Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What exactly is hacking


  • Please log in to reply
3 replies to this topic

#1 MMMM2424

MMMM2424

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 25 March 2011 - 06:09 PM

Hi, I'm just enquiring into the exact details of hacking. I do not understand the meaning. I always thought for someone to hack your pc, they needed to install malware, a bot/rat etc
So, this is my set up.
I have Avira AV, MBAM pro, I use windows firewall, I use a netgear router (secured), all my surfing is done using sandboxie, I rigorously check my system with Secunia, I use roboform pro to generate strong passwords
Is it possble for someone to hack my pc without infecting it ?
i really appreciate any advice
I guess the answer wont be simple, I always thought I was bullet proof , now , i am no longer sure
Thank you very much

Edit: Moved topic from Am I hacked? What do I do? to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,250 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:02:29 AM

Posted 25 March 2011 - 06:39 PM

The meaning of "Hacked" in the context of our "Am I Hacked?" forum means any sort of unauthorized access to otherwise restricted systems or data. This is very similar to but distinct from being infected with malware. For example a hacked computer might not actually have any malware installed on it but an attacker has nevertheless gained some degree of control over it, or a hacked e-mail account where the attacker is able to access your address book and send spam. These can be the result of weak passwords, unpatched exploits, and other vulnerabilities which do not require the attacker to actually install anything on your computer (though they might try anyway.)

#3 MMMM2424

MMMM2424
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 26 March 2011 - 05:46 AM

Thanks for the reply. Is it possible to tell from any logs ( like OTL ) if a system is compromised ? Would it be possible to post such a log. How do you check for evidence of being hacked. Thank you.
As i said, I use secunia to make sure my system is fully patched

Edited by MMMM2424, 26 March 2011 - 05:47 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:29 AM

Posted 26 March 2011 - 07:24 AM

How do you check for evidence of being hacked.

If you think your computer has been hacked, investigate for unusual user account names that have suddenly appeared and for open TCP/UDP Ports. There are several standard (common) user account names and ports that are supposed to be there and if you see these accounts or ports, they are typically not a cause for concern as they are most likely legitimate:

Common TCP Ports include 135, 139, 445, 1030, 5152.
Common UDP Ports include 137, 138, 445, 500, 4500, 1900.

To view what user accounts are on your system, click Posted Image > Control Panel and double-click on User Accounts to open.

You can use netstat, a command-line tool that displays incoming and outgoing network connections, from a command prompt to obtain Local/Foreign Addresses, PID and listening state.
  • netstat /? lists all available parameters that can be used.
  • netstat -a lists all active TCP connections and the TCP and UDP ports on which the computer is listening.
  • netstat -b lists all active TCP connections, Foreign Address, State and process ID (PID) for each connection.
  • netstat -n lists active TCP connections. Addresses and port numbers are expressed numerically; no attempt is made to determine names.
  • netstat -o lists active TCP connections and includes the process ID (PID) for each connection. You can find the application based on the PID on the Processes tab in Windows Task Manager. This parameter can be combined with parameters -a, -n, and -p as shown below:
    netstat -an
    netstat -ano
-- If the port in question is listed as "Listening" there is a possibility that it is in use by a Trojan server but your firewall, if properly configured, should have blocked any attempt to access it. A "listening" state is when a program on a computer listens and waits on an open port to accept (establish) a connection with a remote computer on another port. See what is the Difference between Established/Listening Ports?.

Once you obtain the information with netstat, run a traceroute to trace the path of the connection, find the location and ISP used by the hacker. To run a traceroute, open the command prompt again and type: tracert ip address/hostname (replace "ip address" and "hostname" with the relevant information you collected).
TCPView is a third party utility that will allow you to view detailed listings of all TCP and UDP endpoints on your system, including local/remote addresses, state of TCP connections and the process that opened the port:
Other investigative resources:

Is it possible to tell from any logs ( like OTL ) if a system is compromised ? Would it be possible to post such a log.

Yes but they are not permitted in this forum. If that is something you want to do, then please read the "Preparation Guide".
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.
When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users