Sign in with
Sign up | Sign in
Your question
Solved

Port Monitoring Softwares for Hack attacks (Serious)

Tags:
  • Firewalls
  • Networking
  • Software
Last response: in Networking
Share
June 22, 2014 7:33:50 PM

I used to have a software a long time ago (on windows 2000 server if you can believe that) that wasn't a firewall. Its not a dos based program its a win based. What it did was show port logs for the entire system and allowed you to monitor the ports.
Keep any ports locked down for good reason. I dont remember the name of this software so thats why I am here.

I have a Software called Zbrush that calls a whole panel of ports to open (from what I am gathering) and it is allowing a hacker to infiltrate comodo if you believe that. This has been getting on my last nerve and has caused me to lose a couple contracts (which in turn has made me lose money/work/rep you get the idea).
Win 8.1 is a pain sometimes for these types of things as I find myself buying a brand new router (still hacked after getting a new netgear router with new password new login and everything) I think the people around me are using a wif dark scan program or something cause one time I made the pass something like A34@ni554#$##@ and so on and so fourth you get the idea. No I dont use abc123
I did used to have a MCSE for 2000 and A+ so you can talk to me in technical terms..
I am getting so desperate right now I am thinking about building a Linux ipfire wall as I have spent over $500 to get rid of this invasion.
They were initially getting through on Chrome I found out so after I formatted and reinstalled a fresh copy of windows I figured all was fine in the world. NOPE.

Thanks for the help.
Paul

More about : port monitoring softwares hack attacks

July 17, 2014 1:54:24 AM

Even the windows firewall will let you explicitly block ports from being used.
As for logging any good firewall should be able to log for you.
are you are 100% sure you are not letting a worm on to your network somewhere? I would look to harden my perimeter security.
If it were me being a cisco person id probably get a 2nd hand asa or even just a router, deny all traffic in both directions with logging on. then slowly add in explicit allows like port 80.

What kind of mischeif are these people causing?
m
0
l
July 17, 2014 4:51:52 AM

In the common home install with a router the router owns the real ip address. The router then translates this address to the fake address it has given out to the machines in the house. The default configuration on a router there is no permanent mapping of any particular port to any machine in your house. This means if someone would attempt to attack a port the router has no idea which machine to send it to and just drops it. You get the key function most firewalls provide just because NAT is stupid.

The only way someone can attack your machines from the internet is you configured your router to allow it. You would have either had to port map ports or put your machine in a DMZ. When you do that you need to be sure your firewall software on the end machine is correctly configured.

I seriously doubt anyone is hacking you from the internet you like opened a web page or ran some program that load something you did not expect. You need to make sure you run malware scanners and load some form of virus/malware protection. The free one from microsoft is a good one to try first.
m
0
l

Best solution

July 17, 2014 6:01:43 AM

AS usual I agree with everything bill001g is saying. its far more likely that due to NAT the connection is being initiated from your PC.
I assume you have been sensible enough to disable administration of your router from the wan port, and tell the router not to respond to ping on the wan port?

This should be enough. The only exception is sometimes certain routers can be exploited, and therefore you need to make sure your firmware is up to date. but you've already changed routers so this is unlikely.

this only then really leaves 2 realistic options,

1.You have some malware somewhere on your network (it might not necessarily be limited to that machine). when you did the fresh windows install did you use a software installer that you already had saved? it could be infected?
2.you have forwarded a port for web hosting or something similar, and they are using an exploit in the web hosting program or whatever it is. You need to patch/harden this?

The only way to go further than this that I know of would be with a seriously expensive IPS device which knows how to look for the exploit being used.

With a problem as trustrating as this i'd be tempted to set up wireshark captures to catch the attack in progress if possible.
Share
July 23, 2014 12:31:32 PM

Urumiko said:
AS usual I agree with everything bill001g is saying. its far more likely that due to NAT the connection is being initiated from your PC.
I assume you have been sensible enough to disable administration of your router from the wan port, and tell the router not to respond to ping on the wan port?

This should be enough. The only exception is sometimes certain routers can be exploited, and therefore you need to make sure your firmware is up to date. but you've already changed routers so this is unlikely.

this only then really leaves 2 realistic options,

1.You have some malware somewhere on your network (it might not necessarily be limited to that machine). when you did the fresh windows install did you use a software installer that you already had saved? it could be infected?
2.you have forwarded a port for web hosting or something similar, and they are using an exploit in the web hosting program or whatever it is. You need to patch/harden this?

The only way to go further than this that I know of would be with a seriously expensive IPS device which knows how to look for the exploit being used.

With a problem as trustrating as this i'd be tempted to set up wireshark captures to catch the attack in progress if possible.

My real Solution for the time being is going to be I am taking myself off the grid. Changing email addys and changing everything. Possibly for a year or two.. I formatted the system clean both my laptop and desktop. As I don't know what these people got into or what their intent was. Tried to get my ISP to switch my IP addy to a static for a couple days since the DHCP wasnt releasing it for another (trouble shoot it that way but No sale as they still want to charge me the traditional $25 per month for the static IP for only like 3 days just to see if they are just attacking the IP address.) Oh well I will just deal. :)  starbucks will be receiving my money from now on for ISP charges.
It just feels like someone is breaking into my house on a daily basis and there is nothing I can do to stop them from getting in.
m
0
l
!