Re: security breach?

From: x y (jamescagney90210@excite.com)
Date: 05/16/02 

From: "x y" <jamescagney90210@excite.com>
Date: Thu, 16 May 2002 11:47:33 -0400

If your XP firewall is not blocking oubound connections, or is allowing
inbound connections for your IIS web server, then you may be vulnerable to
various threats. There are various trojans that allow remote access, and/or
email passwords to a hacker's email address, and/or capture the keystrokes
that you type [including your posting, and passwords, etc.] and email them
to a hacker or capture them to a text file.

The book incident response is a good introduction to dealing with these
things. fport from www.foundstone.com can help, as can NETSTAT -AN. If you
are running IIS, find and look at your IIS log files, if they exist. Look
for any line mentioning .EXE or % and if a code 200 or 502 is mentioned in
that line, this could be suspicious. Also, downloading pstools from
www.sysinternals.com includes the command psloggedon which tells you who is
logged into your system at the moment. If your XP firewall includes any
logging, check the logs for anything unusual. If questions, post them here.
Running an antivirus or trojan scanner that has the latest daily updates can
help detect trojans, and running www.gfi.com languard file integrity checker
daily can detect suspicious file changes.

"Dan" <encore333@yahoo.com> wrote in message
news:3deb01c1fcd7$559d60b0$19ef2ecf@tkmsftngxa01...
> Yesterday I could not login to many of the pay websites
> to which I subscribe, so I emailed the individual
> webmasters who all had a similar response: "The server
> detected that your password was being used simultaneously
> from multiple IP addresses (i.e. more than one person was
> accessing the site with your username) and thus your
> account was disabled."
>
> I've never divulged passwords and no one could access my
> computer the usual way since I live alone. Obviously I
> was hacked (is there any other explanation?). Is it
> possible to detect a prior break in?
>
> Is the Windows XP firewall penetrable? There's a new
> critical update -- a fix for outsiders getting in through
> Internet Explorer -- and I've just installed it (after
> the fact). I updated Norton AntiVirus and scanned my
> entire machine but nothing turned up. Could I now have a
> worm or trojan horse and not know it? Would such an
> infection be detected by Norton AV?
>
> My biggest concern is that I'm still vulnerable. I have a
> cable modem and regularly run port scans at
> dslreports.com, but I've always received a perfect score,
> including the scan I ran today.
>
> This whole thing freaks me out. I've been online for 6
> years without any prior security incidents. Any insights
> or advice truly appreciated.
>
> Thx.
>