Results 1 to 5 of 5

Thread: Network Security Compromised

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    New Member
    Join Date
    Oct 2002
    Location
    TN
    Posts
    13

    Angry Network Security Compromised

    I have a network using a hub with a server that has two nic's and is using ICS, and two other computers using a cable modem. one with my important info,and the other for my daughter. All are using norton internet security. She downloaded kazaa (the music download program) and I immediatley had 17 ports being probed from her network address on my server (which has file/print share disabled) and on my main computer (which has file/print sharing enabled) I shut down both and went to hers to find that norton internet security had been disabled. I ran ad-aware and found 61 questionable files which I deleted. Also on my main computer in the system.ini under boot the "drivers=mmsystem.dll power drive" was gone leaving me without sound. I found this through Dr.Watson. I replaced this no problem then. So far I have had no other problem.
    My questions are, Is it possible that they can get that far into my network and delete the system.ini file? How far could they have gotten? Where can I go to find if there are more files, and what kind of files are on any of my computers that ad-aware can't find?
    What else can I do to feel more secure about knowing my network is clean..(I deleted everything that she downloaded and uninstalled kazaa......Please help!! For my own peace of mind..

  2. #2
    Security Specialist greEd's Avatar
    Join Date
    May 2001
    Location
    Maryland
    Posts
    807
    She downloaded kazaa (the music download program) and I immediatley had 17 ports being probed from her network address on my server (which has file/print share disabled) and on my main computer (which has file/print sharing enabled) I shut down both and went to hers to find that norton internet security had been disabled.
    She was probing your server? or were the probes from from your wan to her lan ip? ... What 17 ports were they, being probed while using peer to peer services is common, actually you are not being probed your are being seeked out for what you are sharing, unless of course the port is directed at a port which is unrelated to the program.

    I ran ad-aware and found 61 questionable files which I deleted. Also on my main computer in the system.ini under boot the "drivers=mmsystem.dll power drive" was gone leaving me without sound. I found this through Dr.Watson. I replaced this no problem then. So far I have had no other problem.
    Was this the first time you ran ad-aware?

    My questions are, Is it possible that they can get that far into my network and delete the system.ini file? How far could they have gotten? Where can I go to find if there are more files, and what kind of files are on any of my computers that ad-aware can't find?
    It is possible, but not probable they got into the system, but your system.ini is of no interest to anyone unless they are wanting to set a constant way to get in..in this case you would notice a weird pointer in your system.ini file ... but the chance someone got in and just went after your "drivers=mmsystem.dll power drive" is not something anyone that you should be worried about would go after.

    If you really think someone compromised your network watch your ports and your logs, if you notice abnormal traffic from weird ports, look the port and its association up. Also change all the passwords on any shares you currently have.
    "I'm doing a (free) operating system (just a hobby, won't be big and professional...) for AT clones... It's not portable and it probably [won't ever] support anything other than AT hard disks, as thats all I have :-(." --Posted on Usenet August 1991 by Linus Trovalds
    http://www.computerglitch.net
    curiosity builds security | dd if=/dev/zero of=/dev/hda bs=512 count=100
    EOF

  3. #3
    New Member
    Join Date
    Oct 2002
    Location
    TN
    Posts
    13

    No prob so far

    I was being probed through her IP address..so far I have had no other problems. I got the alert about the port probes through Norton Internet security. There were no indication of what ports were probed. As far as running Adaware, No I had just ran it the day before I had a motherboard blow out on my server and had to rebuild it and reconnect the network with that I ran Ad-Aware with no questionable files. I appreciate your reply

  4. #4
    New Member
    Join Date
    Oct 2002
    Location
    TN
    Posts
    13
    I went in her puter and deleted any suspect programs that I knew I hadn't put there, as of this day no weird probes of any kind other than the usual scanner trojans that seem to never go away........wouldn't it be nice to have one button to send a surge of electricity to the scanners Ip address and obliterate it....oh well I can dream

  5. #5
    R.I.P. 2018-07-16 RoundEye's Avatar
    Join Date
    Jul 2000
    Location
    In a dry but moldy New Orleans, Louisiana
    Posts
    18,219
    Sometimes you ISP will run port scans looking for servers on thier network, that shouldn't be there.
    Sliding down the banister of life ..........................

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •