
UDP DanTravis:radacct *:* 904
UDP DanTravis:ntp *:* 904
UDP DanTravis:1032 *:* 904
UDP DanTravis:1033 *:* 904
UDP DanTravis:1085 *:* 904
UDP DanTravis:1862 *:* 216
UDP DanTravis:1900 *:* 1148
UDP DanTravis:3754 *:* 35400
UDP DanTravis:4182 *:* 364
UDP DanTravis:4205 *:* 1892
UDP DanTravis:4596 *:* 904
UDP DanTravis:ntp *:* 904
UDP DanTravis:netbios-ns *:* 4
UDP DanTravis:netbios-dgm *:* 4
UDP DanTravis:1900 *:* 1148
UDP DanTravis:4595 *:* 904
UDP DanTravis:ntp *:* 904
UDP DanTravis:1900 *:* 1148
UDP DanTravis:4594 *:* 904
C:\Documents and Settings\Dan Travis>
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
