-
October 1st, 2001, 04:35 AM
#1
HOw did someone get through my firewall
my computer turned into a zombie tonight.I have a zonealarm pro firewall up and a cable modem hook up. On a windows 98 machine.I had to reset almost every internet setting,and every setting for my firewall.My shutdown screen says YOU HAVE BEEN HACKED!
My norton anti-virus said no backdoors,trojans, or viruses
My registry monitor said there had been no modifiacatons to the registry.
My application monitor said nothing had been changed or modified..
My question is how did someone hack through my firewall without using backdoor programs,and viruses or trojans to gain access..they simply were able to bypass the firewall and get total control.
-
October 1st, 2001, 04:52 AM
#2
I have a few ?'s Where is this computer located. Home of office? Does anyone else have access to it?
-
October 1st, 2001, 05:01 AM
#3
It's a home computer, and no one but me has access to the computer.I know because I live by myself.....The firewall settings were set on high.
-
October 1st, 2001, 05:18 AM
#4
how did they get through you ask ?
Zone alarm had a vulnerability posted for it a while ago. It allowed for access to the computer. I suggest you look into it or change your firewall.
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
-
October 1st, 2001, 05:21 AM
#5
Oh yeah, that was on www.securityfocus.com at one time. . . I forgot about that.
-
October 1st, 2001, 05:57 AM
#6
Ok just a thought, is there a possible way to redirect the firewall to think that there is an attack at another port, kind of tricking the firwall long enough for an attacker to acces the port that he wants. Kind of like setting up a diverson long enough to get in.
-
October 1st, 2001, 06:12 AM
#7
sure there is a way, but it would be rather complicated and not worth the effort unless you were a major score for someone.
did you find any information on your firewall ?
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
-
October 1st, 2001, 06:25 AM
#8
All the zone alarm logs were deleted who ever did it new how to cover there tracks.I might be able to go through Norton and check the Nprotected bin that I have...but unlikely chance.
I wonder how they did it .I'm looking through zone alarm exploits right now. I wish I knew who did it so I could ask him or her how.But I should probably change the firewall are there anygood ones that are really secure.
I noticed some personal files that are missing, but most of my stuff that is really important is burned on cd's or is encrypted so I'm not in bad shape.
-
October 1st, 2001, 07:15 AM
#9
I would say either they used an exploit in the firewall itself... or maybe Netbios. From what I hear, all of the things that happened are more 'file stuff' than 'run program stuff'... unless you have registry changes.
Are you sure ZA blocks 137-139 (NetBios)from outside attack? If you have it unsecured, they could do most anything. Do you have File and Printer sharing on? (Settings->Control Panel->Network->File and Printer Sharing)
To get rid of the 'You've been hacked' screen, rename logos.sys and/or logow.sys in c:\windows to logo*.sys.bak. Those two files are basically .bmp files used by windows for the load/shutdown screens, except they end in .sys to make people worry about messing with them.
EDIT/ADDED LATER:
I use Tiny Personal Firewall. It's pretty good, albeit with a few bugs in the interface, like getting all your rules deleted when you remove a trusted host
[HvC]Terr: L33T Technical Proficiency
-
October 1st, 2001, 07:54 AM
#10
Senior Member
hello
someone had access in your computer without trojans
and things like this .check your computer about nimda in it
maybe you have a guest share in your computer .
http://www.antivirusexpert.com
If God had intended
Man to program,
we would be born
with serial I/O ports.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|