Results 1 to 3 of 3

Thread: How can you tell if you have an intruder....

  1. #1

    How can you tell if you have an intruder....

    I'm runnin ZA pro at the moment, and while I'm surprised at the sheer number of stuff that it blocks, I'm sure that almost all are nothing malicious.

    Recently however, I have begun to wonder if someone else has been snoopin around my system. Don't know how to explain it exactly, just more of a "sense" of things not being right.... things such as heavy activity of the line when I'm not doing ANYTHING. I might be just paranoid, but is there a way to tell if someone is using your connection for their purposes?

  2. #2
    R.I.P. 2016-11-23 Croc's Avatar
    Join Date
    Jan 2001
    Location
    Up top East side Downunder
    Posts
    7,819
    Is the "heavy activity" outbound or inbound?
    What do yo define "heavy activity"?
    If there is inbound traffic and ZA is blocking it then you really don't have too much to worry about except for the areas that holes have been found by Steve Gibson and others in ALL software firewalls

    If the traffic is outbound then you need to look at the programs you allow access to the net. RealPlayer (as an example only) will try and report back very frequently. To stop outbound traffic configure ZA to 'ask' for all the programs it lists.

    Go to www.zonelabs.com and use the searchbar at the top of the screen to find out more about the program. The knowledgebase is huge there.

    Go to www.grc.com and use the upgraded LeakTest program to test your protection. There are 2 tests with the second done by renaming a program. Make sure you follow all the instructions.

    Hope this helps.

    Croc.

    You could also get ADAware and a Trojan scanner. Try one from www.webattack.com in their Security pages.
    Croc.
    It will be long, it will be hard and there will be no withdrawal.
    Winston Churchill
    Remember: Wherever you go in life, you take yourself with you.

  3. #3
    Advanced Member hoov's Avatar
    Join Date
    Jan 2001
    Posts
    571
    Also during this time that you see a huge amount of activity and believe that someone may be snooping your pc, close browser and get to a dos prompt and type " netstat -a " and it should show you a list of active connections on your pc. If you use icq or something like that you may see an established connection to port 1590 I believe. Look for other established connections.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •