Dont know where to post this :(

Due to a saddening event tonight I need to give my windows the most extreme and thorough examanation there ever was.

Any pointers to programs etc for spotting hacking and related files, activity.....

My systems are locked down pretty good but a friend has been troubled in the extreme by hacking for over 2 years, badly up to a year ago, then he thought he'd sorted it, then a month ago he started having troubles again, and his system has been going strange.

Unfortunately he has been dropping into serious depression the last year bordering on something worse it turns out. He got it into his head it was a friend of ours, asked him to come help him fix his computer and when the guy turned up he damn near got killed with an axe! Poor sod's in hospital tonight and the others in a cell.

If he has been targeted this badly then that leaves the rest of us wondering about our security as we were in regular contact computer wise.

Need to know beyond a shadow of a doubt :(

If there is a hacker I hope they get what theyre due threefold!!!!!!!!!!!

:angry: :angry: :angry: :angry: :angry: :angry: :angry:

you may install zone alarm software which is very good and mostly block all malicious traffic. anyway windowz is always a trouble on security expect.

also keep running the
netstat -a 10
in dos shell to see is anything going wrong behind your system, but keeping windowz system on internet 24/7 is really risky. :(

edit: speling mistakes

Mmmmm,

Well, I have had this happening to me also, but continuously for the last 2 1/2 years, every time I send emails or use ICQ to particular people the subject of the email turns up in a forum or whatever Im frequenting at the time. I am now 99% convinced I know exactly who they are and yes I have a great axe outside. But do I REALY know?

Caveat Emptor ....

Windows : I should not realy put this here but, If I was going to circumvent ZoneAlarm I would get the user to view a web page that would run a timed windows hook modifier for only long enough for me to change the zonealarm config, upload a sub7 variant then drop the hook system. There you have it. If scripted I could do this before you knew it had happned.

But, if your running on a dialup etc the data has to go through your ppp/dialup connection so running packet sniffer on your network proxy / gateway may help catch them at it. Then make sure your security logs get saved to cd "reguraly".

The worst senario has got to be when a hacker gets into your box and messes with the comms between two people who realy know each other, then your level of hackin, security and misc education in computers may be the only thing that prevents you from killing someone, or perhaps your faith in religion if your lucky, or a post by "Cyberpunk".

For those of us who have given up there original job for this type of work this is a big problem, these people that think they are REAL "hackers" that play this way are not only playing with your computer there playing with you, sending you down a one way street to hell.

If I find 100% conclusive proof in my mind that my box is being hacked like this which I a very sure it has I have several choices,

1. Break his legs,
2. Break his box and all associated equiptment
3. Break his legs and his box,
4. /dev/null him altogether,
5. just forget about it and congratulate myself for being so damn stupid to use a tool that I could not possibly understand the hidden complexities of in the first place, walk away and work for a supermarket pushing trollies instead of streams.

I choose 5 because im a lame and a pacifist and have seen enough broken bones and death in this world to last several lifetimes, although executing the other 4 are NOT beyond my capabilities, given the chance Im sure I could be rather good at some of them, favour being /home/balistics.

There is only one WRONG answer, its called windows, and I consider myself to know very little about security.

Just imagine the damage an ISP employee could do, and just because someone hacks your linux box does not give you the right to hurt them, because you cannot and will not EVER be 100% sure that your systems are secure. :angry: :stickout

God knows, we don't
Can you say for sure the sun will come up tomorrow???

I run Zonealarm, nav 2002 and a couple of other things too.

Recommend any good packet sniffer programs?

The ISP's should be on top of this problem but due to the the average net users unawareness of the problem generally dont do a thing rather than risk bad pr to their members. BTinternet is really bad for this. I switched ISP to another and now zonealarm hardly ever shows an alert as opposed to 50+ an hour :)

100% secure is I suppose a myth, but secure enough is attainable. I thought I was, but after these events I want to take my and my friends PC's up a few notches in case my pal wasnt the only or primary target.

Any other suggestions :confused:

Check out tamos.com, it is not free but IP wise its a good small app. Also as far as I can remember grc.com has some links to two very good systems, but there any a whole lot of them out there.

As regards to BTinternet, they run an open system, this means you can do most anything you want on it, I dare say this stops when you attack a commercial unit, then you get done.

But best of all do "networky" things, like at least have one Linux box in the equation even if it is an intermediate box. Handy systems that you can build on a 486 include freesco and smoothwall.
Then you can use your winbox to connect and as a sort-of honey pot, anyone breaks in the only break into your gateway, then use totaly different security software on your main box. Run a time sync so your logs are correct, learn what the difference between a probe and a real attack, the probe is the one you can see!

Other things to think about are Tiny personal firewall, it is application level and can check crc values, also NAT devices can be handy.

Here is a good article about taps/sniffers http://www.robertgraham.com/pubs/sniffing-faq.html

There are many things you can do, discussing security apps and giving recomendations in an open forum probibly is not one of the best options.

Learn and Use Linux, thats what its there for...