a hacker

**Harrie** · 10-15-2010, 07:22 PM

this morning I woke up and found a HACKER in my bed! OMG! I knew I should do backups and virus scans and do not send my AOL password to everyone... but now I see blinking lights on my firewall and he is in my BED!!! I am hacked! please advice, fast!

ps

**Planet earth** · 10-15-2010, 07:45 PM

i suspect that the person hammering you was using a gnutella servent called Qtrax2. this program is known to be an excessive hammerer and can send you packets many hours after you left Gnutella. although it gets no response, it still hammers you, it even hammers you if you are already uploading to it the file it is hammering for. it just hammers the whole time for no reason. if you were reusing the ip of someone else, it is possible that it tries to connect to you for over 24 hours. it is not in wide use though, as the gnutella community doesn't recommend it. it also has no forum here. decent gnutella clients (i mean every one i know) will mark your ip adress as unresponsive and not try to send you any more messages after a short timeout interval. raphael has even developed an anti-hammering feature which he built into gtk-gnutella, i think others will follow. so there is no need to have a beef with gnutella, it's a very nice network generally.

**webhush** · 10-16-2010, 07:56 AM

[QUOTE=Gratis;43167]I can see what Iriegirl is saying. It is very annoying to have an alert window coming up every few seconds while you're trying to work. I can aslo imagine that getting 1000 interspersed hits would make reading your firewall logs (for whatever reason she is) confusing.

I can also see how having these hits from a filesharing network that you never joined is extra-puzzling.

Iriegirl: on Norton Firewall I can turn off the alert message, while continuing to log activity, if that's what you're talking about. Others have mentioned that you can probably also have the log filter out an IP (I'm not sure how to do that), if that's what you're talking about.

To all the blasters -- are you really saying that someone trying to access your computer every four minutes for 24 hours wouldn't cause you concern? Or that if you're working with your firewall logs these erroneous entries wouldn't annoy you?

On a tangent, I'm getting conflicting information here:

MrGone says: "And 'your firewall caught it so you're okay' is bullshit, you're okay anyway because you don't have a service listening for traffic on that port (even if you did, it'd most likely be a gnutella client which don't currently have holes to exploit). Noone can just aim a sharply pointed packet at your computer and "hack" it. You must be running some form of server (web, email, ftp, gnutella servent, etc) to receive and process the traffic coming in."

However, cultiv8r says: "There are some things to note about Cable Modem access though. Because your computer will be connected to the Internet 24/7 (or at least, it is supposed to be), you become a bit easier target to malicious users. A software based firewall is a good start, but I'd recommend adding a hardware firewall as well."

These are the two predominant views that I've heard regarding firewalls. My questions are:

**Jalyssa M** · 10-16-2010, 10:31 AM

Well, not really conflicting I don't think. Being connected constantly makes you an easier target in that if there is a trojan or other security hole in your system there is more opportunity for someone to exploit it. That and persistant connections tend to hang onto an ip address longer so once someone has found you as having a hole it is easier for them to exploit it again later.

If you're not running any servers (or silly things like File and Print sharing, another potential hole) and you do not have a trojan on your system then there is nothing a cracker can really do to your system. There is always the possibility of a DoS (Denial of Service) attack, but those are most often accomplished by making too many connections (again requiring some sort of server) than there are with just bandwidth flooding (which a firewall couldn't stop anyway.)

And no, firewalls do not listen on the ports (excepting possibly for remote administration of the firewall.)

If you're running some kind of server your best bet is to keep it updated and apply any security patches that come out for it. A firewall (hard or soft) will give you information on traffic passing in and out of your computer (ip addresses, ports used, throughput, protocol (TCP, UDP, ICMP), etc) and will let you have control over this traffic.

For example, if someone was doing a port scan on your computer to see if there were any listening services (maybe one being exploitable) you could see this happening and block his IP address from anything you do actually have running (exploitable or not, this guy can kiss off.) Then you can do a whois lookup on the IP address and notify his ISP regarding the attempted abuse (you're probably not the only person he's tried this on) and enough complaints could get him shut down (probably temporarily, but that's better than nothing) potentially saving the *** of some poor schmuck who is running an unsecure system.

Wireless systems use encryption to protect the signal, make sure you're using this encryption if you're on a wireless network

Macs are "hackable"

There is a great forum for these kinds of questions at http://www.dslreports.com/forum/security,1

**Ur best friend (Ab)** · 10-16-2010, 01:10 PM

She didn't inidcate what kind of connection she has (atleast, not that I have noticed). If she's using a connection with a dynamic IP address, then that could be the source of the problem. For example, someone else at her ISP might have had her IP address and used Gnutella.

Or perhaps, someone else has used her system (like, kids or a partner).

**katienie20** · 10-16-2010, 03:31 PM

I hope she was nice!

Morgwen

**munoz121** · 10-16-2010, 05:21 PM

Thanks a lot for your thourough response. I think I understand the issue much better now.

**doux28** · 10-17-2010, 01:47 PM

Thanks, cultiv8r for helping me with a very nice attitude...I appreciate that, unlike SOMEONE who is so blindly in love with Gnutella that they can't even think straight and must use insults to respond to someone seeking help. I know who has a partner here; the one who could even conceive of it. And, cult, I just got the puter, so there has be noone else on it yet. I realize now, since I have good help, that the fact that I have cable modem at home will be part of it. And yes SOMEONE (Mrgone) I am still working on my MIS degree and may be wrong at sometime, but that is what help is for, so to my friends cultiv8tr and Morgwen, thank you so much for your friendly advice...I appreciate you for being knowledgable without being information hogs and treating those that are learning with respect instead of contempt.
I'm trying to learn some things now, (my fiance being a software engineer) and I am dipping into some waters I don't know much about..I have a tracing program that he uses for work here, and the day I got the pings, they all came from the same area of the country and from the same person. This is why I suspected hacking, especially since this puter is used for some coding my fiance uses that are related to security. Obviously if I didn't know anything I was doing, I wouldn't have even known this. But whatever..Cult and Morg...thanks for the help

And, Mrgone...take your attitude..and turn blue I don't live my life on the computer!! And I forgive you your insecurities!