Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi,
How do you know that you were being hacked ?
'Cause this morning, I was about to turn off my PC, which is most of the time on, when I got the message asking that I have a connection with someone and if I really want to end this connection (or something like this). Well, I got scared and said yes immediately.
I scanned the C drive with Mcaffe, it didn't find anything.
I read about using the netstat-a and -n commands in MSDOs, and I tried it (c>netstat -a). But it says that this command can not be run in DOS mode??
Any help is appreciated.
Thanks in advance.
Thanks, yeah, it worked this time.
There are 4 Ip numbers, 2 being the same. It shows that one of them has an established state, the others are close wait and time wait. What do they all mean?
0 
Sorry - I know how to do it but not how to interpret what I see!The only thing I've learned so far is that if you see Port 2734 in there then you've probablty got a Sub-Seven Trojan!
I've only just gone onto Broadband - still learning!
Hopefully others will enlighten you
Lesley
0
Thanks Lesley
I have actually kept on looking for info on the web and found an online tracer which traces ip #'s/URLs etc. All the IP numbers listed under foreign seem to be legitimate (2 of them were from MS hotmail and google network, one of them from my school network and the other one from another school network).
I have also found a listing of suspicous port numbers on the internet which I don't seem to have any (though I didn't check the local addresses).
I think everything seems Ok, but I still wonder why I got such a message today??
0
Sorry if I am wrong Leslie, but isn't it 27374?
Just checking.I would check on the IP address and see who it belongs to. If it comes up with a name, report that IP to your ISP and tell them to block any incomming "packets" from that IP address.
If it comes up with a corporation, notify them, and tell them that you are suspecting that someone from their company at this ip address, (the Ip address), is making trying to hack into your computer.
ChargerCharger
0
Maybe this will help a list of computer ports and the trojans that connect to it
http://www.doshelp.com/trojanports.htmNetstat info:
Displays protocol statistics and current TCP/IP network connections.NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto
may be TCP or UDP. If used with the -s option to display
per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for TCP, UDP and IP; the -p option may be used to specify
a subset of the default.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
0
I have just downloaded the free zone alarm. We have a router at home and I think it has its kind of firewall or something?? And I am connecting behind a proxy, if it makes any sense??
I also got my PC free-checked from symantec web site for viruses.
How do I know if an anti-trojan program is trustable? Do you really think that I am trojan infected?? Scary!!
I tried all the netstat commands. But I don't know what the results mean actually. For exp, are "listening", "established state", "time wait", "close wait" bad things??
I am nobody and I don't have anything important in my PC. Why would someone from hotmail or Verio Inc want to hack me?? Strange!!
0
sed, check this post in the xp forum and read reply # 3 from tank863. His advice is excellent and should be helpful for your problem.
http://www.computing.net/windowsxp/wwwboard/forum/31925.html
Good luck!
0
hi sed,
here's some info on the different states in Netstat and or TDImon, Jammer,and Netmon:
.........................................
LISTEN - represents waiting for a connection request from any remote TCP and port.SYN-SENT - represents waiting for a matching connection request after having sent a connection request.
SYN-RECEIVED - represents waiting for a confirming connection request acknowledgment after having both received and sent a connection request.
ESTABLISHED - represents an open connection, data received can be delivered to the user. The normal state for the data transfer phase of the connection.
FIN-WAIT-1 - represents waiting for a connection termination request from the remote TCP, or an acknowledgment of the connection termination request previously sent.
FIN-WAIT-2 - represents waiting for a connection termination request from the remote TCP.
CLOSE-WAIT - represents waiting for a connection termination request from the local user.
CLOSING - represents waiting for a connection termination request acknowledgment from the remote TCP.
LAST-ACK - represents waiting for an acknowledgment of the connection termination request previously sent to the remote TCP (which includes an acknowledgment of its connection termination request).
for more info on trojans, and trojan ports go to www.thepublicworks.com security section. there's lots of interesting stuff plus some interesting free downloads to help you defend against trojans.
hope this helps.
cheers,
murve
0
wow murve have you learned TCP ip and understand what they mean in detail> just thought i would ask
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
