What's new

Network monitoring/Security - I was hacked?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Sierraguy

New Around Here
I got the "nasty" letter from Comcast that someone at my IP address was downloading copyrighted stuff. Further investigation shows it couldn't have been my girlfriend (she has no idea what file sharing is) or myself (I don't file share). PLUS the file they listed is a 2011 comedy in RUSSIAN!!!! So it wasn't us (intentionally). Plus we don't p2p or torrent.

So either someone had my IP address at the time, which Comcast can't confirm as they say they can only track dynamic assignments for the last month (total garbage) or someone got in my firewall... Either my remote control (of a P2P app which doesn't exist on our machines) or a virus downloaded the file.

I secure my firewall. A Belkin N+ with WPA2. Do limited DHCP to select machines. Have Either ZoneAlarm, McAfee or Kapersky suites running on machines. Now only Norton IS 2012... And now full blown MalwareBytes in real time. Wich I had seen the latest reviews as I would have tried Bit Defender.

And I've switched over to a Netgear WNDR3700. I have the Belkin N+ which I'm thinking of flashing t0 DD-WRt and running 2 subnets. How secure is DDWRT?

Can anyone recommend anything? I'm going through the house collecting MAC addresses and am securing via MAC Address. (but this can be bypassed). WPS is getting killed.

How about a network monitoring application? I want to watch to P2P activity... be able to determine different activity on my network.. By port, etc...

By the way, there is NOONE else on my network. My girlfriend who is an everyday user who doesn't veer off the extremely safe conservative track in browsing and myself who is conservative but 20 years of IT so I know how to lock down and where not to go..

Any advice?
 
So, how was that 2011 Russian "Comedy" aka "porn"? Kidding.

So you've virus scanned all PC's and found no signs of malware? Did you also scan for rootkits? Use Kaspersky TDSS to do that.

Are all PC's fully patched? Use Secunia PSI to keep an eye on your PC security status.

What Cable modem do you have installed? Is it located inside your home?

Do you live in multifamily or single family?

Any Russian neighbors?

Are you sure your girlfriend isn't a covert Russian Agent? :eek: ;)
 
You can easily block all P2P activity by using OpenDNS as your DNS. You'll want to enforce a rule requiring all DNS requests (port 53) to go to OpenDNS otherwise clever people will manually change DNS settings on their client to use whomever they wish and bypass OpenDNS filtering.

If the "bad guy" visits P2P via IP, it also bypasses OpenDNS.

To block all P2P you'd need to get a list of ports used by them and block in firewall. Some Firewalls offer built-in filtering for this. I use Zyxel USG series.
 
Will rescan for Rootkits. But Yes.
Have Secunia on ALL machines already and keep updated.
Cisco 2100 cable modem installed right next to my desk.
Single Family

All issues I have addressed.
 
Are you running tor or have you visited any...

"free" vpn/proxy sites? I assume you don't but its worth asking. What about chat? Do you have the box that says something to the effect "block ICMP pings" or "allow wan login? Lastly Cable providers often have a router that effectively "splits" one node (ip address) amongst your house and a few (or many) neighbors, does the email they sent give you a mac address of the violating computer? I can do my best to answer but you may want to post in the broadband reports website, there they have people who know more about cable internet infrastructure and how this may have happened. I suspect however, that if you simply tell a CSR to simply read the email they (likely automatically sent) you, you won't even need to formally appeal, and they will wipe this from your account. Last thing, is there any chance this is simply spam?
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top