Results 1 to 5 of 5

Thread: Major security concern just occured. PLEASE HELP!

  1. #1
    gabrielknight Guest

    Default Major security concern just occured. PLEASE HELP!

    Like a complete ***** I switched off (completely disabled) ZoneAlarm for 3 minutes max to determine if a program worked without it.

    After switching back on, I checked in my Alerts and Logs section. There are about a dozen 'medium' alert logs within the last 3 weeks, but the one of real concern is at the top, is described as 'High Risk', and occured within seconds of restarting the Firewall. While it was blocked because the Firewall was back up, it obviously leaves me wondering what was going on in the minutes / seconds before when the Firewall was down.

    Type: Firewall
    Protocol: UDP
    Source IP: 200.171.38.197:1064
    Destination IP: 192.168.1.33.137

    The source seems to be somewhere in Brazil, but presumedly this could be spoofed / routed from elsewhere?

    I feel incredibly stupid for turning my Firewall off. I use a lot of encrypted routing through Tor and other programs etc, so guess I was asking for trouble?
    How much damage can be done in 3 minutes? 'Give me the plain truth doctor!'
    This incident should be considered serious shouldn't it?

    To confirm, I switched my Firewall off for 3 minutes for testing purposes, but within seconds of restarting, I had a high level alert, the first alert in days and the first high level alert in weeks / months.


    Operating System:
    Windows XP Home Edition
    Product Name:
    ZoneAlarm (Free)
    Software Version:


    Message Edited by GabrielKnight on 03-31-200608:21 AM

  2. #2
    Join Date
    Apr 2004
    Location
    East Coast of Florida - Lightening/Shark Bite Capital of the World
    Posts
    2,477

    Default Re: Major security concern just occured. PLEASE HELP!



    Hi GabrielKnight,















    Yes, it happens to the best of us one time or another.
    It has happened to me a couple of times, but then again I don't have anything on my computer that someone would want.
    NO sense to dwell on what just happened to you, you really need to go to different sites
    and run assorted scans on your computer, to make sure nothing was installed on it, when this happened.
    Here are sites, that will scan your computer, if you are interested.



    1.)

    http://housecall.trendmicro.com/



    2.)

    http://www.windowsecurity.com/trojanscan



    3.)

    http://www.trendmicro.com/spyware-scan/



    4.)

    http://www.ewido.net/en/




    5.)

    Panda ActiveScan
    http://www.pandasoftware.com/active...n_principal.htm
    Make sure you tick Disinfect automatically under Scan Options.



    6.)


    BitDefender Free Online Virus Scan
    http://www.bitdefender.com/scan/licence.php


    Make sure you tick AutoClean under Scan Options.



    7.)

    eTrust Antivirus Web Scanner
    http://www3.ca.com/securityadvisor/virusinfo/scan.aspx







    Hope this info has helped you, PLEASE keep me updated on your results.



































    SlyFox:8}








    "Politeness costs nothing and gains everything".

    Click here for ZA Support

    Avail. 24x7 - Excl. Holiday













  3. gabrielknight Guest

    Default Re: Major security concern just occured. PLEASE HELP!

    Thanks man,

    I truly feel like a **bleep**.

    Please bear in mind that I'm not as computer literate as you. However, while I don't have anything illegal on my HD, I have a lot of sensitive information, albeit info that would mean nothing to 99.9999% of the population.

    While I am running the s/w you linked to, presumedly this only searches for know virus's / trojans? Is there not some s/w that can reveal things that were done / installed / initialised on your HD within a specific timeframe, like my 3 minutes?

    I have a couple more questions, for which we must assume the worst that the 'threat' was eminent while my Firewall was off and detected when it was switched back on.

    1. The timing is really wierd. Could remote computers somehow scan your machine and f*ck things up when they know your firewall is disabled, or is it just really bad luck that this computer 'attacked' during these 3 minutes out of the last 3 weeks? Or is it more likely that this computer has been 'attacking' for some time but not considered a threat worth reporting until something was attempted to upload?

    2. I don't know what the 'high' level report means. Does this suggest that someone actively tried to upload files to my machine, or just that someone was trying to ping my ports out of interest? Is there any way to tell?

    I hate to ask this but have to.... What is the worst case scenario?
    Can anyone work out any more infos from the I.P. addresses / subnets (?!?! **bleep** am I talking about? - the port thingys at the end of the IP address, like :33)

    Message Edited by GabrielKnight on 03-31-200610:16 AM

    Message Edited by GabrielKnight on 03-31-200610:18 AM

  4. #4
    Join Date
    Apr 2004
    Location
    East Coast of Florida - Lightening/Shark Bite Capital of the World
    Posts
    2,477

    Default Re: Major security concern just occured. PLEASE HELP!



    Hi GabrielKnight,

















    I taught myself by reading books, magazines, visiting different forums, asking a lot of questions, and I learn from my mistakes.
    There are a lot of people who are not computer savvy, don't worry about that.
    You will learn over a period of time about computing.
    Just hang in there.
    Now, about the info you have on your computer, I probably did not explain that too good.
    Yes, I was really referring to sensitive or personal information that may be on your computer, nothing else.
    That is exactly what I don't have on my computer, NO sensitive or personal information.
    What happened in those 3 minutes when your firewall was off, it's really hard to determine.
    Perhaps your firewall logs, other than that I don't know.
    Let's look at the bright side of the situation, you got the IP Address of that connection you mentioned, block it at your firewall.
    BTW, you may want to consider on getting a Router which has a built-in installed hardware firewall.
    I heard they are really great in stopping a lot of different things.
    Plus, keep your software firewall, as that will prevent any thing from leaving your computer, in case something might of gotten thru into your computer.
    Myself I am considerating on getting one, as I am on cable broadband, then I can hook-up my other two computers on to the Router.


















    Hope this info has helped you, BTW there is another way on watching other computers on your network, if they are trying to sneak in on you.
    I try to do
    this often and will explain to you on how to perform this task.
    Will check back with you shortly.
    It's really cool and it works.































    SlyFox:8}
    "Politeness costs nothing and gains everything".

    Click here for ZA Support

    Avail. 24x7 - Excl. Holiday













  5. Join Date
    Apr 2004
    Location
    East Coast of Florida - Lightening/Shark Bite Capital of the World
    Posts
    2,477

    Default Re: Major security concern just occured. PLEASE HELP!



    Hi GabrielKnight,


















    PLEASE go to the following thread and checkout all the great info about how to detect other computers trying to connect to your computer.
    Remember, go to Start, then to Run, type in CMD, click on OK, then you should be in the DOS (black screen), type in netstat -a, or netstat -an, or netstat -ano, then hit enter, bingo a whole lot of different ip addresses and explanations will show up.
    When you are done in that screen, just enter exit and enter, then you will be out of that cmd prompt.
    Here is the link with all the info you can perform with the Netstat feature.

    BTW, if you see that IP Address on the screen, see what it is trying to do and PLEASE let me know.
























    http://www.microsoft.com/resources/d....mspx?mfr=true



















    Hope this info has helped you.



















    Thank you for your time and have a great day!












































    SlyFox:8}
    "Politeness costs nothing and gains everything".

    Click here for ZA Support

    Avail. 24x7 - Excl. Holiday













Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •