Signs of being hack?

Printable View

September 21st, 2004, 12:16 PM
Death_Knight

Signs of being hack?

How is hacking done?

The cracker scans for open ports on the victim's pc and attempts to connect to the victims pc. Secondly, the intruder will start making use of the open port and install backdoor/trojan to gain control of the user's computer?

I'm been getting alerts like netbios scan from my firewall. What's are the signs of a compromise pc? Unknown programs running in background? Another question how does the cracker load the backdoor/trojan into the computer.

Thirdly, using the Task Manager, can i be able to view all applications running in the background. Any possibility that the backdoor is not shown in the task manager as a process?

FYI, i'm using a winxp box. with ZA firewall :p
September 21st, 2004, 12:42 PM
SirDice

Being scanned doesn't mean you're actively being "hacked". Being scanned is part of being online these days and is a result of scriptkiddies trying some program they've found and viruses roaming the Internet.

As for your other questions, you're on the right track but there's no one way to compromise a system. Most attacks have a common form but that doesn't mean it always works like that.

And yes, you can hide processes from the taskmanager. Therefor it is possible to hide a backdoor.
September 21st, 2004, 12:44 PM
MrBabis

1) Yes
2) By adding program to startup
3) Can reistrer some dll files to run with other programs, t.ex. internet explorer
September 21st, 2004, 12:45 PM
cacosapo

Re: Signs of being hack?

Quote:

The cracker scans for open ports on the victim's pc and attempts to connect to the victims pc. Secondly, the intruder will start making use of the open port and install backdoor/trojan to gain control of the user's computer?

an open port is a possibility, not a vulnerability. Attacker needs a open port AND a vulnerability to attack

Quote:

I'm been getting alerts like netbios scan from my firewall. What's are the signs of a compromise pc? Unknown programs running in background? Another question how does the cracker load the backdoor/trojan into the computer.

on the contrary, it shows that your firewall is detecting and defending your computer from an attack. Attacker can load a malware in several ways, since the hard ways (thru a network attack, as ive mencioned before) to the easiest way: http exploits and e-mail attachments.

Quote:

Thirdly, using the Task Manager, can i be able to view all applications running in the background. Any possibility that the backdoor is not shown in the task manager as a process?

Unfortunatelly, there are still ways to avoid a program to be showed on task manager. However, you can see those on "hijackthis" utility, except if the malware is installed as a system driver or something like that (i dont know anyone that do that)
September 21st, 2004, 12:49 PM
TheSpecialist

Re: Signs of being hack?

Quote:

How is hacking done?

Be a hip cyber-beatnik...

Quote:

Originally posted here by Death_Knight The cracker scans for open ports on the victim's pc and attempts to connect to the victims pc. Secondly, the intruder will start making use of the open port and install backdoor/trojan to gain control of the user's computer?

Been reading happy-hacker and playing uplink have ya? :rolleyes: Look up stack & heap overflows.

Quote:

Originally posted here by Death_Knight I'm been getting alerts like netbios scan from my firewall. What's are the signs of a compromise pc? Unknown programs running in background? Another question how does the cracker load the backdoor/trojan into the computer.

Scans... external scans then, not likely. Every home user I've seen has some form of adware, get regprot and hijackthis!.

Quote:

Originally posted here by Death_Knight Thirdly, using the Task Manager, can i be able to view all applications running in the background. Any possibility that the backdoor is not shown in the task manager as a process?

Yes.

Quote:

FYI, i'm using a winxp box. with ZA firewall :p

Ummm yeah, whatever. Help! Tech-support! Blehhh... Like I give a crap.
September 21st, 2004, 12:53 PM
therenegade

1.Scan for open ports
2.Find a daemon running on one of these ports which can be exploited
3.erm..exploit it
4.Get root if you can...the system's 0wn3d..so now the um..cracker can do w/e he likes...install a trojan/backdoor if you will for future access
5.Rot in jail after you're caught(couldnt help it sorry lol)
Yes,background processes are one of the ways you can check...it depends really...logs..all kinds..firewall etc etc..if you're a server then any signs of unusual traffic..you get the pic
Programs can be hidden from biew in the task manager but if it's a trojan then it'll usually start when you boot...hence it will show up in msconfig
[edit]
Dammit,I swear I started writing this when it just came out![/edit]
September 21st, 2004, 01:19 PM
SirDice

Quote:

[edit]Dammit,I swear I started writing this when it just came out![/edit]

You need to type faster ;-)

As for checking your system, if the attacker installed a rootkit you'll have a very difficult time checking using the tools on that system (none of the tools on that system can be trusted). You'll need external, staticly linked tools to be able to scan such a compromised system.