I believe I'm being hacked

[stephbg]

Dear Friends Whom I've Only Cultivated For Free Technical Support: I seem to have a problem and request advice.

I've been getting some odd laptop grinding noises, performance hits and complaints from McAfee that I'm not protected ("click "Fix") so I checked the Internet Inbound Events log and found a bunch of these:

A computer at 79.67.95-79.rev.gaoland.net has attempted an unsolicited connection to UDP port 28432 on your computer.

Another one from dru3.neoplus.adsl.tpnet.pl (same port)

etc. (ETA: OMG I've found HUNDREDS of them)

I have the option to ban the IP... should I?

More technical info on request - I haven't a clue what's going on.

TIA

NEW INFO: Something appears to be trying to open my Wireless Network Adapater (which I have switched off because I don't use it at home)

Comments

[buoy-wonder.livejournal.com]

Possible take over by a spam bot, try downloading Spy Bot search and destroy:

http://www.safer-networking.org/index2.html

[rdmasters.livejournal.com]

OK, what you are seeing are attempted attacks - 28432 is a known vulnerable port. Check your outgoing connections to see if you have been compromised.

Next, on your router, set it to drop incoming packets to that port - do this at the router, not the machine - once it has reached your laptop, you are already having to process it.

Lastly, update your scanner software, and do an audit - which includes re-checking your outgoing traffic.

If you have been compromised, consider re-installing - especially if the router logs show unexpected outgoing traffic, and your scanners come up clean.

[kremmen.livejournal.com]

As a start, just power-cycle whatever it is you connect to the internet on (DSL modem?) so that it obtains a new IP address from your ISP. Then the bots can pester someone else.

If the bots are finding you even if your IP address changes, then try to find out whether there is something running on your machine that is attracting them.