OT: Hacker Attempt?

[Atrocities]

I get home today and my PC has rebooted. When I left it was on but not doing anything. No updates were performed for MS so that wasn't the cause. After logging in my McAfee personal firewall thingy popped up with over a 100 items since 11 am this morning ending at 1 pm.

They were all from cds236.lad.linw.net trying to access various ports, use various authorities, and so on.

So I ask you, do you think this is a hacker attempt.

[Sivran]

Are you not behind a router?
Probably just a random port scan. I'd point the finger at power, myself.

[Atrocities]

Yes hiding behind router I am. But its just a cheapy DSL router called actiontech.

[Arralen]

If someone from the internet is accessing "various ports" on your PC which connected to the internet through a router (router, not only DSL modem?), the router must be seriously misconfigured: Normally, it should drop any packets from the internet that where not explicitly requested from your PC (and thereby making a Personal Firewall superflous ..) - Unless you have forwarded special ports to your PC, to make it possible to someone on the Internet to access some server you're running.

Having multiple ports 'probed' sounds to me like you activated the DMZ (demilitarized zone or something, completely nonsense name for "let everything go right through"). This is a very bad idea in 99,98% of all cases .. as it takes your best security layer away and leaves you at the mercy of some 'personal firewall', virus scanner and security holes in those, the underlying OS and all the applications you're using.

Btw.- which OS and patch version are you using? There where several attacks on Windows which worked by deliberatly crashing the OS by sending malformed packets and getting some injected code executed on the way.

That said, you can't ever be 100% sure this was or wasn't an (un)succesful hacking attempt. I hope you're running the PC as user with restricted rights (only applies to W2k and XP prof, obviously)? If the answer is no, I give you a 67% chance that your PC is infected and needs reinstallation from ground up.

[Atrocities]

It might just be a DSL modem and not a router. :0 Thanks for the info Arralen. I run it as administrator and have ran several sweeps of Pest Patrol, and AVG anti Virus.

Since all of the attempts to access the ports were made by one listed entity, and they used other known hacker attacks to try and gain entry over a very short period of time, I would suspect that this was a directed attack and not just a random one. I mean over a 100 hits in less than an hour all coming from the same source kind makes one think that whoever is behind this is not a friendly person.

The trace always went from Wa DC to LA to Berlin to Deven to Portland back to DC. Some times Chicgo was listed in the trace.

I need to buy a router I guess. Any suggestions?

[Will]

Quote:

Atrocities said:
I mean over a 100 hits in less than an hour all coming from the same source kind makes one think that whoever is behind this is not a friendly person.

I'll agree on the statement that they are probably not friendly. But this is not directed specifically at you, if there are only 100 hits.

As for the reboot, I would blame power, as well. A little noise on the power lines would be all it takes.

[Arralen]

100 hits from 1 source to different ports/services over an extended period of time is a hack attempt, not just a random port scan.
Mustn't be the case that it was really targeted at Atrocities PC - even DSL is some form of dial-up and gets changing IP adresses.

If a power surge is more likely to blame for the reboot I cannot say, as I don't know about the situation. (power network quality, the power supply of the PC etc) I know I had 1 reboot due to power surge in over 5 years - and that affected not only my 2 machines, but a whole lot of other things as well, therefore was quite 'noticable'. Surely "a little noise on the power lines" should not be sufficient to make a PC reboot, unless the power supply is really crappy or partly defective.

Concerning the router - there are more models out there then one could count, I guess. Everything that suits your taste and purse should be fine, as long as you stay away from those with known problems
See this list for some (bad) examples ...

[Baron Munchausen]

Quote:

Atrocities said:
I get home today and my PC has rebooted. When I left it was on but not doing anything. No updates were performed for MS so that wasn't the cause. After logging in my McAfee personal firewall thingy popped up with over a 100 items since 11 am this morning ending at 1 pm.

They were all from cds236.lad.linw.net trying to access various ports, use various authorities, and so on.

So I ask you, do you think this is a hacker attempt.

This combination is very suspicious. If he managed to install something on your system the first thing he'd do is reboot to get it loaded into the OS. I'd run scans with all the virus and spyware checkers you've got and be very suspicious of the machine for a while. Watch all your network activity closely.

[tesco samoa]

perhaps your os did you check your system log files

[Atrocities]

I don't know how to check my system log files Tesco. Regrettably I have very little PC skills.

The clocks in the house were fine, so power outage was no the ticked. A power surge could be possible, but unlikely.