![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Battle with the hacker continues.
- Thread starter Gibzilla
- Start date
- Status
that shot was taken last evening. Don't ask me how he does it. that kind of hardware meddling is way above my league. I'm a n00blar.
Let me reiterate. I left my router on and connected to WAN/Internet only to see what it catches in the log and went out for some dinner. It was fine when I left it. WHen I came back from dinner a few hours later, it was doing this so I immediately grabbed the camera and recorded it.
Got it?
Let me reiterate. I left my router on and connected to WAN/Internet only to see what it catches in the log and went out for some dinner. It was fine when I left it. WHen I came back from dinner a few hours later, it was doing this so I immediately grabbed the camera and recorded it.
Got it?
SJConsultant
2[H]4U
- Joined
- Jan 14, 2004
- Messages
- 3,599
Gibzilla said:
Your joking right? Ethereal exists for Windows platform. Packet sniffing is nothing special or inherent to one OS or another.
SJConsultant said:
Well it's all new to me and linux seemed to be more functional for doing this sort of err stuff.
Oh btw, i guess I spoke too soon about the h@x0r. All my open apps on the desktop hid and opened twice. and no the mouse pointer wasn't anywhere near the show desktop button.
KodiakStar
/'s by 0
- Joined
- Dec 13, 2004
- Messages
- 12,730
Gibzilla said:
Why don't you capture that on camera instead of blinking lights?
KodiakStar said:
I will. It happend too quick for to even reach the camera that time but if I see my mouse curse dance across the screen some other crazy shit, you can bet your bottom dollars I'll video taping it.
Now. Question.
First time using ethereal I've noticed my dlink was sending packet to ssdp notify to 239.255.255.250:1900. isn't that windows only Upnp port? Why is my router sending it?
In case u dunno what i'm talking about.
http://www.nthelp.com/upnpscrewup.htm
http://www.pwg.org/hypermail/pwg-ipp/0060.html
Anyone? Anyone?
Hey wtf I'm not the only one.
http://www.hardforum.com/showthread.php?t=1092449&highlight=upnp
ChingChang
Supreme [H]ardness
- Joined
- Mar 27, 2003
- Messages
- 6,504
Were you by some chance leaning on the Windows Key and D???Gibzilla said:
Gibzilla said:
here: "According to the RFCs, valid Internet IPs range up to 223.255.255.255."
"The reason you can't ping or trace route to 239.255.255.250 is that it's not a host, per se. Internet routers will ignore that IP because it is not a valid IP for an Internet host. With several exceptions, the 'legal' Internet address space ranges from 0.0.0.0 to 223.255.255.255."
"However, if a router has UPnP enabled, and received UPnP packet on port 1900, it would respond. The IP address 239.255.255.250 is just a standard place to send UPnP traffic. All UPnP compliant devices are configured to listen on that IP and port and will respond."
I shall take the guess and say:
Your Router is announcing its UPNP presence.
why hasn't this thread been locked yet? why hasn't this person been banned yet?
I sincerely hope that someone as retarded as this 'gibzilla' cannot really exist. some of the other posts by this person on these forums are so stupid and baseless, that I am baffled.
and in the very off chance this is actually legitimate....
gibzilla, you are behind a router, right? then how is a hacker able to access your computer? you would have had to setup NAT rules for someone to access your computer from the internet.
also, why the hell are you running your ubuntu desktop as root? if you wanted a reason for why your computer *could* get hacked, that would be it. have you read *any* of the ubuntu handbook or FAQ on their site? if not, please do so before you ever post here again.
I sincerely hope that someone as retarded as this 'gibzilla' cannot really exist. some of the other posts by this person on these forums are so stupid and baseless, that I am baffled.
and in the very off chance this is actually legitimate....
gibzilla, you are behind a router, right? then how is a hacker able to access your computer? you would have had to setup NAT rules for someone to access your computer from the internet.
also, why the hell are you running your ubuntu desktop as root? if you wanted a reason for why your computer *could* get hacked, that would be it. have you read *any* of the ubuntu handbook or FAQ on their site? if not, please do so before you ever post here again.
I have another question/advice for Gibzilla. If your machine is compromised by a hacker why in the world would you login into your Bank of America account (picture bottom of post #120)? Especially since this compromised PC is a second or more computer that you are just messing around with? If you are serious then I cannot think of a better way for someone to steal your money and identity other than posting your name, SS#, birthdate, account numbers and passwords on a billboard on the freeway!
Better yet since you have another computer that is safe just STOP using this one.
Better yet since you have another computer that is safe just STOP using this one.
Malk-a-mite
[H]ard|Gawd
- Joined
- Feb 16, 2002
- Messages
- 2,023
Hey draconius, haven't seen you posting recently. Welcome back.
Humor value.
draconius said:
Humor value.
KodiakStar
/'s by 0
- Joined
- Dec 13, 2004
- Messages
- 12,730
kydsid said:
Hahah, i had to go back and look. +1 points for kydsid...
You would think that he wouldn't go check how many peso's he has... oh well
- Joined
- Feb 3, 2004
- Messages
- 25,307
All your peso's are belong to me !!!!!!!@@@@!!!!!!!
ChingChang
Supreme [H]ardness
- Joined
- Mar 27, 2003
- Messages
- 6,504
Yeah I noticed that too...kydsid said:
but maybe it was the "hacker" that brought up the Bank of America web page
Crosshairs said:
LMFAO
he's obviously someone who is very bored at work/home with no life whatsoever, but I admire him for sticking to his story, lol
what would be even funnier is if he had a shitty mouse (that do travel accross the screen sometimes btw, it is not uncommmon especially when combined with bad mousepads) and then it sent him off on this wild goose chase
KodiakStar
/'s by 0
- Joined
- Dec 13, 2004
- Messages
- 12,730
Drugs R bad. MMMMkay?
kydsid said:
I never logged onto anything important. I did visit b of a but didn't log on.
I did heroin for awhile until some [H] came around and gave me a chain-to-the-lamppost detox.
Rapid Heroin Detox
Seriously though, That linux dvd hasn't come from the vendor yet. I got my err "stuff" waiting to be thrown into action to test vulnerability once the "software" gets here.
zrac said:LMFAO
he's obviously someone who is very bored at work/home with no life whatsoever, but I admire him for sticking to his story, lol
what would be even funnier is if he had a shitty mouse (that do travel accross the screen sometimes btw, it is not uncommmon especially when combined with bad mousepads) and then it sent him off on this wild goose chase
What ever I said was/is a true story nothing exaggerated. I wouldn't have believed it had it not happend to ME.
draconius said:why hasn't this thread been locked yet? why hasn't this person been banned yet?
I sincerely hope that someone as retarded as this 'gibzilla' cannot really exist. some of the other posts by this person on these forums are so stupid and baseless, that I am baffled.
and in the very off chance this is actually legitimate....
gibzilla, you are behind a router, right? then how is a hacker able to access your computer? you would have had to setup NAT rules for someone to access your computer from the internet.
also, why the hell are you running your ubuntu desktop as root? if you wanted a reason for why your computer *could* get hacked, that would be it. have you read *any* of the ubuntu handbook or FAQ on their site? if not, please do so before you ever post here again.
I have 3 routers . How do I set up NAT rules?
I don't think Ubuntu has any root acount. I can do sudo though as I found out. Linux is like learning DOS again cept much more complicated.
If I knew how the h@x0r gets in, would I be asking you all for help? I can only guess at how he is getting in. Obviously he can remotely control my desktop which means some activeX trojan he is embedding. I've noticed that he could make me unable to download antivirus software or he'll repeadly turn off live virus database update. So obviously he doesn't want me to get or update virus definitions which means he's afraid of detection which means there is a physical file on the HD that needs to be located....
But where the F is it? No scanner picks it up to be honest I got a few known trojans I've d/l from "war" sites in 1998 and to this day non of the virus scanners picks it up. So....
There's always someone smarter than you.
Log into your router and see if there are any IPs other than the computers in your home. If there are any you don't recognize, j00 is h4x3d!!!11@1
In serioussness, if it was an ActiveX control, a delete of temporary internet files would have fixed it.
In serioussness, if it was an ActiveX control, a delete of temporary internet files would have fixed it.
What is this error I get when I shutdown.
SAS Entry point failed. unable to link CRYPT.dll?
I got this for googling http://www.devenezia.com/downloads/sas/sascbtbl/ I think i'm getting closed to finding out how he was compromising my machine. It still doesn't explained the linux side of the story though how he was able to circumbent ehtereal and firestarter.
And what is this error I get when I log on?
SAS Entry point failed. unable to link CRYPT.dll?
I got this for googling http://www.devenezia.com/downloads/sas/sascbtbl/ I think i'm getting closed to finding out how he was compromising my machine. It still doesn't explained the linux side of the story though how he was able to circumbent ehtereal and firestarter.
And what is this error I get when I log on?
hokatichenci
Gawd
- Joined
- Oct 28, 2004
- Messages
- 722
Have you tried an SELinux live cd? That might shed some light on the situation. Honestly I've had too hard of a time reading through all the crap in this thread to really get a good understanding of the problems you've had.
Do you have any friends or roommates who are pissed at you? That seems fairly likely, since most real hackers are just going to root your machine just enough to turn it into a zombie to add to their network for spamming/ddos purposes. Everytime I've had something really weird happen with one of my machines, it's either been some weird hardware problem or a friend who wanted to mess with my head.
Could you carefully detail your network, which systems have experienced problems, which havn't, and exactly what problems you've been seeing?
Do you have any friends or roommates who are pissed at you? That seems fairly likely, since most real hackers are just going to root your machine just enough to turn it into a zombie to add to their network for spamming/ddos purposes. Everytime I've had something really weird happen with one of my machines, it's either been some weird hardware problem or a friend who wanted to mess with my head.
Could you carefully detail your network, which systems have experienced problems, which havn't, and exactly what problems you've been seeing?
hokatichenci
Gawd
- Joined
- Oct 28, 2004
- Messages
- 722
You probably installed some software that came with the motherboard. As for, "without your permission", you should probably read the EULA.
Danith said:
There have been viruses written against the ISO 9660 format. As far as your mouse pointer moving, could there perhaps be some dust in front of the laser? My mouse will move usually if there's a hair there or something similar.
Run and configure Snort on your system and post some logs
Malk-a-mite
[H]ard|Gawd
- Joined
- Feb 16, 2002
- Messages
- 2,023
Gibzilla said:bump
Why exactly did you bump this?
Bored? Needed the attention? Wanted to see if Lethal was serious about banning your account?
Just saving everyone the trouble of scrolling back to your post:
QwertyJuan
[H]F Junkie
- Joined
- Aug 17, 2000
- Messages
- 11,285
reported....
he's just a kid, playing around and having fun... he's prolly sitting at home now laughing his head off about this.
QJ
he's just a kid, playing around and having fun... he's prolly sitting at home now laughing his head off about this.
QJ
modi123
Supreme [H]ardness
- Joined
- Sep 6, 2006
- Messages
- 7,212
Yup, after that 'bump' it's time to kill this thread. Lock it and throw away the key.
at what frequency does it do this (phoning home)? Does it use the windows networking stack to do so, or has Asus implemented a hardware IP stack? If the latter, how come you can see if using windows monitoring tools? If the former, what system calls does the board use? Does it create a process or just use its access to the ram to write directly to it? If the latter, how does it make sure that it's now overwriting a process that you are currently using?Gibzilla said:
Alright Gobzilla, I give up. I know you would have caught me in a couple days. I won't mess around with your computer anymore.Gibzilla said:
You're right about how I was doing it too. If you don't want anyone else doing this in the future, go to the ActiveX control panel in Ubuntu and turn it off, or at least set up a list of whitelisted websites (like for windows update, etc.).
- Status