1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Being hacked; Need help

Discussion in 'Ethical hacking' started by jimfix5, Sep 26, 2008.

  1. jimfix5

    jimfix5 New Member

    Joined:
    Sep 26, 2008
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    0
    Newbie here; not a hacker; just a PC tech, but a good one. I'm involved in litigation. The opposing side is constantly breaking into my machine. Don't know how they keep getting my IP, which I change almost daily. I've scanned my machine for anything (including a rootkit), and I've found nothing. But, every once in a while, when I configure my Linksys to allow more than one DHCP user and then forget to change it back, I see the same (one of four) machine(s) on my DHCP clients table. Once they're in, they get my passwords and either change them on any Web subscriptions I may be using (presumably just to let me know they hacked me), or they'll get into any one of my Web sites and shut it down. This is called attrition, and they're winning. I don't know how to stop them. Any ideas would be helpful and extremely appreciated. BTW, just started using Sygate. Thanks, folks. Take care.
     
  2. SpOonWiZaRd

    SpOonWiZaRd Know what you can do.

    Joined:
    May 30, 2007
    Messages:
    747
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Network Engineer/Programmer
    Location:
    South Africa
    Set up a access policy on your linksys that allows only your mac address to connect to it, or that allows only the mac addresses you want to allow to connect to it, change the user name and password of the router very very strong one min 14 chars mixed-alphanumeric-ascii so that the pass can not be breached on the router. If they can connect to the router they are on your network. If its wireless they come through then make sure you only allow specified macs on your router. get a linux firewall between your servers and the router with NAT so that only you from the inside can get out and no one from the outside can get in, DNAT is what its called. Linux is free, I sugest you get ubuntu and then install webmin on it. Let me know if this helped.
     
  3. jimfix5

    jimfix5 New Member

    Joined:
    Sep 26, 2008
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    0
    Thank you very much, SpOonWiZaRd. I've already setup two policies: one to allow (me and my other machines) and one to deny (all of their MAC addresses). And I was very surprised that neither rule worked. I'll go over that again more carefully. Wireless is always disabled; I don't use it. I'll try DNAT and get back to you. And I'll get ubuntu. Any idea how they are getting my IP address? Wouldn't they need that to keep connecting? Without a rootkit or something sending them a signal, would it be stupid to presume that my ISP is providing it to them? Wouldn't surprise me at all. More later. Thanks again, buddy. Really appreciate it.
     
  4. SpOonWiZaRd

    SpOonWiZaRd Know what you can do.

    Joined:
    May 30, 2007
    Messages:
    747
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Network Engineer/Programmer
    Location:
    South Africa
    The best thing I can think of then is NAT with linux get linux from http://www.ubuntu.com and get webmin from http://www.webmin.com even then if they have your IP they will not be able to connect if your NAT is set up properly. You will need 2 NIC's in your linux box, the one will be internal and the other one external, you can give like 10 IP addresses for the external and internal NIC to confuse them. If you have their IP's you can flood them once they are on your network by using your linux box.
     
  5. jimfix5

    jimfix5 New Member

    Joined:
    Sep 26, 2008
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    0
    First, let me reiterate that your help is very much appreciated. Are you suggesting that I pull an old machine with 2 NICs out of my closet, install Linux (along with webmin), and place my router and network behind it? Do I have your idea right? I can do that right now. Getting their IP would be beautiful.
     
  6. SpOonWiZaRd

    SpOonWiZaRd Know what you can do.

    Joined:
    May 30, 2007
    Messages:
    747
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Network Engineer/Programmer
    Location:
    South Africa
    Yes, or you can put it behind your router which ever works for you. If they are on your network they must be on the same IP range right? Go to http://www.oxid.it and get Cain & Abel, free tool that has a sniffer, activate the sniffer and then click on the sniffer TAB, then click on the blue plus sign to see everyones IP with their corresponding MAC addresses and their OU Fingerprint.
     
  7. SpOonWiZaRd

    SpOonWiZaRd Know what you can do.

    Joined:
    May 30, 2007
    Messages:
    747
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Network Engineer/Programmer
    Location:
    South Africa
    Oh, you can even sniff between them and your router to see what their upto, by using APR you will become a middleman and see their passwords they use on websites ans such in clear text, you will even get their certificates, get their windows passwords and much more. Just read the help file on how to use the program when you get stuck, but what ever you do, do not install Abel on you computer, Abel is what you want on one of their computers so that you will have access to them whenever you want without ever using a password again.
     
  8. jimfix5

    jimfix5 New Member

    Joined:
    Sep 26, 2008
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    0
    Wow, you are blowing me away. I'm setting up the new Linux box right now. Be back in a couple hours.
     
  9. jimfix5

    jimfix5 New Member

    Joined:
    Sep 26, 2008
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    0
    Installed Cain and Abel. Feel like I've gotten back control of my network, somewhat. At least now I know when they're on and when they're not. Feel like a huge weight has been lifted. Onto the Linux box. Have a really good day. You deserve it.
     
  10. SpOonWiZaRd

    SpOonWiZaRd Know what you can do.

    Joined:
    May 30, 2007
    Messages:
    747
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Network Engineer/Programmer
    Location:
    South Africa
    Glad I could be of assistance, if you have troubles with webmin just google how to webmin ubuntu and they will tell you step by step what you need. You will be secure once you have NAT.
     
  11. jdnwdc1987

    jdnwdc1987 New Member

    Joined:
    Sep 27, 2008
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Hello I am a Newbie to the computer world however a guy like me always thought i knew everything there is to know about computers and the web but i was proved wrong....I have reason to believe that someone is breaking into my computer....There not changing any passwords or anything but for some reason i can be in a chat room and all of a sudden my computer gets a flood of information making my computer become unresponsive....I have been coming across alot of hackers as well.....I want to know how do i go about locking down my computer 100% and defending myself against any person trying to get into my system....I am running vista but i also am concerned about my internet security and its vulnerability please help......


    P.S. Please speak english cause the computer slang can be a bit difficult at times thanks
     
  12. SpOonWiZaRd

    SpOonWiZaRd Know what you can do.

    Joined:
    May 30, 2007
    Messages:
    747
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Network Engineer/Programmer
    Location:
    South Africa
    Windows Vista is said to be secure enough that 99,9% of remote attacks wont work, but there are many ways to skin a cat so just get good anti-virus and good firewall then you should be safe.
     
  13. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,287
    Likes Received:
    364
    Trophy Points:
    83
    Thats good to know.
     
  14. jimfix5

    jimfix5 New Member

    Joined:
    Sep 26, 2008
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    0
    Hey, buddy. Got the Linux box up and running. It was my first setup. Have no experience with the OS, so the lesson was very good. Also installed the two NICs and activated them, but I can't configure the internal to connect my router and network. Found a tutorial, got to the step where it says go to the DHCP server under Servers, and got stuck trying to install one (4.0.0-4.i486 - I'm using Hardy Heron.) Can't convert an rpm to a deb (in my tmp folder), though I installed alien. Anyway, I'll figure it out and let you know.
     
  15. SpOonWiZaRd

    SpOonWiZaRd Know what you can do.

    Joined:
    May 30, 2007
    Messages:
    747
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Network Engineer/Programmer
    Location:
    South Africa
  16. jimfix5

    jimfix5 New Member

    Joined:
    Sep 26, 2008
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    0
    Okay, did all that. Then, again, I get to "Configure DHCP," and it tells me to go to "DHCP Server" in Webmin. I've got to install the DHCP server. I do remember checking the option to install one when I installed the server, but it's not showing up. Should I install another version of Linux server? I'm almost there.
     
  17. jimfix5

    jimfix5 New Member

    Joined:
    Sep 26, 2008
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    0
    Synaptic Package Manager shows "dhcp3-server" installed. Presently trying to access it for configuration.
     
  18. SpOonWiZaRd

    SpOonWiZaRd Know what you can do.

    Joined:
    May 30, 2007
    Messages:
    747
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Network Engineer/Programmer
    Location:
    South Africa
    I used Ubuntu Gutsy Gibbon, I don't think that it will be a big difference. Also, I did not install DHCP, I only did NAT and DNS using Webmin but I remeber that I needed some library files here is the link for that http://ubuntuforums.org/showthread.php?t=926001 this is howto on Webmin for DHCP.
     
  19. jimfix5

    jimfix5 New Member

    Joined:
    Sep 26, 2008
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    0
    Found it! Had to refresh Webmin modules.
     
  20. jimfix5

    jimfix5 New Member

    Joined:
    Sep 26, 2008
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    0
    I'm up. Had a bad router. Bought a new one. Plugged it into the Linux box -- and voila! Life is beautiful. I'll double check all the configs and rules and get back to you in the morning.
     

Share This Page