• October 31, 2024, 11:39:35 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: [1] 2

Author Topic: Am I being hacked??  (Read 22279 times)

suprra_girl

  • Level 1 Member
  • *
  • Posts: 19
Am I being hacked??
« on: March 31, 2009, 03:26:45 AM »

I'm not sure if I should post my log as I'm not sure what information may be unsafe in it, I'm sure you'll let me know if it is or not :)

My log is full of random people around the world appearing in my logs with blocked packets. The same ip, over and over and over. Is this a sign of attempted hacking? I believe the router is doing a fantastic job and not letting them in but I'd like to make sure I'm educated in this information so I know for future and know what I need to do about it.

Thank you

(I'll post my log if it's perfectly safe)
Logged

Lycan

  • Administrator
  • Level 15 Member
  • *
  • Posts: 5335
Re: Am I being hacked??
« Reply #1 on: March 31, 2009, 09:26:59 AM »

What are you doing when this is going on?
Do you run bittorrent or and other P2P software?
Logged

suprra_girl

  • Level 1 Member
  • *
  • Posts: 19
Re: Am I being hacked??
« Reply #2 on: March 31, 2009, 06:48:34 PM »

No actually, I was just logged into the router homepage and surfing a couple of forums. I do have p2p software installed tho but my computer is fairly safe.
Logged

Lycan

  • Administrator
  • Level 15 Member
  • *
  • Posts: 5335
Re: Am I being hacked??
« Reply #3 on: April 01, 2009, 11:23:27 AM »

What p2p are you using?
Logged

suprra_girl

  • Level 1 Member
  • *
  • Posts: 19
Re: Am I being hacked??
« Reply #4 on: April 01, 2009, 02:45:27 PM »

Utorrent, but it only runs early hours of the morning, I am seeing this stuff in my logs throughout the day even restarting the modem to get a new wan ip is having no effect, I did another scan and no nasty's showed up. I figure if anyone is going to know if windows is out of whack microsoft will so I used their scanner online.

Do you want me to post up the log? Will it matter if people see what Ip's i'm using on the lan and wan?
Logged

Lycan

  • Administrator
  • Level 15 Member
  • *
  • Posts: 5335
Re: Am I being hacked??
« Reply #5 on: April 01, 2009, 02:57:01 PM »

Na, however torrent programs can cause things like this even if you believe that they're not running.

I have a friend that might be able to explain it better.

Eddie?
Logged

EddieZ

  • Level 10 Member
  • *****
  • Posts: 2494
Re: Am I being hacked??
« Reply #6 on: April 01, 2009, 03:00:33 PM »

Na, however torrent programs can cause things like this even if you believe that they're not running.

I have a friend that might be able to explain it better.

Eddie?

Always here  :D
Please post the logs. And please indicate on which port your torrent is configured (if it is random this might be an easy excercise).
Logged
DIR-655 H/W: A2 FW: 1.33

Lycan

  • Administrator
  • Level 15 Member
  • *
  • Posts: 5335
Re: Am I being hacked??
« Reply #7 on: April 01, 2009, 03:01:55 PM »

:)
Logged

suprra_girl

  • Level 1 Member
  • *
  • Posts: 19
Re: Am I being hacked??
« Reply #8 on: April 01, 2009, 03:14:31 PM »

Thanks alot

« Last Edit: April 02, 2009, 06:13:05 AM by suprra_girl »
Logged

EddieZ

  • Level 10 Member
  • *****
  • Posts: 2494
Re: Am I being hacked??
« Reply #9 on: April 02, 2009, 04:47:25 AM »

Thanks alot

Utorrent port 50353



Thanks. please remove the link to the log-file.
« Last Edit: April 02, 2009, 08:34:58 AM by Lycan »
Logged
DIR-655 H/W: A2 FW: 1.33

EddieZ

  • Level 10 Member
  • *****
  • Posts: 2494
Re: Am I being hacked??
« Reply #10 on: April 02, 2009, 08:33:28 AM »

The protocols are TCP (6) and UDP (17).

By the looks of it you have some infection on your PC, possibly Conficker. Conficker seems to be  a hoax, but it does communicate to servers. Try Google for an antiroot detector for Conficker to check.
Logged
DIR-655 H/W: A2 FW: 1.33

Lycan

  • Administrator
  • Level 15 Member
  • *
  • Posts: 5335
Re: Am I being hacked??
« Reply #11 on: April 02, 2009, 08:35:28 AM »

Oh he's good.
Logged

EddieZ

  • Level 10 Member
  • *****
  • Posts: 2494
Re: Am I being hacked??
« Reply #12 on: April 02, 2009, 09:25:59 AM »

Oh he's good.


Just a hunch. If the torrent port is static, this traffic should not be there. But looking at the IP's there seems to be a pattern. And one of them is doing a WHOAMI, which indicates deliberate targeting.

I am not a sys admin, those guys can probably tell you right away.  ;)
Logged
DIR-655 H/W: A2 FW: 1.33

Lycan

  • Administrator
  • Level 15 Member
  • *
  • Posts: 5335
Re: Am I being hacked??
« Reply #13 on: April 02, 2009, 09:29:37 AM »

I didn't check the logs, was there more then one LAN address representing this behavior?
Logged

suprra_girl

  • Level 1 Member
  • *
  • Posts: 19
Re: Am I being hacked??
« Reply #14 on: April 02, 2009, 03:11:30 PM »

The logs only show one ip address and thats the wan one, it doesn't specify lan address, I'm not quire sure how to find that info.

We are both using nod32 antivirus and is always updated.

I've run those port check scanners and they said they couldn't get through but they were scanning for usual ports, I guess hackers don't have a habit of being typical

I will find a conficker scan utility and scan with that, although I do find that particular virus unlikely but I never know who feels like kicking me up the butt today heh
Logged
Pages: [1] 2