Firewall Wizards mailing list archives
RE: Help, some one's hacked into my home computer
From: "Michael J. Ballard" <mjballard () earthlink net>
Date: Sun, 2 Jan 2000 21:46:45 -0600
Okay....first of all, you don't need to be running a web server to provide access to your file system. All someone needs to do is run a port scan to find that you are doing NetBIOS file sharing on an interface with a legal IP address. Then it is just a matter of adding your IP address and machine name to the LMHOSTS file on their PC and using "net use G: \\machinename\sharename" to map a drive directly to your file system. You need to think about using a firewall device or proxy server between your PCs and the DSL modem that does NAT (address translation) to prevent the IP address of your PC from being seen by the outside world. Netwatch, BlackIce and the likes are nice for reporting attacks, but it is often too late at that point. With read/write access to your shares, someone could have easily wiped out every file on your PC. Consider yourself lucky! Next, Findfast is an indexing utility used by MS Office. It is installed by default runs at scheduled intervals to take inventory of your drives. The FFASTUN.* you referred to is normal. I usually take findfast out of the startup folder whenever I install Office, because it slows your PC down considerably every time it runs. Last but not least, you think about using a more robust OS besides Windows 98 if you plan to share files. Windows NT Workstation, Windows 2000, OS/2 Warp, Linux, etc. all allow you to set user-based security on your file system. Windows 95 and 98 only give you the option of read-only or read/write and anyone can access them. Just my $.02 worth, Mike ____________________________________ | Michael J. Ballard | | Master CNE, MCSE, CCNA, ACP | | Enterprise Network Engineer | | Inacom Information Systems | | mballard () inacom-ar com | |____________________________________| -----Original Message----- From: owner-firewall-wizards () lists nfr net [mailto:owner-firewall-wizards () lists nfr net]On Behalf Of Richard Toscano Sent: Sunday, January 02, 2000 3:03 PM To: firewall-wizards () nfr net Subject: Re: Help, some one's hacked into my home computer Actually, someone did hack my system, and used FINDFAST to scan for files. They had open a .MPG movie I had made from my digital camera. Here's my setup: Win98SE with internet sharing enabled. I have a local net and am trying to share the DSL connection amongst my various machines. The DSL modem has a fixed IP and is always connected. The intruder came in to the host machine and ran FINDFAST and was accessing the MPG. I caught all this a day later. I guess their connection got hung. I used NETWATCH to discover the connection, and what files they were looking at. Seeing this, I looked over my system and found FFASTUN.* in both root directories of my C and D drive. All files had the same time/date stamp when the intrusion occured. This matched the connection time reported by NETWATCH. So, Windows 98 SE with internet sharing is allowing people to hack into systems from the outside. I don't have a web server running, so I'm not sure what services they were using to access my file system. I did have the C and D drives setup with full read/write shares! Ack, not again! ...Doug
Current thread:
- Re: Help, some one's hacked into my home computer Richard Toscano (Jan 02)
- RE: Help, some one's hacked into my home computer Michael J. Ballard (Jan 03)
- RE: Help, some one's hacked into my home computer David LeBlanc (Jan 03)
- Re: Help, some one's hacked into my home computer Rafael Jose Teixeira (ESDI-NSI) (Jan 04)
- <Possible follow-ups>
- Re: Help, some one's hacked into my home computer Ryan Russell (Jan 03)
- Re: Help, some one's hacked into my home computer Mike MacKinnon, Michelle McHugh (Jan 04)
- Re: Help, some one's hacked into my home computer David LeBlanc (Jan 06)
- Re: Help, some one's hacked into my home computer ark (Jan 05)
- RE: Help, some one's hacked into my home computer Michael J. Ballard (Jan 03)