Author Topic: Attacks on my computer  (Read 3412 times)

0 Members and 1 Guest are viewing this topic.

Offline Nevertheless

  • Global Moderator
  • *****
  • Posts: 13259
  • Manna: 427
  • Gender: Female
  • Set a guard over my mouth, O Lord!
Attacks on my computer
« on: Fri Apr 13, 2007 - 22:24:43 »
This evening I seem to have a persistent hacker trying to access my machine.  There have been 10 attacks in the last 14 minutes.  Can someone explain to me the info that it gives me?

Quote
13.04.2007  22:04:25  LSASS Exploit (SXP) attack
    from [ip address]:445
13.04.2007  22:04:39  DCOM Exploit attack
    from [ip address]:135

All of the attacks are just like these two.  So what is this telling me?
« Last Edit: Fri Apr 13, 2007 - 23:29:09 by marc »

Christian Forums and Message Board

Attacks on my computer
« on: Fri Apr 13, 2007 - 22:24:43 »

Offline spurly

  • All glory to God and to Jesus the Son!
  • Global Moderator
  • *****
  • Posts: 15743
  • Manna: 319
  • Gender: Male
Re: Attacks on my computer
« Reply #1 on: Fri Apr 13, 2007 - 22:48:08 »
I can't help you, but I have no doubt some of our computer guru's can.  Do you have a good firewall?

marc

  • Guest
Re: Attacks on my computer
« Reply #2 on: Fri Apr 13, 2007 - 23:31:38 »
I went ahead and edited the ip address out of your posts because I didn't know if my pm was clear enough.  The address that was included didn't match the one you're posting from exactly (the last digit was off), but when I ran it, it showed a bunch of your posts originating from there. And, of course, having your ip address included in your post is not a safe thing, if I understand correctly.

I don't know what this means as far as the attacks go, but maybe this will give someone who does know a hint.

Offline Nevertheless

  • Global Moderator
  • *****
  • Posts: 13259
  • Manna: 427
  • Gender: Female
  • Set a guard over my mouth, O Lord!
Re: Attacks on my computer
« Reply #3 on: Sat Apr 14, 2007 - 00:11:13 »
Ok, so does that mean the attacks were coming from someone using the same internet provider as I use?

Since I get a slightly different IP address every time I connect, what does it matter if someone knows my address?  What can they do with that knowledge?

Offline soterion

  • Legendary Member
  • ******
  • Posts: 5255
  • Manna: 252
  • Gender: Male
Re: Attacks on my computer
« Reply #4 on: Sat Apr 14, 2007 - 06:17:52 »
This evening I seem to have a persistent hacker trying to access my machine.  There have been 10 attacks in the last 14 minutes.  Can someone explain to me the info that it gives me?

Quote
13.04.2007  22:04:25  LSASS Exploit (SXP) attack
    from [ip address]:445
13.04.2007  22:04:39  DCOM Exploit attack
    from [ip address]:135

All of the attacks are just like these two.  So what is this telling me?

What firewall are you using?  Have you found any evidence of malware on your computer since the attacks ended (have you performed a scan with any antivirus and spyware programs)?

Most likely somebody is just trying to probe your ports looking for an opening to see if you have anything of monetary value that is accessible.  If you are using a good firewall, like ZoneAlarm, and if your computer has not been adversely affected by now, I would say you are okay.

It might be worth it to you to have a few good spyware programs installed and running in the background along with your antivirus and firewall.  SpySweeper and Spyware Doctor are both good.  I would use one of those and maybe a freeware program, such as SpyBot.

Christian Forums and Message Board

Re: Attacks on my computer
« Reply #4 on: Sat Apr 14, 2007 - 06:17:52 »



marc

  • Guest
Re: Attacks on my computer
« Reply #5 on: Sat Apr 14, 2007 - 08:50:44 »
Ok, so does that mean the attacks were coming from someone using the same internet provider as I use?

Since I get a slightly different IP address every time I connect, what does it matter if someone knows my address?  What can they do with that knowledge?

I have no idea.

Offline Bon Voyage

  • Global Moderator
  • *****
  • Posts: 16049
  • Manna: 408
  • Gender: Male
Re: Attacks on my computer
« Reply #6 on: Sat Apr 14, 2007 - 08:54:42 »
You could have malware such as a keystroke logger, etc on your machine.

I would run your anti-virus program and updated spyware programs immediately.

Offline spurly

  • All glory to God and to Jesus the Son!
  • Global Moderator
  • *****
  • Posts: 15743
  • Manna: 319
  • Gender: Male
Re: Attacks on my computer
« Reply #7 on: Sat Apr 14, 2007 - 09:17:31 »
Are you using a product such as Zone Alarm?

marc

  • Guest
Re: Attacks on my computer
« Reply #8 on: Sat Apr 14, 2007 - 09:46:42 »
If this is malware, spyware, adware etc, something as simple as spybot could help.  It would be an easy first step to google it than get a free download and run it.  It won't catch everything, but it'll catch a lot.

What version of Windows are you running?

Offline spurly

  • All glory to God and to Jesus the Son!
  • Global Moderator
  • *****
  • Posts: 15743
  • Manna: 319
  • Gender: Male
Re: Attacks on my computer
« Reply #9 on: Sat Apr 14, 2007 - 10:08:42 »
What do you all think about Windows Defender?

Offline admin

  • Administrator
  • *****
  • Posts: 6957
  • Manna: 224
  • Gender: Male
  • Sheriff of these parts
Re: Attacks on my computer
« Reply #10 on: Sat Apr 14, 2007 - 15:44:47 »
Go to http://www.windowsliveonecare.com and select the safety scanner (they scan it from their server and it's free). This will find just about anything on your computer that shouldn't be there and will also repair registry problems. After it scans, select that you don't want to buy the 24 hour protection (unless you want it) and it will fix it free from there. Windows Live One Care is by far the best at finding viruses and registry problems. I've never even seen its equal. I've used it on computers that were thought to be hopeless and it got them working wonderfully again. Good luck.

Offline Nevertheless

  • Global Moderator
  • *****
  • Posts: 13259
  • Manna: 427
  • Gender: Female
  • Set a guard over my mouth, O Lord!
Re: Attacks on my computer
« Reply #11 on: Sat Apr 14, 2007 - 16:21:09 »
First of all it is my firewall that is reporting the attacks that it blocked, that's where I got the info from.  I use Avast - a firewall/antivirus combo. It runs a scan every time I connect to the internet. I also have the Windows firewall turned on as they don't conflict.  I have XP.  I use Ad-Aware and Spybot to clean off spyware at least once a day, more often if needed.  I also use a web filter called Proxomitron.  The attacks were blocked, so I'm not worried about my computer.  I just want to understand what it's telling me.

Are LSASS Exploit (SXP) and DCOM Exploit types of worms/trojans/viruses?

The IP address of the attacker was very similar to mine, and in fact, the same as an address I had on a previous session.  Does this mean that the attack is coming from someone who uses the same internet provider as I?

If so, is that something that I should inform the provider about?

Are the numbers after the IP address ports that are being probed for vulnerabilities?

If they try once and are blocked, why would they keep trying, and why in such a rapid-fire manner?

Why is it bad for someone to know my IP address?  What could they do with that info?

Offline Nevertheless

  • Global Moderator
  • *****
  • Posts: 13259
  • Manna: 427
  • Gender: Female
  • Set a guard over my mouth, O Lord!
Re: Attacks on my computer
« Reply #12 on: Sat Apr 14, 2007 - 16:22:28 »
Thanks Admin.  I've used that before just to check up on things and have never found a problem.

marc

  • Guest
Re: Attacks on my computer
« Reply #13 on: Sat Apr 14, 2007 - 17:01:12 »
I know nothing about this stuff, but the ip address makes me wonder if this is a false warning, if it's interpreting something your computer is doing as being a threat. 

Offline Nevertheless

  • Global Moderator
  • *****
  • Posts: 13259
  • Manna: 427
  • Gender: Female
  • Set a guard over my mouth, O Lord!
Re: Attacks on my computer
« Reply #14 on: Sat Apr 14, 2007 - 17:50:11 »
Well I suppose it could be, but it wasn't my address, just close.

Offline esaym

  • Newbie
  • *
  • Posts: 9
  • Manna: 0
  • Gender: Male
Re: Attacks on my computer
« Reply #15 on: Sun Apr 15, 2007 - 14:18:55 »
First of all it is my firewall that is reporting the attacks that it blocked, that's where I got the info from.  I use Avast - a firewall/antivirus combo. It runs a scan every time I connect to the internet. I also have the Windows firewall turned on as they don't conflict.  I have XP.  I use Ad-Aware and Spybot to clean off spyware at least once a day, more often if needed.  I also use a web filter called Proxomitron.  The attacks were blocked, so I'm not worried about my computer.  I just want to understand what it's telling me.

Are LSASS Exploit (SXP) and DCOM Exploit types of worms/trojans/viruses?

The IP address of the attacker was very similar to mine, and in fact, the same as an address I had on a previous session.  Does this mean that the attack is coming from someone who uses the same internet provider as I?

If so, is that something that I should inform the provider about?

Are the numbers after the IP address ports that are being probed for vulnerabilities?

If they try once and are blocked, why would they keep trying, and why in such a rapid-fire manner?

Why is it bad for someone to know my IP address?  What could they do with that info?

If your software firewall reported the attacks as being blocked, then they were blocked.  LSASS and DCOM are both microsoft windows XP services.  An exploit is not a virus but basically a problem with the software that will allow an external connection access to parts that it should not be able to get to.  The attacker could then access personal files or crash the computer.  (link removed per forum rule 3.3)

You can look up IP addresses with (link removed per forum rule 3.3) and (link removed per forum rule 3.3)
So in summary, it looks like you are safe for now.  If you ever get tired of all the attacks against Microsoft's products feel free to try out a linux based operating system: (link removed per forum rule 3.3)  ::smile::
« Last Edit: Sun Apr 15, 2007 - 15:11:11 by spurly »

twd

  • Guest
Re: Attacks on my computer
« Reply #16 on: Mon Apr 16, 2007 - 16:41:22 »
Sorry I didn't reply to this sooner, Never, I wasn't on for the last couple of days.  Anyway, esaym is right, those are probes.  If the probes found a port open, then it might try to use it to load one of those bad things onto your 'puter.

You can look up IP addresses by opening a command window (Start->All Programs->Accessories->Command Prompt, or simply Start->Run... and enter "cmd").  At the prompt, type "nslookup" followed by a space and the IP address.  However, it may not tell you much useful, especially if the attacking computer is also assigned an address at start up.

Yes, the numbers after the IP are the ports.  Ports are usually associated with specific services, so you'll typically see attackers probing the same set of ports, where there might be a compromised service.  Sometimes they try multiple ports, sometimes they attack the same port multiple times in slightly different ways.

Keep your IP address secret is a very weak form of security, right up there with keep your SSN secret: the cat's probably already out of the bag anyway, and besides, they may just be randomly guessing IP addresses.

Keep that firewall up, that's your best defense.  Check and make sure that you don't have any exceptions in your firewall that you aren't aware of.   Also, be sure to apply updates regularly.

Offline Nevertheless

  • Global Moderator
  • *****
  • Posts: 13259
  • Manna: 427
  • Gender: Female
  • Set a guard over my mouth, O Lord!
Re: Attacks on my computer
« Reply #17 on: Mon Apr 16, 2007 - 22:01:20 »
Thanks everyone.