My friend asked me what would she do when her computers have been hacked in the campus department network. she has more than 15 computers on the network. She discovered that one of the computer, the mouse moves automatic and files and folders open automatic too on win pro 2000. She tried to install Norton internet secuity but it doesn't work. She thinks it might has virus or trojan. then she found out that other computer has detect an unknown IP Address by Sygate firewall, but she didn't know what to do after sygate has detected it. (like how to block it or whatever) She needs her computer to be on network so she could do her work.

Get the hacked pc disconnected from the network.

Here are some resources I found through google.com (search terms: anti-hacker response, anti-hacker tools).

Also check www.grc.com site
List of anti-hacker sites: http://www.langa.com/newsletters/2000/jan-17-00.htm#3

http://www.mnsi.net/~jhlavac/freeware/security.htm
http://www.mnsi.net/~jhlavac/security/hacker.htm

http://www.softwaresecuritysolutions.com/pestpatrol.htm

http://www.mcgraw-hill.co.uk/mh_community/images/anti-hacker_toolkit.pdf

http://www.spyguard.com/default.asp?refer=14123

Good luck,
jmichna

http://packetstorm.decepticons.org/

plug 'trojan removal' into the search box. Or goto the defense link and look for 'Windows95/98/NT/2k Defense '

Firstly id disconnect from the internet for a while, if the behaviour continues its a virus and not a hacker.

--Jakk:t

and easy way to prevent hacking is to use

IPSec

is free and is already installed in your NIC

:t

There are several tools that allow remote control of a box, they can be used for good or bad. VNC, pcanyware, etc. All kinds of other backdoor tools.

With W2k, while connected to the network, you can type netstat /a . This lists all the connections your machine is making by port. You can see what your machine is listening with another netstat command. can't remember so use netstat /? to get the list of switches. YOu should't listen on anything you don't need. ie port 666.

There are other tools that will categorize all the processes and threads running on your machine, even "hidded" ones. Check into suspicious ones.

Having restrictions on the box that prevent users from modifying the system state help with some problems.

Make sure you run a hardware based firewall. This is critical for anyone conducting business. You can specify what traffic is allowed in and out, from where and on what port. This is OS independent and extremely difficult to compromise. IPSEC is good for a W2K environment but if you have macs or linux in the bunch you can't implement this without a headache.

I think someone is hackin into my computer maybe or tryin to make me a server of some sort (it has happened in the past on an older computer). My computer has been really slow lately, but anyways, I used that netstat command and heres what I found...

There were some weird ones, like this (fort worth):

c66.169.105.253.ftwrth.tx.charter.com:3640

And some that definitely seemed suspicious to me like:

res-152-16-240-230.dorm.duke.edu:1214
There were a bunch of these listed.

And others I had no idea of like:

mke-24-290147-34.wi.rr.com:2235
and
c17406.frank1.vic.optusnet.com.au:1214


I dont know, what do you guys think about that? Should I do anything? My computer really has been acting up.

Drag

i have other questions about disabling the DCHP on linksys router and set my computer as Static IP when using ATT cable.
Will the hacker get into my computer if i set my computer static ip & disable DCHP & using Port Forwarding? Since i want to be able to use DCC on irc when using port forwarding.

other question is ... is there any difference between "Obtain an IP address automatically" and "Use the following IP address"(for static)? how would hacker get into my computer if i have 4 ccomputer with different static ip address.

invincible, you can set a password on your Linksys router or accesspoint (etc). You will want to set that so it is not the default password because anyone can find that password and hack your network. Besides that, the only other thing you have to worry about is trojans and how to keep them out. Ciao! :t

The_Shafer :D

1214 is kazaa, 2235 sercom w-link, 3640 is netplay.

Having kazaa running as a supernode on your machine will slow it down. If your router doesn't have a firewall built in zine alarm will help.

If you have a router be sure you've changed its access password from the default.

http://www.networksorcery.com/enp/protocol/ip/ports00000.htm

good luck.

QwertyQ!,
I did select that supernode option on Kazza, but I never leave it running when I am not downloading anything. I also have Zone Alarm Pro, but sometimes I think that is what makes my computer so slow, seeing as how when I boot up my computer and everyhting loads, it takes Zone Alarm about 2 or 3 minutes. And while its loagind for that time I cant really do anything or click on the task bar. The routers default password was changed also.

Drag

Originally posted by dragflameson
QwertyQ!,
I did select that supernode option on Kazza, but I never leave it running when I am not downloading anything. I also have Zone Alarm Pro, but sometimes I think that is what makes my computer so slow, seeing as how when I boot up my computer and everyhting loads, it takes Zone Alarm about 2 or 3 minutes. And while its loagind for that time I cant really do anything or click on the task bar. The routers default password was changed also.

Drag ZAPro loads within a few seconds upon OS loading for me. ZAPro has no effect on the speed of our pcs (running on three different machines).

Not for me it doesn't.