Madinat al-Muslimeen Islamic Message Board

A R C H I V E S

Hack?

Madina Archives


Madinat al-Muslimeen Islamic Message Board

Hack?
Taalibatul_ilm
04/11/02 at 15:34:32
[slm]
I have a question for the techies here.  I have been having very strange things happen to my computer, and wonder if it is possible to be hac ked even if my anti-virus scan comes out clean?  I keep the anti-virus software up to date and have a good Internet Security program (I hope), but a second connection comes up all by itself on my computer at random while I am online.  This second connection, when I clicked on its properties, was using a wan miniport through a VPN connection.  I do not have cable and am not networked.  I deleted it many times (over 30) but it will just show up again.  I wrote to Symatec's tech support but got two different answers: one, if my virus scan is clean there is nothing to worry about, two, there is something very strange going on and I may have been hack Ed with a backdoor not picked up by a virus scan.  I am really frustrated and worried about the security issue.  
Any suggestions or help out there?
Re: Hack?
counterplex
04/11/02 at 17:12:55
[wlm]

Not sure if it's a "hack" as such.  I'd recommend you find some network monitoring tools and get an idea of where this connection is heading towards.  Also if you have installed any programs recently (specially network related) try uninstalling them.  You might want to leave your computer disconnected from the Internet for a while to see if that connection pops up or not.

When it comes to security (network or otherwise) Windows is a known liability.  Switch to Linux and give yourself a serious upgrade :)

[wlm]
Re: Hack?
zeyn
04/11/02 at 17:26:47
sheesh counterplex still on the linux trip huh
Re: Hack?
counterplex
04/11/02 at 17:55:48
[slm]

Hey, it's secure, completely free (unlike that copy of windows running on at least one PC in everyones home) and highly functional :)

When you're ready for it, I'll even handhold you through it ;)

[wlm]
C
Re: Hack?
BroHanif
04/11/02 at 19:30:47
[slm],

Yes it is possible to be hack ed if you have a virus checker.
Bro, I think what you need to do is install a software firewall. My recommendation would go to ZoneAlarmPro as the software is for free if you are a student and it offers many services. Norton is also a good product where you have the ability to control what comes in and what goes out, yet you have to pay for it.
From the two software programs you willl be able to monitor the software that dials out from your machine.

Try this site as well http://www.firewallguide.com/  It has some info on Firewalls and some info on if you get hack ed

For security of your home pc try out this site http://grc.com/default.htm it has tests so you can perform what your connection to the net is like, a top site!.

If you need any more info then contact me I'll be more than happy to help.

Salaams

Hanif
Re: Hack?
jannah
04/11/02 at 20:47:09
omygosh that guy has to be a babylon 5 buff... haha ;)

"* The worm wars of 2001 - In the late summer of 2001, the Code Red and Nimda worms were a big concern. I spent some time analyzing their behavior"
04/11/02 at 20:47:28
jannah
Re: Hack?
counterplex
04/11/02 at 23:25:53
[slm]

hmmm... where's that quote from sister jannah?

[wlm]
Re: Hack?
jannah
04/12/02 at 00:44:40
this page:  http://grc.com/default.htm
Re: Hack?
Taalibatul_ilm
04/12/02 at 01:23:42
[slm]
Not to divert attention from the Linux buffs, but ...
Bro Hanif, I am a sister.  There is a brother, Taalib ilm on the board (no relation), but Taalibatul ilm [size=2]ØÇáÈÉ ÇáÚáã [/size] is the female version of the same phrase.  I do have a firewall: Norton's Internet Security.  It passes all online security scans.  
Is it still possible to have been hack ed?

Counterplex, what kind of monitoring tools are you referring to?  
One thing I didn't put in the first post because I didn't want to make it too long was that the Norton's Internet Security (NIS) kept telling me that RNAAP wanted to access the Internet many times before this connection came up.  I always temporarily blocked it since I was online anyway and didn't think I should permanentlyblock iit or I may not be able to get online again. One day, Norton's started asking me to configure a rule for a dialup connetion.  I didn't have the option of cancelling, so allowed it, again thinking I wouldn't get online again if I blocked it.  That's when this new connection started showing up while I was online.  It would just switch over to it.  I started knowing it was on because the sounds would not work (click sounds for hitting a link, etc.) and when I checked my mail the Outlook Express would inform me that I wasn't connected the mail server, did i want to try from the present connection.  
04/12/02 at 01:33:20
Taalibatul_ilm
Re: Hack?
counterplex
04/13/02 at 01:39:31
[slm]

As far as the network traffic monitoring tools are concerned, it seems NIS is doing a decent job of it so far... I was thinking of tools which would possibly be more technical.  If your area of expertise is computer related, you might want to try 'netstat -an' from the commandline to see if any spurious ports are open on your machine or what ports on what machines your computer is trying to connect to.  Other tools will probably be found on download.com or some such site for Windows.  If you can find the Windows equivalent of the linux program netwatch, that might suffice.  A more complex but ultimately more comprehensive tool is something like ethereal which will be able to sniff all network packets passing by your computer.  Khayr, I digress...

Also, have you considered uninstalling NIS and re-installing it?

[wlm]
C
Re: Hack?
Taalibatul_ilm
04/13/02 at 12:48:12
[slm]
Jazaka Allahu khairan Counterplex.  
I did uninstall/reinstall NIS a few days ago, and at first thought it had done the job, but the second connection came up again yesterday.  
I went to the Ethereal website, and it is way over my head.  
One Norton's support guy suggested the only way to get rid of this (if it is a sophisticated hack) was to format the hard drive.  That is not an option I want to take unless it is absolutely necessary.
Could you explain more how to do the command line nestat-an?  I am not an expert in computers and although my husband is good at computer hardware, this isn't a problem he is able to help me solve.
[wlm]
Re: Hack?
counterplex
04/13/02 at 19:24:13
[slm]
w/iyyakum.

To use netstat on a Windows 2000 or such machine (not sure if it exists prior to that except on Windows NT), do this:

Go to the Start Menu, choose Programs, then Accessories and run Command Prompt.
At the window that pops up, just type the following, without quotes, and press enter:

netstat -an

Then, if you could copy the contents of the window and send me a message with that in there, I'd be able to let you know whether I was able to find what I was looking for.

Hope this helps.

[wlm]
C
Re: Hack?
Taalibatul_ilm
04/15/02 at 05:00:02
[slm]
Jazaka Allahu khairan again for your help, Counterplex.  
I have Windows 98 and don't have that command prompt available.  Is it a DOS command that I could try in 98?
Again, may Allah reward you for your help.
[slm]
Re: Hack?
khanzadeh
04/15/02 at 06:00:14
[slm]

Would someone use this level of sophistication to hack someone's home computer? I think not. But installing a VPN driver and then enabling a connection through it looks like the work of a trojan. Still, I would say that is most likely due to some software misconfig.

When you say delete, did you go through the control panel Network applet to delete the VPN driver? Delete that and it may solve your problem. Deleting the connection only wouldn't help much. If this doesn't helps, try to figure out what triggers the connection. It may be related to the last software you installed. Lastly, you can tell from the properties of the VPN connection where it is ending up. It must be pointing to a VPN server. That info can be used to hunt down the culprit.

Upgrade to XP if you can afford to. Its rock solid (finally). I would not recommed Linux to a lay user (but its getting there).

And avoid running executables you get from your friends.
04/15/02 at 06:06:04
khanzadeh
Re: Hack?
Taalibatul_ilm
04/15/02 at 08:29:51
[slm]
Jazaka Allahu khairan for that advice Khanzadeh. I was only deleting the connection and didn't think to look in the control panel. I deleted the VPN driver that had the Internet 2 connection next to it, so it is the culprit. A maybe strange thing happened then, I got a prompt to put in the Windows CD to install a file: 32security.dll . I have Windows in my hard drive and installed it. Now, I went to check to make sure it didn't come back, and it asked me to install the same file again. ???? Maybe that is just a glitch.

I do want to upgrade to XP, but there is software I use that is quite vital to what I do that hasn't caught up yet.


An added note:  one hour later, the Internet (2) VPN connection is back.   :(
Jazaka Allahu khairan
[slm]
04/15/02 at 09:39:32
Taalibatul_ilm
Re: Hack?
BroHanif
04/15/02 at 18:34:59
[slm],
Sis talib, apolgies first for getting your gender wrong.

Perhaps an easier way for you to solve your problem may be to allow either Norton Firewall or ZoneEditPro.
I've used ZoneEdit and whatever program tries to dial out, it first needs to ask your permission, so in effect what you could have is the first software dialing out and then that is also checked by Zone Alarm Pro. Its kind a like acting as a secondary proxy server where only the ports and accepted software is filtered through.
Try this out and see if it works. Keep us posted.

salaams

Hanif


Madinat al-Muslimeen Islamic Message Board
A R C H I V E S

Individual posts do not necessarily reflect the views of Jannah.org, Islam, or all Muslims. All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the poster and may not be used without consent of the author.
The rest © Jannah.Org