Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Some guy is non-stop trying to hack me
New Posts  All Forums:Forum Nav:

Some guy is non-stop trying to hack me - Page 4

post #31 of 56
Quote:
Originally Posted by beers View Post

tl;dr thread
That log indicates the traffic is originating from your LAN...

this.

I'd check the other computers on the network and scan them. Do you have any other adults/teens in the house/network?

Have you changed your wifi/router passwords yet?
AMD Transplant
(11 items)
 
To be a NAS
(13 items)
 
Death Kühler
(14 items)
 
CPUMotherboardGraphicsRAM
965BE GA-78LMT-S2P MSI TFIII 7950 Corsair Vengence 
Hard DriveCoolingOSMonitor
Samsung 830 Noctua NH-D14 Win7 Pro FX2490HD 
PowerCaseMouse
Seasonic X660 Antec Three Hundred Saitek Rat 7 
CPUMotherboardGraphicsRAM
AMD Athlon 64 X2 4200+ Gateway GM5072 AMD HD5550 2.0 Gb 
Hard DriveMonitorKeyboardPower
Seagate Barracuda 500Gb Samsung FX2490 MS Keyboard 3000 300w generic 
Mouse
MS Intellipoint 3000 
CPUMotherboardGraphicsRAM
2500k GigaByte Z68M-D2H-B3 MSI 560 Ti TFIII Corsair Vengance 
Hard DriveCoolingOSMonitor
Samsung 830 Antec Khuler 920 Win7 HP Samsung FX2490 
KeyboardPowerCaseMouse
Microsoft Keyboard 3000 Seasonic X-660 Antec Three Hundred Microsoft Mouse 3000 
Mouse PadAudio
None - Blue Track baby Senn HD428 
  hide details  
Reply
AMD Transplant
(11 items)
 
To be a NAS
(13 items)
 
Death Kühler
(14 items)
 
CPUMotherboardGraphicsRAM
965BE GA-78LMT-S2P MSI TFIII 7950 Corsair Vengence 
Hard DriveCoolingOSMonitor
Samsung 830 Noctua NH-D14 Win7 Pro FX2490HD 
PowerCaseMouse
Seasonic X660 Antec Three Hundred Saitek Rat 7 
CPUMotherboardGraphicsRAM
AMD Athlon 64 X2 4200+ Gateway GM5072 AMD HD5550 2.0 Gb 
Hard DriveMonitorKeyboardPower
Seagate Barracuda 500Gb Samsung FX2490 MS Keyboard 3000 300w generic 
Mouse
MS Intellipoint 3000 
CPUMotherboardGraphicsRAM
2500k GigaByte Z68M-D2H-B3 MSI 560 Ti TFIII Corsair Vengance 
Hard DriveCoolingOSMonitor
Samsung 830 Antec Khuler 920 Win7 HP Samsung FX2490 
KeyboardPowerCaseMouse
Microsoft Keyboard 3000 Seasonic X-660 Antec Three Hundred Microsoft Mouse 3000 
Mouse PadAudio
None - Blue Track baby Senn HD428 
  hide details  
Reply
post #32 of 56
Quote:
Originally Posted by The Muffin Man View Post

do this to find the hacker biggrin.gif
http://www.youtube.com/watch?v=hkDD03yeLnU

Yep that should do it.

thumb.gif
Goliath
(13 items)
 
fBSD
(10 items)
 
pfSense Box
(11 items)
 
CPUMotherboardGraphicsRAM
i7 4770 Gigabyte z87x-ud3h Intel HD4600 G.Skill Ripjaws X 
Hard DriveOptical DriveCoolingOS
Crucial M500 Pioneer Blu-ray Burner Swiftech Polaris Linux Mint 
MonitorKeyboardPowerCase
Korean 1440p WASD 104 key v2 - mx Blue switches Corsair HX-650 v2 Lian Li pc-a05n 
Mouse
Logitech G600 
CPUMotherboardGraphicsRAM
Intel Core i7 2700k Asus z68 Deluxe Gen 3 Gt 610 8 Gb Samsung Magic Memory 
Hard DriveHard DriveOSPower
WD Green WD Green FreeBSD 10 OCZ ModXtreme Pro 500 
CPUMotherboardGraphicsRAM
Intel Celeron G1620 Asus z68 Deluxe 9500 GT Corsair Value Ram 
Hard DriveOSMonitorPower
OCZ Agility SSD pfSense / FreeBSD SSH via LAN Antec 520w Gamer 
OtherOtherOther
Intel PCIe Dual Gigabit LAN card. D-Link Gigabit 8 port Switch Apple Airport Extreme N - for wireless access. 
  hide details  
Reply
Goliath
(13 items)
 
fBSD
(10 items)
 
pfSense Box
(11 items)
 
CPUMotherboardGraphicsRAM
i7 4770 Gigabyte z87x-ud3h Intel HD4600 G.Skill Ripjaws X 
Hard DriveOptical DriveCoolingOS
Crucial M500 Pioneer Blu-ray Burner Swiftech Polaris Linux Mint 
MonitorKeyboardPowerCase
Korean 1440p WASD 104 key v2 - mx Blue switches Corsair HX-650 v2 Lian Li pc-a05n 
Mouse
Logitech G600 
CPUMotherboardGraphicsRAM
Intel Core i7 2700k Asus z68 Deluxe Gen 3 Gt 610 8 Gb Samsung Magic Memory 
Hard DriveHard DriveOSPower
WD Green WD Green FreeBSD 10 OCZ ModXtreme Pro 500 
CPUMotherboardGraphicsRAM
Intel Celeron G1620 Asus z68 Deluxe 9500 GT Corsair Value Ram 
Hard DriveOSMonitorPower
OCZ Agility SSD pfSense / FreeBSD SSH via LAN Antec 520w Gamer 
OtherOtherOther
Intel PCIe Dual Gigabit LAN card. D-Link Gigabit 8 port Switch Apple Airport Extreme N - for wireless access. 
  hide details  
Reply
post #33 of 56
Thread Starter 
Ok so unplugging all internet devices, modem, network, and running netstat on CMD.. this is what I get?


Please kindly tell me if that image reveals anything private...

It looks highly suspicious, whats all those Ip clones doing? It does look like my PC is infected, so far full scan picked up nothing but tracking cookies. The quick scans and reputation scans picked up nothing.
Do remember this is the results even when the internet is shut, and all programs are closed.
Please kindly tell me if that image reveals anything private...
Edited by RuneDunes - 3/2/12 at 8:07pm
Main Rig
(20 items)
 
Old Rig
(14 items)
 
Other Rig
(14 items)
 
CPUMotherboardGraphicsRAM
i7-7700k @ 4.9GHz ~ 1.36v MSI Z270 SLI Plus  MSI GTX 1070 Gaming X 2000/4400 16GB (2 x 8GB) G.SKILL Ripjaws V 3200MHz CL16 
Hard DriveHard DriveHard DriveHard Drive
Samsung EVO 850 250GB  Samsung Spinpoint F3 1 TB  Western Caviar SE 7200 250GB  1 TB Western Digital Blue  
Optical DriveCoolingOSMonitor
ASUS DRW-24F1ST Scythe Fuma  Windows 10 Home Viewsonic XG2703-GS 27" 
MonitorMonitorKeyboardPower
ASUS VS247H-P 23.6" ASUS VE208 20" Logitech G710 MX Blue Corsair HX 750W 
CaseMouseMouse Pad
Phanteks Enthoo Pro - Black Window Sharkk Wired Gaming Mouse  Razer Goliathus 
CPUMotherboardGraphicsRAM
i5-2500k @ 4.8GHz ~ 1.416-1.428v Gigabye Z68X-UD3P XFX Radeon HD 6750 4GB (1 x 4GB) DDR3 1333MHz 
Hard DriveCoolingOSMonitor
Toshiba MQ01ABD 750 GB Hyper 212+ Windows 7 Home eMachines E19T5W 19" 
KeyboardPowerCaseMouse
Some Gateway PS2 keyboard Coolermaster Elite Power 460w CM 690 II Advanced  Some $2 wireless mouse  
Mouse Pad
Some $1 mouse pad of a tropical beach  
CPUMotherboardRAMHard Drive
Pentium G4400 @ 3.3GHz H110M Pro-VD 4GB (1 x 4GB) Ballistix Sport LT 2400MHz  Toshiba MQ01ABD 750 GB 
Optical DriveOSMonitorKeyboard
LITE-ON Linux Mint Mate  Gateway HD2201 22"  MechanicalEagle Z-77 Outemu Blues 
PowerCaseMouseMouse Pad
EVGA 430 W1 Rosewill SRM-01 Kensington Pro Fit Belkin Mouse Pad  
  hide details  
Reply
Main Rig
(20 items)
 
Old Rig
(14 items)
 
Other Rig
(14 items)
 
CPUMotherboardGraphicsRAM
i7-7700k @ 4.9GHz ~ 1.36v MSI Z270 SLI Plus  MSI GTX 1070 Gaming X 2000/4400 16GB (2 x 8GB) G.SKILL Ripjaws V 3200MHz CL16 
Hard DriveHard DriveHard DriveHard Drive
Samsung EVO 850 250GB  Samsung Spinpoint F3 1 TB  Western Caviar SE 7200 250GB  1 TB Western Digital Blue  
Optical DriveCoolingOSMonitor
ASUS DRW-24F1ST Scythe Fuma  Windows 10 Home Viewsonic XG2703-GS 27" 
MonitorMonitorKeyboardPower
ASUS VS247H-P 23.6" ASUS VE208 20" Logitech G710 MX Blue Corsair HX 750W 
CaseMouseMouse Pad
Phanteks Enthoo Pro - Black Window Sharkk Wired Gaming Mouse  Razer Goliathus 
CPUMotherboardGraphicsRAM
i5-2500k @ 4.8GHz ~ 1.416-1.428v Gigabye Z68X-UD3P XFX Radeon HD 6750 4GB (1 x 4GB) DDR3 1333MHz 
Hard DriveCoolingOSMonitor
Toshiba MQ01ABD 750 GB Hyper 212+ Windows 7 Home eMachines E19T5W 19" 
KeyboardPowerCaseMouse
Some Gateway PS2 keyboard Coolermaster Elite Power 460w CM 690 II Advanced  Some $2 wireless mouse  
Mouse Pad
Some $1 mouse pad of a tropical beach  
CPUMotherboardRAMHard Drive
Pentium G4400 @ 3.3GHz H110M Pro-VD 4GB (1 x 4GB) Ballistix Sport LT 2400MHz  Toshiba MQ01ABD 750 GB 
Optical DriveOSMonitorKeyboard
LITE-ON Linux Mint Mate  Gateway HD2201 22"  MechanicalEagle Z-77 Outemu Blues 
PowerCaseMouseMouse Pad
EVGA 430 W1 Rosewill SRM-01 Kensington Pro Fit Belkin Mouse Pad  
  hide details  
Reply
post #34 of 56
he is hiding his ip adress?so everybody is or should be hiding their ip adress no hacker stuff there!my bet is he is probably unaware of what is going on and he is probably infected too!use ie9,mse,malicious software removal tool,sweeper!(all from ms all free!)for sweeper it is a bit of work but it will check your system when you are not using it or sleeping
with these you should find what the issue is!
post #35 of 56
First and foremost, this is probably not actual person doing this manually, but a script (probably automated)--look at the timestamps, that's way too fast for a human to type those attacks manually. Just something to note. Also, the reason he spoofed his IP is that he is trying to initialize a connection as if it is from somewhere else, but have it routed back through him--a man-in-the-middle attack. Not going to go into specifics in how this is done, but I am sure you're getting the idea by now of what they want. It could even be an infected computer on your network trying to reroute traffic through its 'master.' But in a nutshell, the attacker is wanting to eavesdrop on a connection between you and somewhere else, and you need to figure out 'what.' It may not even be anything real or an actual threat, it could be an automated script pointed at your entire network segment, but we don't have much to go on here.

So in all honesty, you're not really giving us enough information to _really_ help you, specifically, the first octet of the IP address so that we can determine if the traffic is coming from your local address space or a public address. If the actual local address really exist within your network, etc..

What should concern you is that you're also logging a packet from 192.168.2.63 port 57616 (port is probably a random source pertaining to the connection in question). I am assuming this is a machine on your local network? If so, you may want to start getting worried. It may be a good idea to do a netstat and see what established, waiting, and listening connections there are, and then look into their associated PIDs and executables via wmic. Importantly, it may be a good idea to see if you have anything on port 57616, and what is doing the 'listening,' because if you get lucky and there is something there, it may give you insight into what they're trying to eavesdrop on. But it may be beneficial for you to watch when these attacks occur, and if they have a corresponding local address on your network to quickly see what is happening on that port on that machine. You're going to need to be quick. But honestly, if they attacker is getting accurate internal, private IP addresses correct from outside your network, he's either exploiting a flaw in your firewall (assuming it is packet filtering...) and this flaw is giving this information to him, or he could even be eavesdropping on your wireless traffic (possibly a neighbor), or perhaps you simply have an infected machine sending it out, or perhaps someone on your network is doing it without realizing it via an exploited site, trojan application, the list goes on and on.

But in reality, we can only guess. We need more data.

What can you do? Do your best to be preventive, and not only reactive in your security approach.

Virus scan your machines. Make sure you're using safe browsing habits. Make sure you have AV running. Make sure you have both a firewall protecting your network and each individual local host, and that they're properly configured. Restrict permissions on all accounts used for web browsing (take away the dang admin rights unless you need them, then switch accounts). PATCH PATCH PATCH, keep everything up-to-date. Go through and see what is installed and running on each machine, and update it if need be, or even remove it if not used. The list goes on and on, but I am sure you get the idea.

Hope this helps you go in the right direction. This may be nothing, or it may be something serious, with what we have I cannot really tell you.
Uncensored
(29 items)
 
AMD PII Rig
(15 items)
 
 
CPUMotherboardGraphicsGraphics
AMD FX 8120 @ 4.8Ghz ASUS Sabertooth 990FX MSI Geforce GTX680 #1 MSI Geforce GTX680 #2 
GraphicsRAMHard DriveHard Drive
PowerColor 7970 ref. (Backup card...) 16 GB Corsair Vengeance PC3 12800 Seagate Barracuda 1TB 7200RPM Crucial 128GB M4 SSD 6Gb/s 
Optical DriveCoolingCoolingCooling
None PrimoChill PrimoFlex PRO LRT Tubing 1/1" ID 3/4... Swiftech MCP655 Koolance VID-NX680 
CoolingCoolingCoolingCooling
Koolance VID-NX680 Danger Den Monsoon D5 Bay Reservoir Enzotech Compression Fittings Scythe Gentle Typhoon AP-15 x4 
CoolingCoolingOSMonitor
EK-Supreme HF XSPC RX480 Win 7 Ultimate 64bit Acer 23" 1080p S232HL #1 
MonitorMonitorKeyboardPower
Acer 23" 1080p S232HL #2 Acer 23" 1080p S232HL #3 Razer BlackWidow Ultimate Mechanical Keyboard Seasonic X750 Gold 
CaseMouseMouse PadAudio
Danger Den 26  Razer Deathadder My cat, or other small, furry creatures. Creative Sound Blaster X-Fi Titanium 
Audio
Sennheiser HD555 Headphones 
CPUMotherboardGraphicsRAM
AMD Phenom II 955 Black Edition ASUS Crosshair iv Formula SAPPHIRE Radeon HD 6950 2GB (unlocked) - ref Corsair Vengeance 8GB (2 x 4GB) 
Hard DriveOptical DriveCoolingOS
Seagate Barracuda 1TB 7200RPM None NZXT havik Win 7 Ultimate 64bit 
MonitorKeyboardPowerCase
Samsung 19" LCD Razer BlackWidow Ultimate Mechanical Keyboard  CORSAIR TX650 Antec 902 
MouseAudio
Razer Naga M-Audio Studiophile AV40 Powered Monitor Speakers 
  hide details  
Reply
Uncensored
(29 items)
 
AMD PII Rig
(15 items)
 
 
CPUMotherboardGraphicsGraphics
AMD FX 8120 @ 4.8Ghz ASUS Sabertooth 990FX MSI Geforce GTX680 #1 MSI Geforce GTX680 #2 
GraphicsRAMHard DriveHard Drive
PowerColor 7970 ref. (Backup card...) 16 GB Corsair Vengeance PC3 12800 Seagate Barracuda 1TB 7200RPM Crucial 128GB M4 SSD 6Gb/s 
Optical DriveCoolingCoolingCooling
None PrimoChill PrimoFlex PRO LRT Tubing 1/1" ID 3/4... Swiftech MCP655 Koolance VID-NX680 
CoolingCoolingCoolingCooling
Koolance VID-NX680 Danger Den Monsoon D5 Bay Reservoir Enzotech Compression Fittings Scythe Gentle Typhoon AP-15 x4 
CoolingCoolingOSMonitor
EK-Supreme HF XSPC RX480 Win 7 Ultimate 64bit Acer 23" 1080p S232HL #1 
MonitorMonitorKeyboardPower
Acer 23" 1080p S232HL #2 Acer 23" 1080p S232HL #3 Razer BlackWidow Ultimate Mechanical Keyboard Seasonic X750 Gold 
CaseMouseMouse PadAudio
Danger Den 26  Razer Deathadder My cat, or other small, furry creatures. Creative Sound Blaster X-Fi Titanium 
Audio
Sennheiser HD555 Headphones 
CPUMotherboardGraphicsRAM
AMD Phenom II 955 Black Edition ASUS Crosshair iv Formula SAPPHIRE Radeon HD 6950 2GB (unlocked) - ref Corsair Vengeance 8GB (2 x 4GB) 
Hard DriveOptical DriveCoolingOS
Seagate Barracuda 1TB 7200RPM None NZXT havik Win 7 Ultimate 64bit 
MonitorKeyboardPowerCase
Samsung 19" LCD Razer BlackWidow Ultimate Mechanical Keyboard  CORSAIR TX650 Antec 902 
MouseAudio
Razer Naga M-Audio Studiophile AV40 Powered Monitor Speakers 
  hide details  
Reply
post #36 of 56
Quote:
Originally Posted by RuneDunes View Post

Ok so unplugging all internet devices, modem, network, and running netstat on CMD.. this is what I get?
518
Please kindly tell me if that image reveals anything private...
It looks highly suspicious, whats all those Ip clones doing? It does look like my PC is infected, so far full scan picked up nothing but tracking cookies. The quick scans and reputation scans picked up nothing.
Do remember this is the results even when the internet is shut, and all programs are closed.
Please kindly tell me if that image reveals anything private...

If you wouldn't mind, a 'netstat -bn' and a 'netstat -bna'

Then, if we find something slimy, you may want to do a 'wmic process list brief' and then a 'wmic process list full' to find out where it is, and do some research on it, assuming that it is indeed something on that machine.

Also, those are not IP clones, those are connection attempts from that local machine (x.x.2.63) out to the world. If you look at the random port number, you'll notice they all seem to be grouped around the 51000, that is an application doing it. It could be a good application or a bad one, we don't know yet. Normally, what you'd see for the random source port is a random generated number between 1024 and 65535, but as you can see, those are not random ports, so we need to find the associated executables making the connection attempts to determine if that is something to be worried about or not.
Edited by svthomas - 3/2/12 at 3:54pm
Uncensored
(29 items)
 
AMD PII Rig
(15 items)
 
 
CPUMotherboardGraphicsGraphics
AMD FX 8120 @ 4.8Ghz ASUS Sabertooth 990FX MSI Geforce GTX680 #1 MSI Geforce GTX680 #2 
GraphicsRAMHard DriveHard Drive
PowerColor 7970 ref. (Backup card...) 16 GB Corsair Vengeance PC3 12800 Seagate Barracuda 1TB 7200RPM Crucial 128GB M4 SSD 6Gb/s 
Optical DriveCoolingCoolingCooling
None PrimoChill PrimoFlex PRO LRT Tubing 1/1" ID 3/4... Swiftech MCP655 Koolance VID-NX680 
CoolingCoolingCoolingCooling
Koolance VID-NX680 Danger Den Monsoon D5 Bay Reservoir Enzotech Compression Fittings Scythe Gentle Typhoon AP-15 x4 
CoolingCoolingOSMonitor
EK-Supreme HF XSPC RX480 Win 7 Ultimate 64bit Acer 23" 1080p S232HL #1 
MonitorMonitorKeyboardPower
Acer 23" 1080p S232HL #2 Acer 23" 1080p S232HL #3 Razer BlackWidow Ultimate Mechanical Keyboard Seasonic X750 Gold 
CaseMouseMouse PadAudio
Danger Den 26  Razer Deathadder My cat, or other small, furry creatures. Creative Sound Blaster X-Fi Titanium 
Audio
Sennheiser HD555 Headphones 
CPUMotherboardGraphicsRAM
AMD Phenom II 955 Black Edition ASUS Crosshair iv Formula SAPPHIRE Radeon HD 6950 2GB (unlocked) - ref Corsair Vengeance 8GB (2 x 4GB) 
Hard DriveOptical DriveCoolingOS
Seagate Barracuda 1TB 7200RPM None NZXT havik Win 7 Ultimate 64bit 
MonitorKeyboardPowerCase
Samsung 19" LCD Razer BlackWidow Ultimate Mechanical Keyboard  CORSAIR TX650 Antec 902 
MouseAudio
Razer Naga M-Audio Studiophile AV40 Powered Monitor Speakers 
  hide details  
Reply
Uncensored
(29 items)
 
AMD PII Rig
(15 items)
 
 
CPUMotherboardGraphicsGraphics
AMD FX 8120 @ 4.8Ghz ASUS Sabertooth 990FX MSI Geforce GTX680 #1 MSI Geforce GTX680 #2 
GraphicsRAMHard DriveHard Drive
PowerColor 7970 ref. (Backup card...) 16 GB Corsair Vengeance PC3 12800 Seagate Barracuda 1TB 7200RPM Crucial 128GB M4 SSD 6Gb/s 
Optical DriveCoolingCoolingCooling
None PrimoChill PrimoFlex PRO LRT Tubing 1/1" ID 3/4... Swiftech MCP655 Koolance VID-NX680 
CoolingCoolingCoolingCooling
Koolance VID-NX680 Danger Den Monsoon D5 Bay Reservoir Enzotech Compression Fittings Scythe Gentle Typhoon AP-15 x4 
CoolingCoolingOSMonitor
EK-Supreme HF XSPC RX480 Win 7 Ultimate 64bit Acer 23" 1080p S232HL #1 
MonitorMonitorKeyboardPower
Acer 23" 1080p S232HL #2 Acer 23" 1080p S232HL #3 Razer BlackWidow Ultimate Mechanical Keyboard Seasonic X750 Gold 
CaseMouseMouse PadAudio
Danger Den 26  Razer Deathadder My cat, or other small, furry creatures. Creative Sound Blaster X-Fi Titanium 
Audio
Sennheiser HD555 Headphones 
CPUMotherboardGraphicsRAM
AMD Phenom II 955 Black Edition ASUS Crosshair iv Formula SAPPHIRE Radeon HD 6950 2GB (unlocked) - ref Corsair Vengeance 8GB (2 x 4GB) 
Hard DriveOptical DriveCoolingOS
Seagate Barracuda 1TB 7200RPM None NZXT havik Win 7 Ultimate 64bit 
MonitorKeyboardPowerCase
Samsung 19" LCD Razer BlackWidow Ultimate Mechanical Keyboard  CORSAIR TX650 Antec 902 
MouseAudio
Razer Naga M-Audio Studiophile AV40 Powered Monitor Speakers 
  hide details  
Reply
post #37 of 56
Thread Starter 
Quote:
Originally Posted by svthomas View Post

First and foremost, this is probably not actual person doing this manually, but a script (probably automated)--look at the timestamps, that's way too fast for a human to type those attacks manually. Just something to note. Also, the reason he spoofed his IP is that he is trying to initialize a connection as if it is from somewhere else, but have it routed back through him--a man-in-the-middle attack. Not going to go into specifics in how this is done, but I am sure you're getting the idea by now of what they want. It could even be an infected computer on your network trying to reroute traffic through its 'master.' But in a nutshell, the attacker is wanting to eavesdrop on a connection between you and somewhere else, and you need to figure out 'what.' It may not even be anything real or an actual threat, it could be an automated script pointed at your entire network segment, but we don't have much to go on here.
So in all honesty, you're not really giving us enough information to _really_ help you, specifically, the first octet of the IP address so that we can determine if the traffic is coming from your local address space or a public address. If the actual local address really exist within your network, etc..
What should concern you is that you're also logging a packet from 192.168.2.63 port 57616 (port is probably a random source pertaining to the connection in question). I am assuming this is a machine on your local network? If so, you may want to start getting worried. It may be a good idea to do a netstat and see what established, waiting, and listening connections there are, and then look into their associated PIDs and executables via wmic. Importantly, it may be a good idea to see if you have anything on port 57616, and what is doing the 'listening,' because if you get lucky and there is something there, it may give you insight into what they're trying to eavesdrop on. But it may be beneficial for you to watch when these attacks occur, and if they have a corresponding local address on your network to quickly see what is happening on that port on that machine. You're going to need to be quick. But honestly, if they attacker is getting accurate internal, private IP addresses correct from outside your network, he's either exploiting a flaw in your firewall (assuming it is packet filtering...) and this flaw is giving this information to him, or he could even be eavesdropping on your wireless traffic (possibly a neighbor), or perhaps you simply have an infected machine sending it out, or perhaps someone on your network is doing it without realizing it via an exploited site, trojan application, the list goes on and on.
But in reality, we can only guess. We need more data.
What can you do? Do your best to be preventive, and not only reactive in your security approach.
Virus scan your machines. Make sure you're using safe browsing habits. Make sure you have AV running. Make sure you have both a firewall protecting your network and each individual local host, and that they're properly configured. Restrict permissions on all accounts used for web browsing (take away the dang admin rights unless you need them, then switch accounts). PATCH PATCH PATCH, keep everything up-to-date. Go through and see what is installed and running on each machine, and update it if need be, or even remove it if not used. The list goes on and on, but I am sure you get the idea.
Hope this helps you go in the right direction. This may be nothing, or it may be something serious, with what we have I cannot really tell you.


Ok please remember that that picture was taken when ROUTER, MODEM, NETWORK, were all SHUT down ( Basically that remove all factors of neighbors or all machines in my network). At this moment I'm suspecting it could be some infection on my PC, however the connections are TCP and are incoming, but thats not possible when my internet is all shut down.
Main Rig
(20 items)
 
Old Rig
(14 items)
 
Other Rig
(14 items)
 
CPUMotherboardGraphicsRAM
i7-7700k @ 4.9GHz ~ 1.36v MSI Z270 SLI Plus  MSI GTX 1070 Gaming X 2000/4400 16GB (2 x 8GB) G.SKILL Ripjaws V 3200MHz CL16 
Hard DriveHard DriveHard DriveHard Drive
Samsung EVO 850 250GB  Samsung Spinpoint F3 1 TB  Western Caviar SE 7200 250GB  1 TB Western Digital Blue  
Optical DriveCoolingOSMonitor
ASUS DRW-24F1ST Scythe Fuma  Windows 10 Home Viewsonic XG2703-GS 27" 
MonitorMonitorKeyboardPower
ASUS VS247H-P 23.6" ASUS VE208 20" Logitech G710 MX Blue Corsair HX 750W 
CaseMouseMouse Pad
Phanteks Enthoo Pro - Black Window Sharkk Wired Gaming Mouse  Razer Goliathus 
CPUMotherboardGraphicsRAM
i5-2500k @ 4.8GHz ~ 1.416-1.428v Gigabye Z68X-UD3P XFX Radeon HD 6750 4GB (1 x 4GB) DDR3 1333MHz 
Hard DriveCoolingOSMonitor
Toshiba MQ01ABD 750 GB Hyper 212+ Windows 7 Home eMachines E19T5W 19" 
KeyboardPowerCaseMouse
Some Gateway PS2 keyboard Coolermaster Elite Power 460w CM 690 II Advanced  Some $2 wireless mouse  
Mouse Pad
Some $1 mouse pad of a tropical beach  
CPUMotherboardRAMHard Drive
Pentium G4400 @ 3.3GHz H110M Pro-VD 4GB (1 x 4GB) Ballistix Sport LT 2400MHz  Toshiba MQ01ABD 750 GB 
Optical DriveOSMonitorKeyboard
LITE-ON Linux Mint Mate  Gateway HD2201 22"  MechanicalEagle Z-77 Outemu Blues 
PowerCaseMouseMouse Pad
EVGA 430 W1 Rosewill SRM-01 Kensington Pro Fit Belkin Mouse Pad  
  hide details  
Reply
Main Rig
(20 items)
 
Old Rig
(14 items)
 
Other Rig
(14 items)
 
CPUMotherboardGraphicsRAM
i7-7700k @ 4.9GHz ~ 1.36v MSI Z270 SLI Plus  MSI GTX 1070 Gaming X 2000/4400 16GB (2 x 8GB) G.SKILL Ripjaws V 3200MHz CL16 
Hard DriveHard DriveHard DriveHard Drive
Samsung EVO 850 250GB  Samsung Spinpoint F3 1 TB  Western Caviar SE 7200 250GB  1 TB Western Digital Blue  
Optical DriveCoolingOSMonitor
ASUS DRW-24F1ST Scythe Fuma  Windows 10 Home Viewsonic XG2703-GS 27" 
MonitorMonitorKeyboardPower
ASUS VS247H-P 23.6" ASUS VE208 20" Logitech G710 MX Blue Corsair HX 750W 
CaseMouseMouse Pad
Phanteks Enthoo Pro - Black Window Sharkk Wired Gaming Mouse  Razer Goliathus 
CPUMotherboardGraphicsRAM
i5-2500k @ 4.8GHz ~ 1.416-1.428v Gigabye Z68X-UD3P XFX Radeon HD 6750 4GB (1 x 4GB) DDR3 1333MHz 
Hard DriveCoolingOSMonitor
Toshiba MQ01ABD 750 GB Hyper 212+ Windows 7 Home eMachines E19T5W 19" 
KeyboardPowerCaseMouse
Some Gateway PS2 keyboard Coolermaster Elite Power 460w CM 690 II Advanced  Some $2 wireless mouse  
Mouse Pad
Some $1 mouse pad of a tropical beach  
CPUMotherboardRAMHard Drive
Pentium G4400 @ 3.3GHz H110M Pro-VD 4GB (1 x 4GB) Ballistix Sport LT 2400MHz  Toshiba MQ01ABD 750 GB 
Optical DriveOSMonitorKeyboard
LITE-ON Linux Mint Mate  Gateway HD2201 22"  MechanicalEagle Z-77 Outemu Blues 
PowerCaseMouseMouse Pad
EVGA 430 W1 Rosewill SRM-01 Kensington Pro Fit Belkin Mouse Pad  
  hide details  
Reply
post #38 of 56
ill ask my professor at class if he can help
 
My List
(1 item)
 
CPUMotherboardGraphicsRAM
AMD K15 990FX Professional AMD Radeon HD 7900 Series G. 
RAMRAMRAMHard Drive
G. G. G. crucial m4 ssd  
Hard DriveOptical DriveCoolingOS
seagate DVD Lightscribe Corsair H100 Windows 8.1 Pro 
MonitorKeyboardPowerCase
26" lcd Logitech G-15 Rocketfish 900-Watt ATX CPU Power Supply Thermaltake lvl 10 GT 
MouseAudio
wolf king trooper Sound Blaster X-Fi Titanium Fatality Profession... 
  hide details  
Reply
 
My List
(1 item)
 
CPUMotherboardGraphicsRAM
AMD K15 990FX Professional AMD Radeon HD 7900 Series G. 
RAMRAMRAMHard Drive
G. G. G. crucial m4 ssd  
Hard DriveOptical DriveCoolingOS
seagate DVD Lightscribe Corsair H100 Windows 8.1 Pro 
MonitorKeyboardPowerCase
26" lcd Logitech G-15 Rocketfish 900-Watt ATX CPU Power Supply Thermaltake lvl 10 GT 
MouseAudio
wolf king trooper Sound Blaster X-Fi Titanium Fatality Profession... 
  hide details  
Reply
post #39 of 56
Quote:
Originally Posted by RuneDunes View Post

Ok please remember that that picture was taken when ROUTER, MODEM, NETWORK, were all SHUT down ( Basically that remove all factors of neighbors or all machines in my network). At this moment I'm suspecting it could be some infection on my PC, however the connections are TCP and are incoming, but thats not possible when my internet is all shut down.

Yes, you don't need to be online for your computer to attempt to make the connections. It is attempting to make connections, we need a 'netstat -bna' and a 'netstat -bn' to see what executables are doing it. From there, we can use wmic to determine the executable locations, and whether these connection attempts are indeed malicious.

If I were you, I would reboot my machine without the router connected to the internet, but with the machine still connected to the router so that it is assigned an IP address. Then, run 'netstat -bn' and 'netstat -bna' and give us a print of it so that we can see what new connections your machine is attempting to establish.'

I am at work now, so I cannot really do a lot of research into the destination IP addresses, but you have somethign trying to connect from your local machine in the 51000 port range. We should probably try and figure out what so that you can identify that as the problem, or eliminate it from possible infections.
Edited by svthomas - 3/2/12 at 3:59pm
Uncensored
(29 items)
 
AMD PII Rig
(15 items)
 
 
CPUMotherboardGraphicsGraphics
AMD FX 8120 @ 4.8Ghz ASUS Sabertooth 990FX MSI Geforce GTX680 #1 MSI Geforce GTX680 #2 
GraphicsRAMHard DriveHard Drive
PowerColor 7970 ref. (Backup card...) 16 GB Corsair Vengeance PC3 12800 Seagate Barracuda 1TB 7200RPM Crucial 128GB M4 SSD 6Gb/s 
Optical DriveCoolingCoolingCooling
None PrimoChill PrimoFlex PRO LRT Tubing 1/1" ID 3/4... Swiftech MCP655 Koolance VID-NX680 
CoolingCoolingCoolingCooling
Koolance VID-NX680 Danger Den Monsoon D5 Bay Reservoir Enzotech Compression Fittings Scythe Gentle Typhoon AP-15 x4 
CoolingCoolingOSMonitor
EK-Supreme HF XSPC RX480 Win 7 Ultimate 64bit Acer 23" 1080p S232HL #1 
MonitorMonitorKeyboardPower
Acer 23" 1080p S232HL #2 Acer 23" 1080p S232HL #3 Razer BlackWidow Ultimate Mechanical Keyboard Seasonic X750 Gold 
CaseMouseMouse PadAudio
Danger Den 26  Razer Deathadder My cat, or other small, furry creatures. Creative Sound Blaster X-Fi Titanium 
Audio
Sennheiser HD555 Headphones 
CPUMotherboardGraphicsRAM
AMD Phenom II 955 Black Edition ASUS Crosshair iv Formula SAPPHIRE Radeon HD 6950 2GB (unlocked) - ref Corsair Vengeance 8GB (2 x 4GB) 
Hard DriveOptical DriveCoolingOS
Seagate Barracuda 1TB 7200RPM None NZXT havik Win 7 Ultimate 64bit 
MonitorKeyboardPowerCase
Samsung 19" LCD Razer BlackWidow Ultimate Mechanical Keyboard  CORSAIR TX650 Antec 902 
MouseAudio
Razer Naga M-Audio Studiophile AV40 Powered Monitor Speakers 
  hide details  
Reply
Uncensored
(29 items)
 
AMD PII Rig
(15 items)
 
 
CPUMotherboardGraphicsGraphics
AMD FX 8120 @ 4.8Ghz ASUS Sabertooth 990FX MSI Geforce GTX680 #1 MSI Geforce GTX680 #2 
GraphicsRAMHard DriveHard Drive
PowerColor 7970 ref. (Backup card...) 16 GB Corsair Vengeance PC3 12800 Seagate Barracuda 1TB 7200RPM Crucial 128GB M4 SSD 6Gb/s 
Optical DriveCoolingCoolingCooling
None PrimoChill PrimoFlex PRO LRT Tubing 1/1" ID 3/4... Swiftech MCP655 Koolance VID-NX680 
CoolingCoolingCoolingCooling
Koolance VID-NX680 Danger Den Monsoon D5 Bay Reservoir Enzotech Compression Fittings Scythe Gentle Typhoon AP-15 x4 
CoolingCoolingOSMonitor
EK-Supreme HF XSPC RX480 Win 7 Ultimate 64bit Acer 23" 1080p S232HL #1 
MonitorMonitorKeyboardPower
Acer 23" 1080p S232HL #2 Acer 23" 1080p S232HL #3 Razer BlackWidow Ultimate Mechanical Keyboard Seasonic X750 Gold 
CaseMouseMouse PadAudio
Danger Den 26  Razer Deathadder My cat, or other small, furry creatures. Creative Sound Blaster X-Fi Titanium 
Audio
Sennheiser HD555 Headphones 
CPUMotherboardGraphicsRAM
AMD Phenom II 955 Black Edition ASUS Crosshair iv Formula SAPPHIRE Radeon HD 6950 2GB (unlocked) - ref Corsair Vengeance 8GB (2 x 4GB) 
Hard DriveOptical DriveCoolingOS
Seagate Barracuda 1TB 7200RPM None NZXT havik Win 7 Ultimate 64bit 
MonitorKeyboardPowerCase
Samsung 19" LCD Razer BlackWidow Ultimate Mechanical Keyboard  CORSAIR TX650 Antec 902 
MouseAudio
Razer Naga M-Audio Studiophile AV40 Powered Monitor Speakers 
  hide details  
Reply
post #40 of 56
Thread Starter 
Ok doing that now.
Main Rig
(20 items)
 
Old Rig
(14 items)
 
Other Rig
(14 items)
 
CPUMotherboardGraphicsRAM
i7-7700k @ 4.9GHz ~ 1.36v MSI Z270 SLI Plus  MSI GTX 1070 Gaming X 2000/4400 16GB (2 x 8GB) G.SKILL Ripjaws V 3200MHz CL16 
Hard DriveHard DriveHard DriveHard Drive
Samsung EVO 850 250GB  Samsung Spinpoint F3 1 TB  Western Caviar SE 7200 250GB  1 TB Western Digital Blue  
Optical DriveCoolingOSMonitor
ASUS DRW-24F1ST Scythe Fuma  Windows 10 Home Viewsonic XG2703-GS 27" 
MonitorMonitorKeyboardPower
ASUS VS247H-P 23.6" ASUS VE208 20" Logitech G710 MX Blue Corsair HX 750W 
CaseMouseMouse Pad
Phanteks Enthoo Pro - Black Window Sharkk Wired Gaming Mouse  Razer Goliathus 
CPUMotherboardGraphicsRAM
i5-2500k @ 4.8GHz ~ 1.416-1.428v Gigabye Z68X-UD3P XFX Radeon HD 6750 4GB (1 x 4GB) DDR3 1333MHz 
Hard DriveCoolingOSMonitor
Toshiba MQ01ABD 750 GB Hyper 212+ Windows 7 Home eMachines E19T5W 19" 
KeyboardPowerCaseMouse
Some Gateway PS2 keyboard Coolermaster Elite Power 460w CM 690 II Advanced  Some $2 wireless mouse  
Mouse Pad
Some $1 mouse pad of a tropical beach  
CPUMotherboardRAMHard Drive
Pentium G4400 @ 3.3GHz H110M Pro-VD 4GB (1 x 4GB) Ballistix Sport LT 2400MHz  Toshiba MQ01ABD 750 GB 
Optical DriveOSMonitorKeyboard
LITE-ON Linux Mint Mate  Gateway HD2201 22"  MechanicalEagle Z-77 Outemu Blues 
PowerCaseMouseMouse Pad
EVGA 430 W1 Rosewill SRM-01 Kensington Pro Fit Belkin Mouse Pad  
  hide details  
Reply
Main Rig
(20 items)
 
Old Rig
(14 items)
 
Other Rig
(14 items)
 
CPUMotherboardGraphicsRAM
i7-7700k @ 4.9GHz ~ 1.36v MSI Z270 SLI Plus  MSI GTX 1070 Gaming X 2000/4400 16GB (2 x 8GB) G.SKILL Ripjaws V 3200MHz CL16 
Hard DriveHard DriveHard DriveHard Drive
Samsung EVO 850 250GB  Samsung Spinpoint F3 1 TB  Western Caviar SE 7200 250GB  1 TB Western Digital Blue  
Optical DriveCoolingOSMonitor
ASUS DRW-24F1ST Scythe Fuma  Windows 10 Home Viewsonic XG2703-GS 27" 
MonitorMonitorKeyboardPower
ASUS VS247H-P 23.6" ASUS VE208 20" Logitech G710 MX Blue Corsair HX 750W 
CaseMouseMouse Pad
Phanteks Enthoo Pro - Black Window Sharkk Wired Gaming Mouse  Razer Goliathus 
CPUMotherboardGraphicsRAM
i5-2500k @ 4.8GHz ~ 1.416-1.428v Gigabye Z68X-UD3P XFX Radeon HD 6750 4GB (1 x 4GB) DDR3 1333MHz 
Hard DriveCoolingOSMonitor
Toshiba MQ01ABD 750 GB Hyper 212+ Windows 7 Home eMachines E19T5W 19" 
KeyboardPowerCaseMouse
Some Gateway PS2 keyboard Coolermaster Elite Power 460w CM 690 II Advanced  Some $2 wireless mouse  
Mouse Pad
Some $1 mouse pad of a tropical beach  
CPUMotherboardRAMHard Drive
Pentium G4400 @ 3.3GHz H110M Pro-VD 4GB (1 x 4GB) Ballistix Sport LT 2400MHz  Toshiba MQ01ABD 750 GB 
Optical DriveOSMonitorKeyboard
LITE-ON Linux Mint Mate  Gateway HD2201 22"  MechanicalEagle Z-77 Outemu Blues 
PowerCaseMouseMouse Pad
EVGA 430 W1 Rosewill SRM-01 Kensington Pro Fit Belkin Mouse Pad  
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Some guy is non-stop trying to hack me