How to tell if you are being hacked?
- jasonxxx102
- Fame ! Where are the chicks?!
- Posts: 176
- Joined: 04 Feb 2008, 17:00
- 16
- Contact:
How to tell if you are being hacked?
Is there anyway to tell if you are under attack or being hacked? Like signs or anything?
Well, Big-E told me about this a while ago
http://www.ossec.net/
Try it out =)
Dunno if the server is available on Windows though....
Anyway, signs you say..... well that could be anything...
When someone for example would get a reverse shell to your comp, the only thing i can think of that you would notice would be to check if there are any "suspicious" open connections.
Like open the command prompt and check netstat -n (or wtf the line was, can't check because i don't have windows installed on any machine atm)
Anyway, get yourself an intrusion detection system =) should do the trick, at least to catch the "not so discrete 'hackers'/worms"
http://www.ossec.net/
Try it out =)
Dunno if the server is available on Windows though....
Anyway, signs you say..... well that could be anything...
When someone for example would get a reverse shell to your comp, the only thing i can think of that you would notice would be to check if there are any "suspicious" open connections.
Like open the command prompt and check netstat -n (or wtf the line was, can't check because i don't have windows installed on any machine atm)
Anyway, get yourself an intrusion detection system =) should do the trick, at least to catch the "not so discrete 'hackers'/worms"
"The best place to hide a tree, is in a forest"
- jasonxxx102
- Fame ! Where are the chicks?!
- Posts: 176
- Joined: 04 Feb 2008, 17:00
- 16
- Contact:
yes well those would be skiddie signsnightkid wrote:signs...
the people who are going to hack you and cause damage are usually script kiddies so have a anti-virus & firewall. pay attention to files being sent to you and any errors when you open the file, look at the file extension, if they say it's a pic and has the extension .exe, their lying.
Let's say that an actual pro gets into your computer, he wouldn't send you a file. He may simply use a vulnerable service running on your computer.
Well, this is rare ^^ but you never know!
"The best place to hide a tree, is in a forest"
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
well, if you want to have professional information about attack attempts and suspicious activities against/on your system go for Snort, it is the #1 IDS on servers, and it's even for free.
assuming you use Windows:
http://www.snort.org/dl/binaries/win32/
this is a professional tool, so don't expect a shiny "click here"-GUI, you have to know at least the basics of networking to be able to analyze the logs...but it's not that hard and an opportunity to learn...
assuming you use Windows:
http://www.snort.org/dl/binaries/win32/
this is a professional tool, so don't expect a shiny "click here"-GUI, you have to know at least the basics of networking to be able to analyze the logs...but it's not that hard and an opportunity to learn...
don't blame us
For one, if you have just a regular desktop PC, you don't have any services running. Its not a server, its not set up for mail, web hosting, or file sharing. You should have file and services sharing disabled. You should have a host-based firewall running.
Its all too easy to blame computer problems on some hacker, but many times it is bad administration of your box or just a virus or malware you DL'ed - and that is not quite the same as having a hacker in your box.
The only way you will know if you have an attack or intrusion is by understanding your firewall and running an IDS - this provides clear, factual, proof of an attack or intrusion.
DNR
Its all too easy to blame computer problems on some hacker, but many times it is bad administration of your box or just a virus or malware you DL'ed - and that is not quite the same as having a hacker in your box.
The only way you will know if you have an attack or intrusion is by understanding your firewall and running an IDS - this provides clear, factual, proof of an attack or intrusion.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
- ImABitch665
- Newbie
- Posts: 7
- Joined: 13 May 2008, 16:00
- 15
- Arcticpheonix
- Newbie
- Posts: 3
- Joined: 21 May 2008, 16:00
- 15
That would do it!ImABitch665 wrote:in my opinion the best way to no whether or not you've been hacked is if your computer says "YOU HAVE BEEN OWNED BY -DICK- OF DICKHEADS.COM"
Also if you've recently pissed off someone who may have the skills needed to hack your system, and then find that stuff suddenly stops working properly, theres a good chance you were hacked.
As for how to know if you're BEING hacked, the only way I can think of has already been said: a good AV and/or some kind of intrusion detection.