Yo.
Well I think everyone has noticed by now (at least who's been seeing me play SOF2 anyways) that my ping has shot skyhigh. Yeah like one game my ping went from its usual 90 area to in the 200 range all of a sudden.
Well guess what people....I've been hacked!!
Some fool is using my IP address or something to use my cable modem to send things like viruses. That's why I'm lagging, cuz whoever this fool is is tieing up my internet usage bandwidth shit. So I can't play games, can barely use the internet, and can only chat now.
We've done a full system virus scan, spy software scan, and even a system restore point check. We found nothing. And its still sending shit as we.....hey wtf? It just stopped sending? I'm up to 11,000 sent packets..but in less then 5 minutes. Arg...has the fool given up or has my ISP found the idiot and stopped him..
*shrugs*
Suffice it to say I won't be on SOF2 for until we get this problem fixed. We found out by Rogers (my ISP) about it. They sent us an email...
Now the bad thing about this is that Rogers will cut/delete our account and we will no longer have Cable internet if we 'dont stop' this action.
So any ideas to stop this idiot is appreciated...etc.
Thanks.
Shuv It Hax0rs
Shuv It Hax0rs
--take a look around
-
midnightservice
- Posts: 1483
- Joined: Wed May 21, 2003 10:16 pm
- Location: Missouri
- Contact:
This is the letter we got.
Please be advised that we have received numerous complaints regarding unauthorized scans/probes originating from your IP address, contrary to the terms & conditions outlined in the Rogers End User Agreement. In an effort to preserve the quality of service to all customers, and to maintain a good standing presence with fellow Internet entities, we are contacting you to ensure that this matter is resolved immediately. A portion of the
complaint(s) are included below this message.
Attacks to port 445: There are an increasing amount of attacks to port 445 reported world wide. Port 445 along with port 135 is used in Windows NT and 2000 in file sharing with NetBIOS and TCP/IP. These attacks that have originated from your computer may have been in part a distributed denial of service attack. (DDOS) This issue is also known to Microsoft and security software developers. Here is a link providing more information and a possible resolution to these attacks originating from you PC. http://www.kb.cert.org/vuls/id/250635
Does that help?
Please be advised that we have received numerous complaints regarding unauthorized scans/probes originating from your IP address, contrary to the terms & conditions outlined in the Rogers End User Agreement. In an effort to preserve the quality of service to all customers, and to maintain a good standing presence with fellow Internet entities, we are contacting you to ensure that this matter is resolved immediately. A portion of the
complaint(s) are included below this message.
Attacks to port 445: There are an increasing amount of attacks to port 445 reported world wide. Port 445 along with port 135 is used in Windows NT and 2000 in file sharing with NetBIOS and TCP/IP. These attacks that have originated from your computer may have been in part a distributed denial of service attack. (DDOS) This issue is also known to Microsoft and security software developers. Here is a link providing more information and a possible resolution to these attacks originating from you PC. http://www.kb.cert.org/vuls/id/250635
Does that help?
--take a look around
If you are using Windows 2000 or XP open a command prompt and type in each of the following......
tasklist /v >tlist-v.txt (press enter)
tasklist /svc >tlist-s.txt (press enter)
netstat -a -n >nstat.txt (press enter)
Email the files (tlist-v.txt, tlist-s.txt, nstat.txt) to IDO@Phoenixorder.com and I will post them for everyone to review to see if anyone can help.
Let me know if those commands work or not.
I.D.O.
tasklist /v >tlist-v.txt (press enter)
tasklist /svc >tlist-s.txt (press enter)
netstat -a -n >nstat.txt (press enter)
Email the files (tlist-v.txt, tlist-s.txt, nstat.txt) to IDO@Phoenixorder.com and I will post them for everyone to review to see if anyone can help.
Let me know if those commands work or not.
I.D.O.
-
Falcon187420
- Posts: 33
- Joined: Wed May 28, 2003 11:43 pm
here is some other info to hopefully help you out
http://www.petri.co.il/what_is_port_445_in_w2kxp.htm
http://www.petri.co.il/what_is_port_445_in_w2kxp.htm
-
Falcon187420
- Posts: 33
- Joined: Wed May 28, 2003 11:43 pm
This is interesting stuff...can any of you expand upon what you processes and/or port sessions you are looking for info.? I did what you said and I looked at the text files, but don't know what necessary processes actuallyneed to be running in say the svchost.exe. I understand that 445 and 139 work as NetBt...but they need to be open if you are on a lan i thought. Anyways, any of your wisdom would be nice to read...
-
Falcon187420
- Posts: 33
- Joined: Wed May 28, 2003 11:43 pm
You're probably not hacked ( but maybe you are ) sounds to me like someones sending you a good old denial od service attack. People got to learn how to properly use firewalls and port mappers so that this stuff doesn't happen.
Just format your machine, scan your backup drive with a trusted source, and start over. Thats the easiest. You are wasting your time to hunt down a compromised system. Hackers are smarter than you (no offense) but thats why you are compromised.
I have almost completed my CISSP, I live and breathe network security, and I'm telling you right now that you are wasting your time "figuring it out" at this point.
Next time however, there are a few basic steps that you can do to minimize your threat level while on the internet, A couple biggies are :
1) personal firewall (IDS/IPS) Tiny is my favorite, albeit complex for some, but ZoneAlarm remains my top pick for my gaming machine. I use Vision from Foundstone for my port mapper.
2) Update your OS and virus definitions rapidly
3) Learn how to lock down a WinXp/2K machine with your policy mmc. Billyware is making strides in the realm of security, but it leaves a few things open for "ease of use"
4) Don't run your computer as an administrator, make a new account as user and assign permissions as needed.
5) This is the most important : educate yourself. I'm not telling you to go out there and become a security guru, I'm suggesting get some street knowledge at your bookstore. Hell, theres TONS of books on hacking and security nowadays, and theres no better time to brush up on your skills than right now.
Theres alot more I want to say, just not enough time or interest, plus I just woke up, so I wish thee luck.
Just format your machine, scan your backup drive with a trusted source, and start over. Thats the easiest. You are wasting your time to hunt down a compromised system. Hackers are smarter than you (no offense) but thats why you are compromised.
I have almost completed my CISSP, I live and breathe network security, and I'm telling you right now that you are wasting your time "figuring it out" at this point.
Next time however, there are a few basic steps that you can do to minimize your threat level while on the internet, A couple biggies are :
1) personal firewall (IDS/IPS) Tiny is my favorite, albeit complex for some, but ZoneAlarm remains my top pick for my gaming machine. I use Vision from Foundstone for my port mapper.
2) Update your OS and virus definitions rapidly
3) Learn how to lock down a WinXp/2K machine with your policy mmc. Billyware is making strides in the realm of security, but it leaves a few things open for "ease of use"
4) Don't run your computer as an administrator, make a new account as user and assign permissions as needed.
5) This is the most important : educate yourself. I'm not telling you to go out there and become a security guru, I'm suggesting get some street knowledge at your bookstore. Hell, theres TONS of books on hacking and security nowadays, and theres no better time to brush up on your skills than right now.
Theres alot more I want to say, just not enough time or interest, plus I just woke up, so I wish thee luck.
<img src="http://www.lordxor.com/images/wolfhelm2.jpg">
-
Archangelus
- Posts: 4286
- Joined: Mon Jun 24, 2002 9:01 pm
- Contact:
XoR likes ZoneAlarm, I prefer BlackICE. Both should show you what the hell is going on with your network traffic. I don't know about ZoneAlarm, but BlackICE will also allow you to turn on an Application Monitoring option that will alert you anytime one of your applications is trying to send network traffic. Not good for continuous use, but good for problem solving.
-Arch
-Arch
Açieeed! style by 