Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: HOw did someone get through my firewall

  1. #1

    Angry HOw did someone get through my firewall

    my computer turned into a zombie tonight.I have a zonealarm pro firewall up and a cable modem hook up. On a windows 98 machine.I had to reset almost every internet setting,and every setting for my firewall.My shutdown screen says YOU HAVE BEEN HACKED!

    My norton anti-virus said no backdoors,trojans, or viruses
    My registry monitor said there had been no modifiacatons to the registry.
    My application monitor said nothing had been changed or modified..

    My question is how did someone hack through my firewall without using backdoor programs,and viruses or trojans to gain access..they simply were able to bypass the firewall and get total control.

  2. #2
    Forgotten Ghost RogueSpy's Avatar
    Join Date
    Aug 2001
    Location
    Cyberspace
    Posts
    783
    I have a few ?'s Where is this computer located. Home of office? Does anyone else have access to it?

  3. #3
    It's a home computer, and no one but me has access to the computer.I know because I live by myself.....The firewall settings were set on high.

  4. #4
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    how did they get through you ask ?


    Zone alarm had a vulnerability posted for it a while ago. It allowed for access to the computer. I suggest you look into it or change your firewall.
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  5. #5
    Forgotten Ghost RogueSpy's Avatar
    Join Date
    Aug 2001
    Location
    Cyberspace
    Posts
    783
    Oh yeah, that was on www.securityfocus.com at one time. . . I forgot about that.

  6. #6
    Ok just a thought, is there a possible way to redirect the firewall to think that there is an attack at another port, kind of tricking the firwall long enough for an attacker to acces the port that he wants. Kind of like setting up a diverson long enough to get in.

  7. #7
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    sure there is a way, but it would be rather complicated and not worth the effort unless you were a major score for someone.

    did you find any information on your firewall ?
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  8. #8
    All the zone alarm logs were deleted who ever did it new how to cover there tracks.I might be able to go through Norton and check the Nprotected bin that I have...but unlikely chance.

    I wonder how they did it .I'm looking through zone alarm exploits right now. I wish I knew who did it so I could ask him or her how.But I should probably change the firewall are there anygood ones that are really secure.

    I noticed some personal files that are missing, but most of my stuff that is really important is burned on cd's or is encrypted so I'm not in bad shape.

  9. #9
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    I would say either they used an exploit in the firewall itself... or maybe Netbios. From what I hear, all of the things that happened are more 'file stuff' than 'run program stuff'... unless you have registry changes.

    Are you sure ZA blocks 137-139 (NetBios)from outside attack? If you have it unsecured, they could do most anything. Do you have File and Printer sharing on? (Settings->Control Panel->Network->File and Printer Sharing)

    To get rid of the 'You've been hacked' screen, rename logos.sys and/or logow.sys in c:\windows to logo*.sys.bak. Those two files are basically .bmp files used by windows for the load/shutdown screens, except they end in .sys to make people worry about messing with them.

    EDIT/ADDED LATER:

    I use Tiny Personal Firewall. It's pretty good, albeit with a few bugs in the interface, like getting all your rules deleted when you remove a trusted host
    [HvC]Terr: L33T Technical Proficiency

  10. #10
    Senior Member
    Join Date
    Sep 2001
    Posts
    111
    hello

    someone had access in your computer without trojans
    and things like this .check your computer about nimda in it
    maybe you have a guest share in your computer .

    http://www.antivirusexpert.com
    If God had intended
    Man to program,
    we would be born
    with serial I/O ports.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •