|
DAL Computer Help
» Internet Security Help
» Spyware, Adware, Viruses and HijackThis Logs
»
IP Addy hacking?
IP Addy hacking?
Spyware, Adware, Viruses and HijackThis Logs
19-11-2008, 03:34 PM
|
|
Newbie
D-A-L Newbie
|
|
Join Date: Jul 2007
Posts: 19
|
|
|
IP Addy hacking?
As I write this I kind of know the answer, but I need to show somebody else who I believe has been a victim of such a situation (well, is currently being the victim) and refuses point blank to believe it.
Is it possible for somebody to hack into somebody else's computer and do things that will show up as coming from that IP address even though they are on the other side of the world?
And if so, is there any way of proving categorically that it's happened?
Thank you in advance
|
19-11-2008, 04:55 PM
|
 |
Senior Member (Canada)
|
|
Join Date: Nov 2005
Posts: 3,439
|
|
|
Re: IP Addy hacking?
One scenario that potentially meets your criteria would be the 'Man-in-the-Middle attack':
See example:
Man-in-the-middle attack - Wikipedia, the free encyclopedia
__________________
Vincent P
MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|
 __ 
ASAP: promoting a high standard and quality of security support no matter where you seek help.
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
|
|
19-11-2008, 05:02 PM
|
|
Newbie
D-A-L Newbie
|
|
Join Date: Jul 2007
Posts: 19
|
|
|
Re: IP Addy hacking?
Blimey, that's scary 
But - I don't know if it fits - doesn't that assume more than a passing knowledge of the workings of a pc?
|
19-11-2008, 05:38 PM
|
|
Senior Member (Canada)
|
|
Join Date: Nov 2005
Posts: 3,439
|
|
|
Re: IP Addy hacking?
Quote:
|
doesn't that assume more than a passing knowledge of the workings of a pc?
|
Correct.
Often the initial compromise starting point (report to base) is to load a trojan, keylogger, or remote access program on the target PC . The delivery mechanism could be an email (with imbedded script) that would not necessarily need to be opened, a malware download, or an unsolicited IM (instant message).
Most people are hard to convince they might have a problem unless they can see a reason for or motive behind the potential compromise.
__________________
Vincent P
MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|
__
ASAP: promoting a high standard and quality of security support no matter where you seek help.
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
|
|
19-11-2008, 05:49 PM
|
|
Newbie
D-A-L Newbie
|
|
Join Date: Jul 2007
Posts: 19
|
|
|
Re: IP Addy hacking?
Quote:
Originally Posted by VopThis
Correct.
Often the initial compromise starting point (report to base) is to load a trojan, keylogger, or remote access program on the target PC . The delivery mechanism could be an email (with imbedded script) that would not necessarily need to be opened, a malware download, or an unsolicited IM (instant message).
Most people are hard to convince they might have a problem unless they can see a reason for or motive behind the potential compromise.
|
Yes, there are none so blind as those who will not see, and she certainly won't at the moment...
Short of getting on a train and going to her house and running every single spyware/malware/adware/antivirus software I can find - which still might not pick anything up, because this guy is very, VERY cunning - I can't see this having any sort of happy ending.
We've shown her stuff in black and white that proves that things have been done from her computer that she categorically denies having done, and she still can't see that there even might be a problem.
|
19-11-2008, 07:04 PM
|
|
Senior Member (Canada)
|
|
Join Date: Nov 2005
Posts: 3,439
|
|
|
Re: IP Addy hacking?
Quote:
|
We've shown her stuff in black and white that proves that things have been done from her computer that she categorically denies having done
|
Let me show you how I could easily compromise friends and family members who trust me. Many of those people have needed help and have allowed to me to install FREE 'remote access' programs on their PCs. LOGMEIN is one such tool that allows me to stealthily log into their running PC whenever desired and without obstacle. I can log in my accessible PCs when I am thousands of miles away and generate any traffic attributable to that source, if that would be my desire.
Another FREE 'remote access' program that I may initially use is 'CROSSLOOP' that allows user control over who may access their PC and whether 'read only' initially. When I run that program it generates an access code that I can provide for them to be able to access my PC. Once trust is established, I can offer to reverse who is in control to take over their PC but they must allow that, can initially choose 'read only', and can exit the connection at any point.
CROSSLOOP ( CrossLoop - Simple, secure screen-sharing and trusted experts for computer help ) may actually represent an opportunity to do some remote diagnostics. Another such running tool might actually conflict with 'Crossloop' - telling us something is not right. Just download the tool without creating an account. When running the tool, simply 'x' the pop up box to proceed. Now you can do everything that you would be able to do if you were actually sitting at that computer.
One initial diagnostic I would run is to go into the command prompt and run the following command:
netstat -an (HELP= netstat /?)
The following tool, TCPVIEW, could be more useful in continuous real-time monitoring:
TCPView download and review - view open TCP connections from SnapFiles
That could show TCP foreign address PORTS in use that could be indicative of any 'remote access' programs that might be running. You can look up any ports as to known purpose, if any:
https://www.grc.com/PortDataHelp.htm
Example LOG:
Quote:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Vincent>netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2002 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1040 127.0.0.1:2002 ESTABLISHED
TCP 127.0.0.1:1052 127.0.0.1:1053 ESTABLISHED
TCP 127.0.0.1:1053 127.0.0.1:1052 ESTABLISHED
TCP 127.0.0.1:1056 127.0.0.1:1057 ESTABLISHED
TCP 127.0.0.1:1057 127.0.0.1:1056 ESTABLISHED
TCP 127.0.0.1:2002 127.0.0.1:1040 ESTABLISHED
TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5152 127.0.0.1:1171 CLOSE_WAIT
TCP 127.0.0.1:10110 0.0.0.0:0 LISTENING
TCP 192.168.22.198:139 0.0.0.0:0 LISTENING
TCP 192.168.22.198:1043 77.242.193.145:443 ESTABLISHED
TCP 192.168.22.198:1257 142.176.121.94:80 CLOSE_WAIT
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1066 *:*
UDP 127.0.0.1:1900 *:*
UDP 192.168.22.198:123 *:*
UDP 192.168.22.198:137 *:*
UDP 192.168.22.198:138 *:*
UDP 192.168.22.198:1900 *:*
C:\Documents and Settings\Vincent>
|
__________________
Vincent P
MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|
__
ASAP: promoting a high standard and quality of security support no matter where you seek help.
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
|
|
19-11-2008, 07:32 PM
|
|
Newbie
D-A-L Newbie
|
|
Join Date: Jul 2007
Posts: 19
|
|
|
Re: IP Addy hacking?
Wow. Seriously, this is a whole other world to me.
So basically, if you know what you're doing, the answer is yes, you can 'use' somebody else's IP without them necessarily knowing...
|
19-11-2008, 08:09 PM
|
|
Senior Member (Canada)
|
|
Join Date: Nov 2005
Posts: 3,439
|
|
|
Re: IP Addy hacking?
Quote:
|
you can 'use' somebody else's IP without them necessarily knowing...
|
Exactly. So who has done the deeds in question - supposed friend or unknown foe?
Here is another example. You could log into a remote PC or neighbor's wireless access point and browse for child pornography or to send SPAM. If the authorities were to investigate such activities, they would not be able to trace it back to you or your IP but to the IP of some innocent account owner whose PC has been compromised. Good luck to that person clearing their name with such irrefutable CLEAR EVIDENCE.
Some hackers actually manage to gain control of thousands of PC s called BOTS (often trojan based) which they use in their illegal activities. Most users would probably not even be aware of such 'EXTRA' activity.
I am sure that 'Crossloop' sounds complicated, but it really isn't. I actually sat down one day with 2 PCs connected to the Internet and ran both sides to get familiar with the process. At least, it saves you on the distance logistics issues.
__________________
Vincent P
MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|
__
ASAP: promoting a high standard and quality of security support no matter where you seek help.
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
|
Last edited by VopThis; 23-11-2008 at 04:44 PM.
Reason: ADDED: neighbor's wireless access point
|
19-11-2008, 08:12 PM
|
|
Newbie
D-A-L Newbie
|
|
Join Date: Jul 2007
Posts: 19
|
|
|
Re: IP Addy hacking?
Quote:
Originally Posted by VopThis
Exactly. So who has done the deeds in question - supposed friend or unknown foe?
Here is another example. You could log into a remote PC and browse for child pornography or to send SPAM. If the authorities were to investigate such activities, they would not be able to trace it back to you or your IP but to the IP of some innocent account owner whose PC has been compromised. Good luck to that person clearing their name with such irrefutable CLEAR EVIDENCE.
Some hackers actually manage to gain control of thousands of PC s called BOTS (often trojan based) which they use in their illegal activities. Most users would probably not even be aware of such 'EXTRA' activity.
I am sure that 'Crossloop' sounds complicated, but it really isn't. I actually sat down one day with 2 PCs connected to the Internet and ran both sides to get familiar with the process. At least, it saves you on the distance logistics issues.
|
Good God, I am such an innocent, that hadn't even occured to me. The more I hear about the internet the more I realise that it can do just as much harm as good.
What's happening with my friend seems positively trivial in this light
|
 |
Similar Threads
|
| Thread |
Thread Starter |
Forum |
Replies |
Last Post |
|
ip addy
|
deb53011 |
Firewalls and Networks |
2 |
11-08-2009 01:15 PM |
|
PC hacking
|
brain_damage |
Chat Room |
9 |
06-01-2007 02:13 AM |
|
Removing web addy etc from printing
|
yumzone |
Other Software |
1 |
14-02-2006 03:02 PM |
|
Hacking
|
Chris kandaba |
Desktop / Server Applications |
6 |
17-10-2004 11:37 AM |
|
Hacking
|
Basthabda |
Windows XP Help |
1 |
16-08-2004 12:17 PM |
All times are GMT +1. The time now is 03:00 PM.
|
|
