July 12th, 2005, 05:50 PM
Interesting network security Question
I have a very interesting networking security question for you. Here it is:
I use a dial up connection.... The network spy or snooper can control my connection in any way he likes, he can re-route and block my traffic. I have since tried changing ISPs but somehow he still has control over my network.... I use JAP and TOR to stop him snooping my information but unfortunately because he cannot see my traffic anymore, he has resorted to blocking my traffic. My question is how is he doing this, and what type of software is he using to snoop into my connection??? How can I prevent this sort of scenarion, because its rather confusing, especially since I've since changed ISPs... I also use zone Alarm full firewall version
I also suspect IP address is related to this but I'm still not sure. Only you ccan confirm this....
How can one detect a spy on the network anyway??????
If you could help me with this problem, Id greatly appreciae this
July 12th, 2005, 05:55 PM
SpyCop is the only complete computer monitoring detector available. SpyCop detects screen recorders, chat recorders, Internet loggers, network administration monitors and of course, keyloggers. Don't be tricked into buying a plain anti-keylogging program when more than half of all spy programs aren't necessarily keyloggers. SpyCop will detect the spy, tell you when it was installed, and optionally disable it! SpyCop can find over 299 spy programs!
Spy-Monitoring-Software.com - SpyCop - Privacy Protection and Anti-Spyware Software
July 12th, 2005, 06:01 PM
If there is malware already installed on your machine (such as spyware -- trojans, etc.), then changing ISPs will do you no good. The problem is within your machine, reporting back to the attacker.
Make sure you run a full antivirus (try AVG if you want a free solution) and antispyware (Spybot Search & Destroy, Adaware) scans and let us know what you find.
July 13th, 2005, 12:32 AM
You seem remarkably calm for someone whose computer is being held hostage. This type of activity is highly illegal. As others said, it is no doubt a result of something installed on your computer. It is contacting your attacker, so it is pretty easy to find out some info on who this is. You say you use Zone Alarm. Try resetting your program access rules so that all programs have to ask for access to the internet. Watch carefully what comes up, one will be your attacker and it will show his/her IP.
Another way is to use TCPview (google it) to see what programs are calling out. Shut down everything on you don't need (mail, browsers, P2P, etc.), run TCPview and see what IPs your computer is contacting. One will be your guy.
Once you have an IP you can use ARIN http://<a rel="nofollow" href="http:...net/whois/</a> to see what ISP it belongs to and where it originates from. Once you have that you have your guy. ISPs keep records of who has an IP at a given time so that things like this can be dealt with.
Other members might have better suggestions for grabbing an IP and might be better able to help you collect evidence to implicate the attacker (copy the trojan to disk ?) but this is really a matter for the police.
But then again you may already know who this is ?
Some other spyware removal tools to try (google them) :
Adaware SE Personal
All should be run from safe mode to be most effective.
July 13th, 2005, 02:13 AM
From the command prompt you can run netstat -ao and find all currect connections.
You seem rather sure a "person" is behind this. What makes you think this? Have you had any particular experience that makes you think its a person instead of a rogue piece of software on your computer?
July 13th, 2005, 10:31 AM
First of all I would like to thank Hesreus for his good views on detecting the criminal guy.
Just to add to that there is a good freely available tool called NetTools 3 (search on google).
It can list down all the processes running on you pc along with the program which has opened that process.
So that can be used to see which program is trying to connect to some unknown IP address. Record that ip address and do a whois query to find out the isp.
Or use the tool www.ip2location and find out the city from which the ip is orginating.
There is no such thing as impossible as the possible lies within the impossible
July 13th, 2005, 04:56 PM
sounds an awful lot like a mis-understood browser hi-jacking!
The network spy or snooper can control my connection in any way he likes, he can re-route and block my traffic. I have since tried changing ISPs but somehow he still has control over my network
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
July 14th, 2005, 03:27 AM
I'm with Tedob on this. After a good safe-mode AV and spyware scan, I recommend taking a look at a HijackThis report. Not all redirectors are found by AV or spyware scans, and not all are cleanly removed. Remember to turn off System Restore (Right-click My Computer, Properties, System Restore) before running the scans. This will prevent the bugger from re-installing itself on reboot.
Originally posted here by Tedob1
sounds an awful lot like a mis-understood browser hi-jacking!
July 14th, 2005, 09:58 AM
Thanks for all your help, but I tried all that and not a trace of them, I formatted my machine perhaps as a resolve, but unfortunately, after a format, the problem still persist. I suspect since he knows my IP address, he mey be using it snoop on me and stop me from browsing as long as he cannot see my traffic. As of now, I cannot use my an highly anonymous proxies as he has blocked them. I think he is rerouting my connection somehow through him with the knowledge of my IP address. One other thn I find scarey is that he actually disabled my firewall while I was still surfing. It turned off, first there was a memory overload then the firewall turned off. Now how is he rerouting my traffic through him, After a fresh format, and he is able to block me once again and how can I prevent this.... Is there a way of finding his location and how he is rerouting my traffic and how he is blocking it???
Remember, he can block me from using highly anonymous proxies......
July 14th, 2005, 08:33 PM
I am having a little difficulty in understanding this problem, so please bear with me:
1. Do you connect by dialing up from a stand alone computer over a private telephone line? (plugged in directly where you are (no router or shared connection), or is this some sort of school, college or communal facility?
2. Does anyone other than yourself have access to your computer?
3. Do you turn off your computer after use, and if you do, does your ISP give you a new IP address when you re-connect..............please CHECK this yourself, don't take the word of your ISP.
Update your anti-virus and anti-malware reboot into SAFE MODE and run them again.
Get this one: and update/run it like the others , in safe mode:
Then please tell me exactly what software you have used and what it found.
AND MAKE SURE THAT YOU HAVE APPLIED ALL PATCHES TO YOUR OS AND BROWSER!!!
One other thing:
What makes you think that? what strange things have you noticed?
I think he is rerouting my connection somehow through him with the knowledge of my IP address
Have you tried running traceroute to something like google.com and checking the entries?
Do a search for Sam Spade download and install it. It has several useful internet tools all packaged in a nice little GUI and it's FREE
If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?