Finally back!

Hey everybody!
Wow, it's only been a week since my network was intruded upon, and I havent been in here-or elsewere for that matter-since then.
It feels like much longer!. Anyway, I utilized that time to learn all I could about networking and network security.(havent even scratched the surface, I know) BUt suffice it to say I remedied the situation and dont think that will be an issue( of that magnatude) again. I just wanted to thank all those who shared and helped me with it. I missed you guys*sniff*
You know, I didnt realize just how many PW I would have to change due to all this. What a PITA!( I never use the same one twice)
Oh, well. Alls well that ends well.:)

Welcome back Joey.

I sure hope that you will not have any more security breaches again.

Brink said:

Welcome back Joey.

I sure hope that you will not have any more security breaches again.

Thanks Shawn. You and I both. I never thought networking/commands could be so...interesting. :) I think I'll be doing most of my work on systems VIA cmd prompt from now on!

Wow, I read your other thread, what happened? Care to share?

zzz2496

zzz2496 said:

Wow, I read your other thread, what happened? Care to share?

zzz2496

Well, if you read the other thread, you know my network/rig was compromised. It seems someone got in and used windows power shell to run remote commands to copy files and modify windows environment, ect. Even tried rewriting/editing event logs to mask their presence. I was one big proxy server apparently. I stumbled upon part of a script which just happened to have a partial IP along with a computer name(theirs) which after MUCh studying and trial and error (cmd line utilities)I managed to remedy the situation. :)
And would you believe that somehow in the proccess, it seems THEIR computer admin PW got changed, and the puter remotely shut down? Not sure how that happened
Thats the Cliffs notes version anyway. It took many hrs and plenty of foul language, though...

DreemWarrior said:

zzz2496 said:

Wow, I read your other thread, what happened? Care to share?

zzz2496

Well, if you read the other thread, you know my network/rig was compromised. It seems someone got in and used windows power shell to run remote commands to copy files and modify windows environment, ect. Even tried rewriting/editing event logs to mask their presence. I was one big proxy server apparently. I stumbled upon part of a script which just happened to have a partial IP along with a computer name(theirs) which after MUCh studying and trial and error (cmd line utilities)I managed to remedy the situation. :)
And would you believe that somehow in the proccess, it seems THEIR computer admin PW got changed, and the puter remotely shut down? Not sure how that happened
Thats the Cliffs notes version anyway. It took many hrs and plenty of foul language, though...

Whew, one hell of a ride, huh? Glad you made it through...

I'm curious, how did the "hacker" get into your network? Did you not have a firewall in place (some box that stands between your network and the internet)?

zzz2496

DreemWarrior said:

Hey everybody!
Wow, it's only been a week since my network was intruded upon, and I havent been in here-or elsewere for that matter-since then.
It feels like much longer!. Anyway, I utilized that time to learn all I could about networking and network security.(havent even scratched the surface, I know) BUt suffice it to say I remedied the situation and dont think that will be an issue( of that magnatude) again. I just wanted to thank all those who shared and helped me with it. I missed you guys*sniff*
You know, I didnt realize just how many PW I would have to change due to all this. What a PITA!( I never use the same one twice)
Oh, well. Alls well that ends well.:)

Glad you are back and that all is finally well. That is a real bummer that you had to go through this.

I'm curious, how did the "hacker" get into your network? Did you not have a firewall in place (some box that stands between your network and the internet)?

I was using windows native firewall, as well as the routers firewall, as well as WPA personal for wireless.(WPA2 maybe?)
I honestly believe the script originated from a website maybe. But it initiated a RDC (Remote Desktop Connection) Or thats my hypothesis at any rate. And I did find key/mouse drivers replaced with .sys file extentions. As I said, I dont know that much about the process other than what I learned on the fly. One thing still concerns me though. And it may be purely unrelated. But my desktop display doesnt quite fill my monitor(wide screen). Its lacking like 3/8" from fill, and nothing I've tried helps. Almost like an image of the desktop in the screen. Any guesses on that one?

Sounds like this thread to me...
Very similar to this thread...https://www.sevenforums.com/network-sharing/20284-login-rdp-without-bumping-current-session.html
I wonder how one would scan for something that for the most part ISNT unnatural programs/processes??

DreemWarrior said:

I'm curious, how did the "hacker" get into your network? Did you not have a firewall in place (some box that stands between your network and the internet)?

I was using windows native firewall, as well as the routers firewall, as well as WPA personal for wireless.(WPA2 maybe?)
I honestly believe the script originated from a website maybe. But it initiated a RDC (Remote Desktop Connection) Or thats my hypothesis at any rate. And I did find key/mouse drivers replaced with .sys file extentions. As I said, I dont know that much about the process other than what I learned on the fly. One thing still concerns me though. And it may be purely unrelated. But my desktop display doesnt quite fill my monitor(wide screen). Its lacking like 3/8" from fill, and nothing I've tried helps. Almost like an image of the desktop in the screen. Any guesses on that one?

Sounds like this thread to me...
Very similar to this thread...https://www.sevenforums.com/network-sharing/20284-login-rdp-without-bumping-current-session.html
I wonder how one would scan for something that for the most part ISNT unnatural programs/processes??

Did you put your computer in the DMZ zone? I'm curious as this experience can benefit us all, to protect self from being hacked...

I personally NEVER USE DMZ, and every incoming/outgoing traffic is always logged by my router, and it has it's own traffic log/bandwidth usage log, so whenever I feel the network being slow or if I smell something fishy, I can always review the logs/bandwidth monitor in my router.

zzz2496

Did you put your computer in the DMZ zone? I'm curious as this experience can benefit us all, to protect self from being hacked...

I personally NEVER USE DMZ, and every incoming/outgoing traffic is always logged by my router, and it has it's own traffic log/bandwidth usage log, so whenever I feel the network being slow or if I smell something fishy, I can always review the logs/bandwidth monitor in my router.

Is that what I did? lol I suppose so. So how do I go about SAFELY networking my home office? Or is that an oxymoron?
BTW I just had a peek at your tutorial.Looks WELL informed. I guess I'll curb any further questions until after I study that.:) I know I need to get rid/uninstall a LOT of network adapters that pose a potential weak link. And yes, I am logging everthing with router as well.
I already put out the bait by being in DMZ I guess!