Shadal
04-13-2002, 08:21 PM
Woke up one of my client computers today, and found this message:
http://home.tampabay.rr.com/shadal/images/hacker.jpg
after i calmed down i started thinking...
This computer is a client behind an SMC Barricade Router,
Apps Running:
KaZaA
Norton Antivirus 2002
StartSurfing 1.0
I didn't see anything too suspicious running in the processes (like a trojan) and Microsoft Alerter service ISN'T running. So I Still can't for the life of me figure out how the hell they sent that message...
So then i realized where i went stupid... I had completly forgotten that a few days ago i had run an application on that system that needed full access to the internet. So in the router's configuration I did so, gave it complete access to the internet (ie: All ports open IN and OUT) well, forgot to disable that after i was finished...
So by someone trying to gain access (most likely to my domain that i run on my webserver behind the firewall also) the router redirected their hack to my open client rather than allowing them access to my server (LOL) but still.. I almost s*** my pants when I saw that message...
[Edited for language **Imperion1**]
I still would like to know how they poped up a message on the screen like that. That would be usefull to know (for within the network).
So now that I've disabled total access to/from that system, hopefully this won't happen again... Now off to run a few more security checks & scan that system for viruses, etc.
http://home.tampabay.rr.com/shadal/images/hacker.jpg
after i calmed down i started thinking...
This computer is a client behind an SMC Barricade Router,
Apps Running:
KaZaA
Norton Antivirus 2002
StartSurfing 1.0
I didn't see anything too suspicious running in the processes (like a trojan) and Microsoft Alerter service ISN'T running. So I Still can't for the life of me figure out how the hell they sent that message...
So then i realized where i went stupid... I had completly forgotten that a few days ago i had run an application on that system that needed full access to the internet. So in the router's configuration I did so, gave it complete access to the internet (ie: All ports open IN and OUT) well, forgot to disable that after i was finished...
So by someone trying to gain access (most likely to my domain that i run on my webserver behind the firewall also) the router redirected their hack to my open client rather than allowing them access to my server (LOL) but still.. I almost s*** my pants when I saw that message...
[Edited for language **Imperion1**]
I still would like to know how they poped up a message on the screen like that. That would be usefull to know (for within the network).
So now that I've disabled total access to/from that system, hopefully this won't happen again... Now off to run a few more security checks & scan that system for viruses, etc.