Re: What to see if you computer is hacked/owned, read this!
From: Dowap (dowap@petitmorte.net)
Date: 02/23/03
- Next message: The Other Guy: "ISA releases "Common Sense Guide for Home and Individual Users""
- Previous message: Dowap: "Re: What to see if you computer is hacked/owned, read this!"
- In reply to: Don Kelloway: "Re: What to see if you computer is hacked/owned, read this!"
- Next in thread: Dowap: "Re: What to see if you computer is hacked/owned, read this!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Dowap <dowap@petitmorte.net> Date: Sat, 22 Feb 2003 22:55:12 -0500
In article <_SO5a.300$a63.210@tornadotest1.news.pas.earthlink.net>, Don
Kelloway <dkelloway@commodon.com> wrote:
> Oh no. Here we go again...
>
> A. Not necessarily and besides, why would they? Do you think the 'hackers'
> intention is to confuse the owner of the PC that there's an extra hour in
> the day or perhaps that there's one less? To insinuate that this is an
> indicator of the PC being 'hacked/owned' is extremely misleading and quite
> honestly, false.
Hehe, I do it so the owner replaces there battery and then it resets
the bios password to my own! Muhahahahaha! ;)
> B. Same as above. To insinuate that this is an indicator of the PC being
> 'hacked/owned' is extremely misleading and quite honestly, false.
> C. Not necessarily. There are several legitimate reasons why the Network
> Neighborhood icon would not appear on the desktop. To insinuate that this
> is an indicator of the PC being 'hacked/owned' is extremely misleading and
> quite honestly, false.
> D. While I'm having some difficulty trying to understand what you are
> saying. I'm fairly confident that it's quite incorrect based upon your lack
> of knowledge in the subject of Computers and Internet Security.
> E. This has been explained numerous times to you by several persons. The
> number cause for unintentional reboots is attributed to a lack of heat
> dissipation. To insinuate that this is an indicator of the PC being
> 'hacked/owned' is extremely misleading and quite honestly, false.
Hehe, I create the additional heat so the computer has to be rebooted
and my program can then be totally executed! Muhahahahaha! ;)
> F. This may be attributed to several legitimate reasons. To insinuate that
> this is an indicator of the PC being 'hacked/owned' is extremely misleading
> and quite honestly, false.
> G. See "D" above.
> H. This may be attributed to several legitimate reasons. To insinuate that
> this is an indicator of the PC being 'hacked/owned' is extremely misleading
> and quite honestly, false. In your case it's no doubt the result of your
> arrogance of beliefs and the fact that you've pissed some people off.
> I. See "F" above.
> J. See "F" above.
> K. See "F" above.
> L. See "F" above.
> M. See "D" above.
> N. See "F" above.
> O. See "E" above.
> P. See "D" above.
> Q. Yeah! This is something that should lead one to believe that there *MAY*
> be an issue.
> R. Oops, you blew the opportunity to start a streak. See "F" above.
> S. Yeah! back on track. This is something that should lead one to believe
> that there *MAY* be an issue.
> T. Sorry. See "F" above.
> U. See "F" above.
>
> <Whew! Does this ever end? Two out of twenty isn't too good. Let's see how
> well you continue to play.>
>
> V. See "F" above.
> W. See "F" above.
> X. See "F" above.
> Y. See "F" above.
> Z. This merely indicates that someone has conducted a port scan without any
> order to the ports they're scanning for. Besides, this does not mean that
> your PC has become compromised. It only means that some on the Internet is
> attempting to determine if your PC has any open ports to attempt to gain
> access to.
> AA. See "F" above.
> BB. See "F" above.
> CC. See "F" above.
> DD. This merely indicates that someone is attempting to connect to a
> service. Besides, this does not mean that your PC has become compromised.
> EE. See "D" above.
> FF. See "D" above.
> GG. See "F" above.
>
> All in all, you don't appear to possess much knowledge on the subject of
> Computers and Internet Security. In light of this, please explain why
> people on the Internet should any faith or trust in what you're saying?
>
> --
> Best regards,
> Don Kelloway
> Commodon Communications
> http://www.commodon.com
>
> Visit http://www.commodon.com to learn about Back Orifice (BO), NetBus (NB),
> SubSeven (Sub7), etc. All of which are "Threats to Your Security on the
> Internet".
>
>
> "Tracker" <"snailmail(remove)222000"@yahoo.com> wrote in message
> news:3E573520.CF33D2A@yahoo.com...
> > You can copy and pass on this information as long as you give the owner
> > credit where credit is due.
> >
> > THESE ARE SIGNS TO LOOK FOR TO TELL YOU YOUR COMPUTER IS HACKED/OWNED:
> >
> > A. Hackers disable your Daylight Savings Time.
> > B. The clock on the desktop can be one hour ahead or one hour behind,
> > on occasion.
> > C. Your Network Places Icon on the desktop disappears.
> > D. If using a Windows platform: when you start your computer, your
> > original screen will pop up, but since the hackers need to boot into
> > their Server(s), the system will quickly re-boot and the original screen
> > will appear twice. But your system may re-boot twice instead of once
> > when loading Windows OEM versions.
> > E. If your computer system occasionally re-boots on it's own, the
> > hacker may need to update their Servers to make their computer system
> > function properly.
> > F. If you play Yahoo Games, you may find yourself being kicked out of
> > the board your playing in. If your winning a game and you're the host,
> > the hacker may not let you back in to finish. This means you just lost
> > a game at the hackers expense. When the computer was hacker safe, I went
> > back to playing games and haven't been booted out of a game, since.
> > G. A browser application you install to filter out, or kill file
> > certain individuals will not function indefinitely. When your computer
> > system is owned, you aren't able to filter out people in your browser
> > for more then 1-2 days. A number of computer owners whose systems have
> > been owned, have advised me they also had the same problem. Because
> > hackers were using your illegally installed Servers for posting to the
> > Internet, this is why you are unable to filter or kill file them. This
> > information was very apparent to myself and other ferret owners whose
> > computer were owned.
> > H. When you begin to see Usenet remarks, made on behalf of your
> > personal life which is private information.
> > I. Some of your personal files are modified years before they were
> > created. I have seen a number of personal files modified 7-8 years
> > before they were even created. How to accomplish this trick: Select
> > Start, Settings, Control Panel, Date/Time, where the year is, Select the
> > up or down arrow and, viola. Then open up any file and Select Save. A
> > new creation date is present.
> > J. You will find a number of files hidden/readable only, which is
> > common practice.
> > K. When you find additional information in your boot.ini file which
> > relate to a Virtual Private Network, this can be either software,
> > hardware or device driver oriented.
> > L. Under Search for Files and Folders, you do a search on any file
> > modified in the past month, you will see files which just don't need to
> > be modified, or files you don't even recognize. For the simple minded,
> > you'll want to focus on the files which you don't recognize. Unless
> > your a skilled professional, you won't realize which files need to be
> > present or modified, but give it a try anyways. [To perform the above
> > you will need to see all Hidden Files and Folders.]
> > M. Select Start, Settings, Control Panel and Network, and look at,
> > following network components showing. If you see one AOL adapter and
> > have never used AOL, then two AOL adapters, two TCP/IP, two Dial-Up
> > adapters, one or two Virtual Private Network adapters, your computer
> > could be owned. A Virtual Private Network is widely used by hackers
> > because it can host up to 254 users. "This applies to the average
> > Internet user who has one modem, one ISP and isn't running any FTP,
> > HTTP, NNTP, PROXY, SMTP, SOCKS, SQL, or SQUID SERVER." My skills
> > working with VPNs is almost zero. Every victims system I've seen had
> > two VPNs set-up and they were only using a modem to connect to the
> > Internet.
> > N. Next, Select Start, Run, type Regedit, Select Registry, Select
> > Export Registry File, in the box type a name say 4-12-02.txt and Select
> > save. Then open this file with a text editor, and you might be shocked
> > to find what really is installed on your computer system. Check the
> > bottom of this file, hackers love to install a bunch of applications,
> > Servers files and device drivers.
> > O. You have to turn your computer off by the power supply on a some
> > what regular basis.
> > P. Installing a Network Interface Card will cause problems until the
> > hackers configure this device into their Servers or Virtual Private
> > Network they setup on your computer.
> > Q. You find your cd-rom drive opens and closes without your permission.
> >
> > R. You could hear an annoying beep coming from your system speakers.
> > S. Your windows screen goes horizontal or vertical.
> > T. The screen saver picture changes without your permission.
> > U. On occasion your mouse is out of your control or has an imagination
> > of it's own. But this could also be caused by a corrupt mouse driver.
> > V. All of a sudden, your speakers decide to play you some music.
> > W. Installing a hardware/software firewall for the first time can cause
> > a number of different problems for you to set-up and configure.
> > Considering you didn't have these installed from the beginning of your
> > computer going on the Internet.
> > X. Your firewall logs show alerts at 12:00 then 11:22 then 12:16 and
> > back to 11:59.
> > Y. If using a dial-up/cable/dsl connection you see a number of pings,
> > port 0, to your computer. The reason is so that the hackers can see if
> > your computer is active/alive. A system needs to be online for the
> > hackers to access these Servers. What the hackers actually do is port
> > scan your Internet Service Provider Block of IP addresses and find your
> > computer either with file sharing enabled or a Backdoor/Trojan.
> > Z. If someone is port scanning your system, in your firewall logs the
> > port assignment aren't in any type of order. You might see a probe at
> > port 1,10,9,8,6,12,6,43 etc.
> > AA. When you find you have to set Zone Alarm firewall on medium instead
> > of high settings.
> > BB. Once you can view all Files and Folders search for files named
> > spool*.*.
> > CC. You may find another installed version of your software firewall
> > application on your hard drive. You will need to Show all Hidden Files
> > and Folders under your Settings, Control Panel, Folder Option and View,
> > if using a Windows Platform (excluding 2000,NT and XP).
> > DD. When you see too many, Pings - port 0, HTTP/Proxy - port 80, 8080,
> > 3128, SMTP - port 25, FTP - port 21, NNTP - port 119 port probes.
> > Your computer is probably running an illegal "VPN server"; "web server";
> > "proxy"; "mail and news"; "ftp"; which hackers are attempting to access
> > for their own personal use.
> > EE. If you don't see your computer node/source IP address on a
> > consistent basis to the right side of your firewall log, your system is
> > hacked/owned. (See the firewall logs below.) The hackers are entering
> > through your system to attack other "Networks and Systems", so their
> > identity can't be traced.
> > FF. When you perform a traceroute on an IP address and you lose your
> > node/source IP address, ISP routers IP. Or when you don't see your
> > node/source IP address at all.
> > GG. If you see the following in your Black Ice Defender INI file. Yes!
> > folks, here are the IP addresses of the owners who took over my Domains:
> >
> > a. trust.pair = 168.143.114.50,2000xxx
> > b. 200.10.69.8,2000xxx
> > c. 172.149.134.138,2000xxx
> > d. 12.231.23.99, 2003xxx
> > e. 12.231.11.119,2003xxx
> > f. 209.213.79.152,2003xxx
> > g. [Trusting] = trust.pair=206.134.133.10,2003xxx
> >
> >
> >
>
>
- Next message: The Other Guy: "ISA releases "Common Sense Guide for Home and Individual Users""
- Previous message: Dowap: "Re: What to see if you computer is hacked/owned, read this!"
- In reply to: Don Kelloway: "Re: What to see if you computer is hacked/owned, read this!"
- Next in thread: Dowap: "Re: What to see if you computer is hacked/owned, read this!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
