Am I Being Hacked??

Can anyone give me information about the alerts from my firewall,I’m also Using a program called swat-it pro,that allows me to see connections on different Ports.

For the past few weeks every time I connect to the net,it is showing 6-8 connections ,some thing like this :

a193-108-153-14.deploy.akamaitechnologies.com

Every search I have done,indicates that akamaitechnologies is something to do With hackers,to tunnel there port scans through.

Iv’e contacted my ISP (who was not keen to help)and won’t be using for too much longer anyway.

Another search brought up something about the FBI??

I have disabled my NetBios,and scanned for viruses(non found)
Does anyone have any info about akamaitechnologies,what these
Alerts are exactly,and how to either close these ports they are using or??

Since the tech's at my ISP are not very helpful,i'm hoping someone knowledgable here can give me answers/help.

Before these alerts,i have had many many other alerts from my firewall.
It has become terrible for me to use the net,and i'm looking to either find out
who is hacking me(i have some ideas who might want to)or a solution,and
feel safe that certain things aren't being stolen,while i surf the internet.

Any help/advice will be much appreciated. :)

Cheers.

not sure if u'r being hacked...it could also just be a spyware trying to contact its host. DO a spyware S&D scan and also run an antitrojan software just to be on the safe side. do you have the times these "attacks" ran? If you do, be on your comp and see what goes on.

i guess you looked at the same sites as i did when searching in google

http://www.derkeiler.com/Newsgroups/...2-12/0320.html
http://www.incidents.org/archives/in.../msg01372.html
http://www.akamai.com/

if so, you should have your answer by now, as Cybr1d said, most probably is spyware.

Yes . You are definitely being hacked by the FBI. This is logical and understandable, you, being an "intern" in the UK

Here is the trace on the IP in a193-108-153-14.deploy.akamaitechnologies.com

193.108.153.14

Domain Name: AKAMAITECHNOLOGIES.COM
Registrar: TUCOWS, INC.
Whois Server: whois.opensrs.net
Referral URL: http://www.opensrs.org
Name Server: ACCESS.AKAMAI.COM
Name Server: YH.AKAMAI.COM
Name Server: YF.AKAMAI.COM
Name Server: YG.AKAMAI.COM
Name Server: YD.AKAMAI.COM
Name Server: YE.AKAMAI.COM
Name Server: YB.AKAMAI.COM
Name Server: YC.AKAMAI.COM
Status: REGISTRAR-LOCK
Updated Date: 28-mar-2003
Creation Date: 18-aug-1998
Expiration Date: 17-aug-2007

Looks like it has been registered by Tucows.

akamaitech is often used by spywares mostly to serve ad contents.

I have no clue why you mentionned the FBI, it certainly has no direct link with this ip.
Your searches seem to be somewhat misleading.

Try adaware to search your computer for spywares, I am almost certain it's a spyware bundled in some "free" app you got from tucows.

http://www.lavasoftusa.com/software/adaware/

jm459,what are you talking about you muppett? :D
i'm an intern at game institute www.gameinstitute.com
for the c/c++ and direct input courses.

well,actually i think i am being hacked as i ran spybot and no spyware has been found.

Please bear in mind,this happens EVERY time i connect to the net,programs are starting to crash,my comp is reebooting,no viruses found,but i'm not so sure.

Can any experts give me some serious advice please,on GOOD software,firewalls etc etc
i would appreciate it,as i haven't been that interested in security up until now.

I have been using Zone-Alarm pro,and since about an hour ago,switched to using my
son's comp for internet,and not using my comp i program on.

btw,i like this site,glad i found it. :)

Symantec uses akamaitechnologies for updating their software...do you have NAV or anything else that auto-updates.

akamaitechnologies is the defacto corp for streaming ANYTHING, from ads (mostly), streaming audio, vidio etc.

i have to go back and read your links but i haven't heard of it beeing used for port scanning....could anybody here really think some one sits there all day waiting for you to come on line so they can scan your ports?

Ive never heard of money mongering spyware using a not to inexpensine service like akamaitechnologies. thier updates usually come from remote port 80 thus bypassing most FW settings

looked at the links:

link 1:

Date: Tue, 17 Dec 2002 19:33:51 +0300

just a guess but i doubt if they had an open proxy it would still be open.

link 2: load balancing? wouldn't give you what your getting. looks like there allot bigger and offer more services than i thought


go to your home page and right glick on the ads and go to properties to see where they come from.

Ok,since i no longer have my comp with the source on it, i can tell you why i think i'm being hacked.

Basiclly,i think i'm being hacked(call me paranoid) :) if you like.

I made a post on a forum recently,announcing the features of our engine/tools,and that it would beat hands down 2 other companies,for price and for features.

The reason i am concerned is source code.
I have 4 comps here 3,with the main source on(that have no net connections)
and 1 comp that has source on(or certain parts of it) that i HAVE been connecting to the internet while researching.

Is there any way of tracing a hack attempt?? i mean getting information that could prove who has been attacking?

i have NOTHING that auto-updates, i don't use Nortan- Antivirus.

As i mentioned,the only thing on this comp i am using now, is childrens stuff,like pop pictures etc,nothing like source code to a commercial game engine.

Cheers.

Tell me if I am wrong.
Are these alerts triggered by

1)your computer trying to connect to
a193-108-153-14.deploy.akamaitechnologies.com

or

2)you get alerts because someone is trying to connect to your computer from
a193-108-153-14.deploy.akamaitechnologies.com

Case 1 is either a spyware or a trojan/virus, you need an updated antivirus and/or trojan scanner

I suggest :

AVG Antivirus
http://www.grisoft.com/us/us_index.php

Free Online Trojan Scan
http://www.trojanscan.com/

Free Trial Trojan Scanners
http://swatit.org/
http://www.misec.net/


Case 2 is probably a port scan/hack trial and since your firewall blocks it, they can't connect.

Additional questions:

What ports are being scanned?
What process is trying to connect?

As for good softwares, check my earlier post:
http://www.antionline.com/showthread...223#post651685


P.S. You don't really need an expert to figure what's going on...

The comp i'm using now,has nothing on it,except for maybe a couple of pop pictures,and mp3's
and hasn't even got a firewall on it,since its my 11 year olds computer.

Now,the comp i used earlier(when i made this post) had Netbios disabled,Zone-Alarrm Pro,SpyBot,swat it pro,and other apps on it.

Scorp666
I get alerts because someone is trying to connect to my computer from
a193-108-153-14.deploy.akamaitechnologies.com

around 6-8 each time i connected,sometimes more than that.

i think that they have connected and maybe taken(though i'll never know)
as i have a top box connection,that has an adaptor,a red LCD light flashes when there is internet activity(if your downloading something it flashes very fast)if your doing nothing,it is static.

Within minutes of connecting,it would flash like hell! every time,which tells me that someone was downloading from me.

as i have said,i'm no expert on security,but common sense tells me i'm being hacked.

What would be good,is to prove(and shame)who i think is behind all this crap.

cheers.

lol, a flashing light is now the official technique to monitor hack attacks!

Ok well I will leave the paranoid case to Tedob...

ok sting im not saying your NOT being hacked im saying it wouldn't be akamai.

what operating system are you running? What kind of connection to the internet do you have?

if you have a network at home with valuble/sensitive material on it get a hardware FW like watchguard firebox SOHO. (especially if you want to keep your job) easy to use and configure. costs around 500 dollars US. If you haven't set up auditing and haven't been logging everything your not going to find out anything. Your asking a serious question here and aren't giving enough info.

What anti-virus are you using and what does netstat tell you when you do update your sigs.

when you open your browser what is the URL of web page your seeing.

DO run adaware from www.lavasoft.de . adware can cause many problems in your computer as the software it installs is not written with your well being in mind

Scorp,seriously...the "flashing light" only flashes,when i'm either downloading a file,
or connecting to a web site. Ok,i'm doing nothing right now,(except drinking a cup of tea)Lol :D
no light flashing... now i'll go to GameDev.net... its flashing,it stops.
This wasn't the case on my other comp.

The minute i connected,it was flashing non stop.
can you explain this please?

Dude , this site`s are lame ! Don't even look at them!

On my other comp i was running (XP),SP1.
I'm on a 1MB cable connection.

Thanks for the info on watchguard firebox SOHO,i'll look into that.

I have been using an online anti-virus checker,and wasn't using the netstat in windows,
but using an app called
swat it pro,that basiclly shows you connections like windows netstat.


<when you open your browser what is the URL of web page your seeing.

alright,you can all have a good laugh at my expense,only the other night i was browsing a website,then i was redirected to a blank web page,that said " I don't like you!"
on it Lol :D am i losing it or what?

DO youn run adaware

No, i'm using Spybot.

Actually my main suspects are *cough* www.quest3d.com * cough * www.virtoolsdev.com

to illustrate my point(you hard headed son of a bitch) i went to the worst offender i can think of...zdnet heres the result of a netstat after i connected:

TCP <my computer>:1635 a64-12-145-72.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1636 a64-12-145-72.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1640 www.zdnet.com:http CLOSE_WAIT
TCP <my computer>:1641 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1642 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1643 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1644 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1645 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1646 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1647 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1648 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1649 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1650 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1653 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1654 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1655 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1656 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1657 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1658 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1659 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1660 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1661 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1662 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1663 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1664 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1665 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1666 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1667 a64-12-145-38.deploy.akamaitechnologies.net:http
ESTABLISHED

maybe thats not the exact server thats connecting to your computer but thet literally have thounds of ad servers.

Now when i add this line to my host file:

127.0.0.1 a64-12-145-38.deploy.akamaitechnologies.net

and go back to zdnet this is what a netstat shows:

TCP <my computer>:1732 www.zdnet.com:http ESTABLISHED
TCP <my computer>:1734 a64-12-145-79.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1735 a64-12-145-79.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1736 a64-12-145-79.deploy.akamaitechnologies.net:http
ESTABLISHED
TCP <my computer>:1738 a64-12-145-79.deploy.akamaitechnologies.net:http
SYN_SENT

notice a64-12-145-38.deploy.akamaitechnologies.net no longer appears.

SO if you want it to stop...take the full server name, open your hosts file in notepad, located in c:\winnt\system32\drivers\etc and add:

127.0.0.1 <servername>

i know this shows a space between the ip addy and servername...auto-formating but it should be a tab.

this will cause you mach to resolve this url, which is embeded in the html source of the page your viewing, locally and not go to the adserver for it.

Tedob1(you straight talking person..you) :)
yes,that is similar to the logs i was getting,but no spyware was found,and i was getting this akamaitechnologies connections when i went to a website like www.gamedev.net

The flashing light,would flash even before i connected to ANY website.

How can anyone tell the difference,from something like what youv'e proven and a real hack attempt,from a malicious hacker(s).

Please explain,i'm curious to know.

re-directed = java script. maybe their web page was hacked. if that happens on other sites as well. then YOU got problems. disable or set to "prompt" for allowing java scripts in tools>>options>>advanced. go back to that site and that page and see if it happens again when you deny js. i go to sites that are not always reputable so my settings prompt for everything.

online virus/trojan scanning is no way for professional to work. scanning after the fact is a loosing proposition. get a good virus scanner and keep it up-dated.

sorry my post are lagging behind your questions. they take some thought for me.

its not easy to tell the differance without kearning how hackers hack. personal firewalls say everything on the internet is a hack attempt to prove their worth. You either have to learn all about hacking and keep on top of the latest developments of trust your firewall to do its job Being a professional programmer you will probably need to go with the latter. So make sure you get a good one and keep up with the latest patches both for the FW and you OS.

Akamai has nothing to do with hackers. Akamai has nothing to do with port scanning.
Akamai has nothing to do with spyware. Akamai only has to do with content delivery.

They are just a content delivery provider out there. What that means, is they do geographical load balancing for high traffic sites. Everyone from yahoo, apple, msnbc, and I am sure a bunch of others that I missed use akamai to deliver content. If you are getting ad's from them, its the website that is there customer that is giving them to you, not akamai.

As Tedob1 has already mentioned, you are getting all the http established connections, is that when you go to a website that uses akamai as their content delivery provider, you will connect to their servers to download images or other objects.

For example:

If you go to www.apple.com/quicktime and right click on any of the pictures on that site, it will show in the properties that the image, and most likely the download as well, are hosted on a akamai site.

Essentially, when you browse to www.apple.com, the content (text/words) will be provided to you by apple, but the browser will download the images from akamai's server. So if there are 10 akamai images on a apple page, you will get one http established for the apple server, and a bunch of established sessions to the akamai server. This is perfectly normal and fine, you just probably never noticed it before.

Grinler

Thanks to everyone that replied to my questions(even if they did seem odd to you) ;)
Iv'e actually come to the conclusion,that the best solution for (me)would be to not use a computer that is connected to the net at all to do work on.

Iv'e actually done some research on "Hacking" since my original post,which has basiclly opened my eyes..to how easy hacking actually is.

Anyone with good experience with comps/hardware,(a good background in programming also helps),especially in the windows enviroment,wouldn't find it too difficult.

From what iv'e read.there is this Glam/moral/ethics rubbish,about hacking,and Big ego's,amongst hackers(which actually made me smile) :D
As from what i have researched,a 12 year old kid could be a hacker LOl.

What amuses me most,is these guys think they are some kind of 'elite'.
when most of them,i would simply refer to them as 'scripter' kiddies.
i could show them code,that would 'scare' the life out of them :D

Its a very interesting subject(anti- hacking)and something i am quite interested in,and maybe in the future(when i have more time)might look into taking part in.

But for now,i hardly have time for any hobby projects.

Anyhow,thanks again for your replies.