The Top DSM Community on the Web

For 1990-1999 Mitsubishi Eclipse, Eagle Talon, Plymouth Laser, and Galant VR-4 Owners. Log in to remove most ads.

Register Log in
Please Support Kiggly Racing
Please Support Morrison Fabrication

Am I being hacked?

This site may earn a commission from merchant
affiliate links, including eBay, Amazon, and others.

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

spyderturbo007

spyderturbo007

DSM Wiseman
2,425
59
Dec 20, 2002
New Cumberland, Pennsylvania
I need some help from some of you computer geniuses out there. I know this isn't a computer forum, but I thought some of you guys might be into this sort of thing.

From what I'm getting from my router logs, someone has been port sniffing my home network for at least the past 2 days. The router only holds 20 pages of logs, but other than the normal IP address assignments to my laptop and XBOX 360, it's filled with the following:



Apr/30/2008 Drop TCP packet from WAN Source = 125.65.112.152:6000 Destination = myipaddress:7212
09:57:22

Rule: Default deny



Apr/30/2008 Drop TCP packet from WAN Source = 125.65.112.152:6000 Destination = myipaddress:8000
09:57:22

Rule: Default deny




Apr/30/2008 Drop UDP packet from WAN Source = 202.99.11.99:1231 Destination = myipaddress:1434
09:36:00

Rule: Default deny




Apr/30/2008 Drop UDP packet from WAN Source = 222.161.2.45:50917 Destination = myipaddress:1026
09:32:05

Rule: Default deny


A whois lookup of the source IP addresses shows them coming from China. I'm at work, so I called the wife and told her to shut down all the PC's until I get home. What should I do? It looks like the router has been blocking all the attempts, but I'm still afraid something might have gotten through. I'm guessing if they were still attempting the hack, they haven't gotten anything yet.

I know I don't have any malware, worms, trojans, etc on either of the PC's at home, since I scan them everyday.
 
Those look like basic probe attempts to find a vulnerable host. I wouldn't worry too much about it, and if you don't know anyone in China or surf any Chinese websites (let me find out you're buying an evo3gt turbo... haha)... I would just block that subnet of IP's and you don't have to worry about it.

Of course, monitor your logs to see if they switch to another proxy or something like that.... or you can always try to "re-lease" your IP to your dsl/cable modem by using the web interface to release and renew it.
 
That's what I thought at first, but it seemed pretty excessive. Normally I see a couple everyday, but there were probably about 200 over the past 2 days. That's what scared me. When I block the subnet, what exactly do I block? For example, do I block the entire 202 subnet, or do I have to be more specific, like 202.99.11.0 - 202.99.11.199?

How would I know if they switch proxy servers?

I was going to attempt a reboot of the modem, but I'm at work and my wife doesn't get along with things that have circuit boards. That will be the first thing I do when I get home.

The only additional ports I've opened are for XBL and RDC. Even if they were sniffing the RDC port and attempting to gain access, they would still need to brute force the username and password, correct?

Thanks for all your help!
 
You must log in or register to reply here.

Similar threads

Am I being scammed.
Replies
12
Views
494
1996dsm
1996dsm
Amazin' Wasian
Am I Being scammed?
Replies
4
Views
255
a_scobel
a_scobel
I am being SCAMMED!!
Replies
7
Views
441
Stealth_Racing
WTF am I being screwed?
Replies
16
Views
538
dis_ill_usion
XSNRGGST
  • Poll
I am being harassed via email
Replies
0
Views
53
Defiant
Support Vendors who Support the DSM Community
Boosted Fabrication ECM Tuning ExtremePSI Fuel Injector Clinic Innovation Products Jacks Transmissions JNZ Tuning Kiggly Racing Morrison Fabrications MyMitsubishiStore.com RixRacing RockAuto RTM Racing STM Tuned

Latest posts

Build Thread Updates

Vendor Updates

Latest Classifieds

Back
Top