I believe I'm being hacked

[stephbg]

Dear Friends Whom I've Only Cultivated For Free Technical Support: I seem to have a problem and request advice.

I've been getting some odd laptop grinding noises, performance hits and complaints from McAfee that I'm not protected ("click "Fix") so I checked the Internet Inbound Events log and found a bunch of these:

A computer at 79.67.95-79.rev.gaoland.net has attempted an unsolicited connection to UDP port 28432 on your computer.

Another one from dru3.neoplus.adsl.tpnet.pl (same port)

etc. (ETA: OMG I've found HUNDREDS of them)

I have the option to ban the IP... should I?

More technical info on request - I haven't a clue what's going on.

TIA

NEW INFO: Something appears to be trying to open my Wireless Network Adapater (which I have switched off because I don't use it at home)

Comments

[buoy-wonder.livejournal.com]

Possible take over by a spam bot, try downloading Spy Bot search and destroy:

http://www.safer-networking.org/index2.html

[ariaflame.livejournal.com]

I take it that's windoze only. It doesn't specify.

[stephbg.livejournal.com]

Done and run. I'm still getting unsolicited connection attempts... but I haven't rebooted yet :-)

[stephbg.livejournal.com]

Nope. After powercycle I'm still fending off connection attempts. It's very uncomfortable :-(

[rdmasters.livejournal.com]

OK, what you are seeing are attempted attacks - 28432 is a known vulnerable port. Check your outgoing connections to see if you have been compromised.

Next, on your router, set it to drop incoming packets to that port - do this at the router, not the machine - once it has reached your laptop, you are already having to process it.

Lastly, update your scanner software, and do an audit - which includes re-checking your outgoing traffic.

If you have been compromised, consider re-installing - especially if the router logs show unexpected outgoing traffic, and your scanners come up clean.

[stephbg.livejournal.com]

Nothing in the outgoing logs, so the door is holding, but there's a lot of banging.

I don't have a router - just a wireless USB modem (which is included in the scanning system). New attempts come in as soon as I log in. I have a dynamic IP.

[rdmasters.livejournal.com]

Okay.

If you have a Telstra modem, ignore what I'm about to suggest. It Will Not Work.

If you have an Optus, 3, or Virgin USB modem, check the manufacturer - if it is a Huawei, then head down to your nearest 3 shop, and ask about the 3g-wifi router.

This is a little white or black box that you can plug aforementioned modem into, and it turns into a short-range access point. This can be configured to filter ports via a web interface - ie giving you a firewall.

It may offer that little extra layer of protection - but check the manual against your modem model for compatibility. Also, you will have to do a tiny bit of reconfiguration if you are not using 3 itself.

It also means that two of you can use the link at the same time :) Or more, if the cats are so inclined.

[stephbg.livejournal.com]

I have done as you suggested and got myself at NetComm 3G wireless router. I'm likely to post pathetic little cries for assistance whilst trying to secure it without breaking things I need. The manual is probably fine if you're a network administrator.

[kremmen.livejournal.com]

As a start, just power-cycle whatever it is you connect to the internet on (DSL modem?) so that it obtains a new IP address from your ISP. Then the bots can pester someone else.

If the bots are finding you even if your IP address changes, then try to find out whether there is something running on your machine that is attracting them.