Signs of being hack?
Results 1 to 7 of 7

Thread: Signs of being hack?

  1. #1
    Senior Member
    Join Date
    May 2003
    Posts
    226

    Signs of being hack?

    How is hacking done?

    The cracker scans for open ports on the victim's pc and attempts to connect to the victims pc. Secondly, the intruder will start making use of the open port and install backdoor/trojan to gain control of the user's computer?

    I'm been getting alerts like netbios scan from my firewall. What's are the signs of a compromise pc? Unknown programs running in background? Another question how does the cracker load the backdoor/trojan into the computer.

    Thirdly, using the Task Manager, can i be able to view all applications running in the background. Any possibility that the backdoor is not shown in the task manager as a process?

    FYI, i'm using a winxp box. with ZA firewall

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Being scanned doesn't mean you're actively being "hacked". Being scanned is part of being online these days and is a result of scriptkiddies trying some program they've found and viruses roaming the Internet.

    As for your other questions, you're on the right track but there's no one way to compromise a system. Most attacks have a common form but that doesn't mean it always works like that.

    And yes, you can hide processes from the taskmanager. Therefor it is possible to hide a backdoor.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member
    Join Date
    Oct 2003
    Posts
    394
    1) Yes
    2) By adding program to startup
    3) Can reistrer some dll files to run with other programs, t.ex. internet explorer
    // too far away outside of limit

  4. #4
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130

    Re: Signs of being hack?

    The cracker scans for open ports on the victim's pc and attempts to connect to the victims pc. Secondly, the intruder will start making use of the open port and install backdoor/trojan to gain control of the user's computer?
    an open port is a possibility, not a vulnerability. Attacker needs a open port AND a vulnerability to attack
    I'm been getting alerts like netbios scan from my firewall. What's are the signs of a compromise pc? Unknown programs running in background? Another question how does the cracker load the backdoor/trojan into the computer.
    on the contrary, it shows that your firewall is detecting and defending your computer from an attack. Attacker can load a malware in several ways, since the hard ways (thru a network attack, as ive mencioned before) to the easiest way: http exploits and e-mail attachments.


    Thirdly, using the Task Manager, can i be able to view all applications running in the background. Any possibility that the backdoor is not shown in the task manager as a process?
    Unfortunatelly, there are still ways to avoid a program to be showed on task manager. However, you can see those on "hijackthis" utility, except if the malware is installed as a system driver or something like that (i dont know anyone that do that)
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  5. #5
    Banned
    Join Date
    Apr 2004
    Posts
    843

    Re: Signs of being hack?

    How is hacking done?
    Be a hip cyber-beatnik...
    Originally posted here by Death_Knight The cracker scans for open ports on the victim's pc and attempts to connect to the victims pc. Secondly, the intruder will start making use of the open port and install backdoor/trojan to gain control of the user's computer?
    Been reading happy-hacker and playing uplink have ya? Look up stack & heap overflows.
    Originally posted here by Death_Knight I'm been getting alerts like netbios scan from my firewall. What's are the signs of a compromise pc? Unknown programs running in background? Another question how does the cracker load the backdoor/trojan into the computer.
    Scans... external scans then, not likely. Every home user I've seen has some form of adware, get regprot and hijackthis!.
    Originally posted here by Death_Knight Thirdly, using the Task Manager, can i be able to view all applications running in the background. Any possibility that the backdoor is not shown in the task manager as a process?
    Yes.
    FYI, i'm using a winxp box. with ZA firewall
    Ummm yeah, whatever. Help! Tech-support! Blehhh... Like I give a crap.

  6. #6
    Senior Member therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400
    1.Scan for open ports
    2.Find a daemon running on one of these ports which can be exploited
    3.erm..exploit it
    4.Get root if you can...the system's 0wn3d..so now the um..cracker can do w/e he likes...install a trojan/backdoor if you will for future access
    5.Rot in jail after you're caught(couldnt help it sorry lol)
    Yes,background processes are one of the ways you can check...it depends really...logs..all kinds..firewall etc etc..if you're a server then any signs of unusual traffic..you get the pic
    Programs can be hidden from biew in the task manager but if it's a trojan then it'll usually start when you boot...hence it will show up in msconfig
    [edit]
    Dammit,I swear I started writing this when it just came out![/edit]

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    [edit]Dammit,I swear I started writing this when it just came out![/edit]
    You need to type faster ;-)

    As for checking your system, if the attacker installed a rootkit you'll have a very difficult time checking using the tools on that system (none of the tools on that system can be trusted). You'll need external, staticly linked tools to be able to scan such a compromised system.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •