Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Hijacking My Computer

  1. #1
    Junior Member
    Join Date
    Mar 2007
    Posts
    26

    Angry Hijacking My Computer

    So, I log onto my computer after work and notice that zone alarm had blocked 3 intrusion attempts on my computer. It gave the following information:

    Protocol: TCP Source IP: 192.168.1.1: 1530 Destination IP: my ip on port 5000
    Protocol: TCP Source IP: 192.168.1.1: 1529 Destination IP: my ip on port 5000
    Protocol: TCP Source IP: 192.168.1.1: 1528 Destination IP: my ip on port 5000

    Is this someone trying to hack my computer, and if so how could I find out more about the place it came from. It appears that the source ip is the ip of the router. ??? totally confused. Anyway to try this on my computer from my laptop to see how vunerable my computer is? I have also noticed that virus' show up out of no where even though i am not downloading anything. sorry if this is a stupid thread. just tryn to get some answers, and i have googled this with not too much luck. thanks.

    it also said that it was a packet of some sort that was blocked.

  2. #2
    Just burned his ISO kunseh's Avatar
    Join Date
    Nov 2006
    Posts
    18

    Default

    What kind of a router do u have? Most of the routers maintain a log file. Did u check that?

  3. #3
    Junior Member
    Join Date
    Mar 2007
    Posts
    26

    Default

    its a netgear router...I don't have the password or login information for the router cause its at my gf's house. nobody knows how to log onto the router. i guess maybe i could call the cable company, they might have the password. i thought there maybe an application in bt that i could leave running or something so that i could get more info on the bastard that tried to hack me. assuming he is smart enough to try to hack me, he probably does mac spoofing or whatever technique hackers use to not leave any tracks behind that would be traceable, at least traceable by your average joe.

  4. #4
    Just burned his ISO
    Join Date
    Jul 2006
    Posts
    7

    Default

    if its a netgear.. check out the type and google for the default logon account, then try http://192.168.1.1 in your browser.. might find its not been changed :P
    if that fails and you feel you can set the thing back up (not a hard task if default) then just reset it (factory reset button)...

    if its default then you'll find the logs are not switched on anyway.. but you can always enable it for future checks..

  5. #5
    Junior Member ermski2k's Avatar
    Join Date
    Jun 2006
    Posts
    26

    Default

    how often is the ip being blocked if concurrent could just be an app, if random could be someone attempting to connect, i doubt it as they would try on more than one port.
    --
    Frank made me do it!

  6. #6
    Junior Member
    Join Date
    Jan 2007
    Posts
    97

    Default

    That is a local IP, then, Google port 5000, and realize that it's the Universal Plug'n'Play (UPnP) port TCP. Don't worry, it's just your router trying to grab some attention.

    Mother
    In God we trust, all others we monitor

  7. #7
    Junior Member
    Join Date
    Mar 2007
    Posts
    26

    Default

    Quote Originally Posted by Mother View Post
    That is a local IP, then, Google port 5000, and realize that it's the Universal Plug'n'Play (UPnP) port TCP. Don't worry, it's just your router trying to grab some attention.

    Mother
    ok. thanks. it has only happenend once ever, all three of those attempts where within about 2 mins of each other. if someone was going through the router, would their ip show up, or the routers?

  8. #8
    Junior Member
    Join Date
    Mar 2007
    Posts
    26

    Default

    I did find this: http://www.linklogger.com/TCP5000.htm

    buffer overflow exploit on tcp port 5000. anyway i can disable port 5000

  9. #9
    Member
    Join Date
    Jan 2007
    Posts
    242

    Default

    Do you even know if it's open on your windows box?
    Go to administrative tools>services and cut off UPNP, if it's even running.
    You've got it firewalled off. I believe the upnp buffer overflow was patched, anyway.

    Want to really freak out? Open a command prompt, if you can even call windows cmd one, and run "netstat -a". I bet that will get your attention. Shows all your "open" ports. Google is your friend. I don't know how good a friend False, I mean Zone Alarm is. It's an excellent free firewall but it ought to have a right-click google option.

    I'd be more worried about the viri popping up "out of nowhere". Ever heard the words "clean install"?

    There a plenty of programs on BT that might help you.
    google nmap
    http://backtrack.offensive-security....etwork_Mapping

    Have Fun

  10. #10
    Junior Member
    Join Date
    Mar 2007
    Posts
    26

    Default

    I'll check it out...

    Yeah, im pretty familiar with the netstat command...

    Actually, I have virus' pop up at least once a week for no apparent reason. I can't figure out where the hell they are coming from. I don't even download shit...

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •