Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Is my computer being hacked?

Posted on 2000-05-20
7
Medium Priority
?
370 Views
Last Modified: 2013-11-16
I just install a internet security freeware .today,when I on-line,I have been informed the firewall has blocked the internet access from 203.116.87.164(UDP Port 28737).What is UDP port?This site has been blocked more than 20 times and number of port is increasing everytime.Is my computer being hacked by other person?
0
Comment
Question by:roger_liong
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 19

Expert Comment

by:MsShadow
ID: 2828892
Well, UDP is a network protocop, you have TCP/IP and you have UDP/IP. Now, it might be that someone is trying to hack you, since the port numbers increase every time. He is probably scanning all your ports.
0
 
LVL 1

Expert Comment

by:Serge Pelletier
ID: 2829770
For your information the ip is from: (more to follow)
Asia Pacific Network Information Center (APNIC2)
   These addresses have been further assigned to Asia-Pacific users.
   Contact information can be found in the APNIC database,
   at WHOIS.APNIC.NET or http://www.apnic.net/
   Please do not send spam complaints to APNIC.

   Netname: APNIC-CIDR-BLK
   Netblock: 202.0.0.0 - 203.255.255.0
   Maintainer: AP

   Coordinator:
      Administrator, System  (SA90-ARIN)  sysadm@APNIC.NET
      +61-7-3367-0490

   Domain System inverse mapping provided by:

   SVC00.APNIC.NET            202.12.28.131
   NS.APNIC.NET                  203.37.255.97
   NS.TELSTRA.NET            203.50.0.137
   NS.RIPE.NET                  193.0.0.193

   Regional Internet Registry for the Asia-Pacific Region.
   
   *** Use whois -h whois.apnic.net *** *** or see http://www.apnic.net/db/ for database assistance *** Record last updated on 18-Jun-1999. Database last updated on 19-May-2000 17:47:32 EDT.
0
 
LVL 1

Accepted Solution

by:
Serge Pelletier earned 150 total points
ID: 2829772
Roger,

I am using Black ice firewall since 2 weeks because someone was hacking me.

I do see the same warning from my firewall software and here how they explain the "alert":


False Positives

This is not necessarily an attack.

This may be what is known as a "false-positive", which is when the product detects an anomaly that isn't actually an attack.

The most common source of this alert is when the user first dials up to the Internet. Busy ISPs will re-assign IP addresses quickly, which means that as soon as you dial-up with your modem, you will be assigned the IP address of another user that just hung up. Any server attempting to send data to that other user will then be sending data at you. (Just like when you get your new telephone number and you start receiving phone calls intended for the person who used to own it). The product triggers this alert every time it receives UDP data that your computer never asked for.

A common source of this attack is from RealNetworks audio/video servers. You can guess this for yourself by checking the port number (which is part of the URL above). RealAudio uses ports in the range between 6970-7080. RealNetworks triggers this alert because it is very popular, and therefore one of the more common protocols that people receive as soon as they dial-up. It also triggers this because servers will still stream data at your computer for a little while even when your RealNetworks client shuts down. Please see article q000121.

Summary

Somebody has tried to access your machine and failed.


Details

This is one of the most common intrusions detected on the Internet. This is so common because hackers do frequent wide-spread scans looking for one specific exploit they can use to break into systems. The typical hacker scans thousands or millions of machines in a typical scan. In other words, the hacker isn't targeting you personally. In particular, this event is generated upon failed attempts, so there is no reason to worry.

Probes like this result from "script-kiddies", hackers just above the skill level of trained monkeys. They download attack programs (called "scripts") from various sites on the net, then run them against millions of machines. There are thousands of script-kiddies out there, so if you have a always-on connection (cable-modem, DSL), then you can expect about one of these scans per day.

About 10% of these scans are from forged (spoofed) addresses. This means the indicated IP address in the attack is probably from the real attack, but a small percentage of the time the indicated person is completely innocent.

About 20% of these scans are from machines already compromised by a hacker. In other words, if you report this scan back to the originator, they may thank you, because you've discovered a hacked system on their network they didn't know about.

Information on reporting the hacker can be found in our support Knowledge Base article q000016.

Ports

A port is a point of entry into a system. Each program running on a system is reached through its own ports. Most ports are "well-known", you can look them up in a table in order to get a good sense of what the hacker was looking for.
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 1

Expert Comment

by:Serge Pelletier
ID: 2829773
Ooops just for your information and copyrights : http://www.networkice.com
0
 
LVL 1

Expert Comment

by:deltree
ID: 2829820
Two well done answers. I just had to comment on them.
0
 
LVL 56

Expert Comment

by:andyalder
ID: 2831076
>>(UDP Port 28737).

Not a well known port, I'd panic and turn my PC off quickly if I was you!!

0
 

Expert Comment

by:jonsanderson
ID: 2849667
I seem to remember that netbus runs on this port or one very near, but i may be wrong
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question