Solved

Firewall leakage??

Posted on 2001-07-28
13
159 Views
Last Modified: 2013-11-16
Hi,

I have a W2000 machine connected to the net via a cable modem and with Norton Personal Firewall (I've taken away all the predefined rules).

A couple of times I have seen my mouse pointer moving without touching the mouse myself and decided to install ZoneAlarm as well. Works fine, except that I still see the mouse moving sometimes...

Does anybody has an idea how serious this can is and how to avoid this in the future?
Could it be somebody "presented" me with something like Back Orifice? how can I find out? My virus scanner detects nothing.

Thanks for your help!!
0
Comment
Question by:Vriesman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +4
13 Comments
 
LVL 12

Accepted Solution

by:
Housenet earned 200 total points
ID: 6329757
-When you say "mouse moving", do you mean more than a little shift over (by a .mm) or do you mean you're seeing someone make mouse movements like a typical user would make (clicking on icons etc) ?
-If its the first, it is most likley to be driver or hardware related. If its the second then it definalty is a remote control software, like vnc or a backdoor remote control software.

-I suggest you scan your computer from another source using a good port scanner like ws_ping_pro_pack.. Scan the entire port range for your IP. 1 to 65535 .
-Post the results of the scan.
0
 

Author Comment

by:Vriesman
ID: 6329912
I have never seen any typical user movements like with a remote control program, but the mouse sometimes moves 5-10 cm.

As you suggested I'll scan my computer and post the results asap. Thanks!
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 6330400
Unlpug your computer from the network for a while, and tell me if your mouse pointer still moves.

No reason to treat this as a networking problem until you have absolute verification that it is.

-Jon
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 2

Expert Comment

by:kikkertm
ID: 6330522
agreed, I would expect zonealarm to warn you if someone connects to a trojan or so.. probably just a rogue driver or a desk that needs leveling !
0
 
LVL 1

Expert Comment

by:CompuNerd19
ID: 6330650
Damn those leaking firewalls!!  Sorry, just commenting on the title. :)   Anyhow, I agree with above.  I don't even believe this is an issue with drivers.  Is your mouse a standard ball mouse or something fancy like an optical mouse or whatnot.  Something could be wrong with it (dirty etc..) and the computer is getting false vibes (bad signals from the mouse, saying it actually moved but didn't). If a user had compromised your system with BO or SubSeven etc... they would probably have done more to you now then play with the mouse functions.  Try using another mouse or unplug like suggested above.   Hope I was of help.
0
 

Expert Comment

by:bluewasp
ID: 6331087
Hello,

if you happen to see the mouse moving considerably to make to the CNN then......
what you have i think is a sub-seven trojan on your system.  you will have to run a anti-virus and throw it off.

bluewasp
0
 
LVL 2

Expert Comment

by:kikkertm
ID: 6331133
bluewasp,

I see you are new here, welcome to EE.
Please do not post an answer if you're not sure it solves the problem. Using an answer will lock the question preventing other experts from responding. Please use comments so the person asking the question can decide for himself if it solves the problem or not. If your comment solves the question, the person asking the question can still accept your comment as an answer.

Regards,
Mike.
0
 
LVL 1

Expert Comment

by:CompuNerd19
ID: 6331314
Not to mention the fact that we have already thown the trojan idea out the window.  It is very unlikely that somebody would compromise a system and then make a user aware of the exploit by "playing" with the mouse.  If the user still believes a trojan is on his system, I would suggest that he simply go to start and then run.  Under run type: command.   Once in msdos prompt type:  
ntstat -a -n   and see what ports are open.  If he has a port that is not in the common range (0-1024) then we know maybe something is going on.  If not, mouse trouble. I am aware that SubSeven gives you alot of options, even changing the port number, but I do not believe this is the issue. I have been smacked around a great deal of times because I forgot to read other people's posts before I commented on a post.  ;)   I hope this helps  
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 6333734
Yeah, you can always spot the newbies when they start going around locking up questions with redundant advice.  No way bluewasp should get points here - the 'solution' has already been proposed by others, not to mention the fact that there is no way (yet) to tell if it is even correct.

I still say unplug the machine from the net and watch a while...

-Jon
0
 

Expert Comment

by:bluewasp
ID: 6333817
kikkertm,The--Captain,

yup a newbie here

didnt know that answering a question would lock it up.

--bluewasp
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 6334070
No prob - glad to know we didn't scare you off ;-)

Hope to see you around...

-Jon

0
 
LVL 1

Expert Comment

by:batkung
ID: 6343454
I've had this in the past with my mouse...turned out it was a bad mouse driver in win2k (apparently it's quite common)

do you by any chance have on eof those fancy logitech wheel mice?..

I'd try changing the mouse to a standard on first..

hope this helps
0
 

Author Comment

by:Vriesman
ID: 6663868
Thanks everybody for your help. I apologize for not having replied earlier.
Without network connection I couldn't detect any movements, but since they don't occur very often this will not definitively rule out a net-related cause.
I've reinstalled my PC some weeks ago, checked the ports as suggested and didn't see anyting suspicious. The movements did occur again though. After all your comments Probably the problem lies in the mouse/driver (it's a MS-wheel-mouse on W2k by the way).

Regards,
Peter

0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question