Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Is my Network Hacked

Posted on 2006-10-25
18
Medium Priority
?
266 Views
Last Modified: 2010-04-11
When in My Computer / My Network Places, there are two sections.  Local and Internet.

IN the INternet section there has always been an MSN entry.  All of a sudden a new one appeared.  It is

tmp on Davide Ramo (10.0.1.158)

I have no idea what it is or how it got there, but if I left or right click on it, explorer hangs
0
Comment
Question by:Alexjc01
  • 7
  • 4
  • 2
  • +2
18 Comments
 
LVL 31

Expert Comment

by:rid
ID: 17805612
What kind of network is this? Is there a firewall somewhere? Is 10.0.x.x a valid address on your LAN?
/RID
0
 

Author Comment

by:Alexjc01
ID: 17805732
It's a simple home network with a main pc and 2 laptops sharing files and a printer.  Internet connection comes into a router which has a wired connection to the main PC and a wireless to the laptops.

The strange entry is visable from one of the laptops.  It is a main folder

I have no such valid address
0
 
LVL 31

Expert Comment

by:rid
ID: 17805815
Well, I guess it's time for a thorough virus and malware scan. Download something you trust and/or believe can scan the computer(s) and then disconnect the suspect from the network and scan it. Are you running a server of any kind, visible to the internet? If so, close the connection (port forwarding) in the router for the time being.
/RID
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 

Author Comment

by:Alexjc01
ID: 17805939
No server...wouldn't know how
0
 
LVL 31

Expert Comment

by:rid
ID: 17806015
OK :) then it's time for virus scan.... Can't help you with specifics, unfortunately, but you may have comments from experts with more knowledge or you can search the site for "virus scan" or something similar; "free virus scanner" might be a search string that could be useful.
/RID
0
 

Author Comment

by:Alexjc01
ID: 17806113
I'm scanning with AVG in a second.  IT's a work laptop and only has XP Firewall and Symantic Anti-Virus.  I can't see how to scan the specific file with this tool so will use AVG
0
 

Author Comment

by:Alexjc01
ID: 17806140
If it's fine though, how do I get rid of this file?  I can neither left or right click on it nor find reference to it in the registry
0
 
LVL 31

Expert Comment

by:rid
ID: 17806171
Try it in safe mode...

Also, of course, check any autostarting processes/programs (msconfig or check the registry or the services applet in control panel>??? ; I don't have an english windows here to check the proper applet, sorry).
/RID
0
 
LVL 4

Expert Comment

by:expexchuser
ID: 17807124
Do you know anyone named Davide Ramo?  There are several of them
http://www.zabasearch.com/query1_zaba.php?sname=David%20Ramo&state=ALL&ref=%24ref&se=%24se&doby=&city=&name_style=1

Can you ping 10.0.1.158?

Without looking in detail, I would guess someone joined a rouge laptop to your network.  Can you log into and look at your wireless router to see logs etc?  I usually lock down wireless routers by MAC address, so only authorized NICs can use the connection.
0
 

Author Comment

by:Alexjc01
ID: 17809909
How can somebody do that.  I have the SSID hidden and the higher security level on my network?

Where can I check on my BT Voyager to find a log.

Do you think they were just stealing bandwidth?
0
 

Author Comment

by:Alexjc01
ID: 17809911
And no..I don't know anyone calld that for sure.
0
 
LVL 2

Expert Comment

by:apostle12
ID: 17811313
What you can do is do a lookup on the ip address/service provider and then do a people search on his name in that city until you think you have pretty much narrowed it down and then go knock on his door and ask him what the hell he wants.
0
 

Author Comment

by:Alexjc01
ID: 17811503
Well whilst not connected to the net, I was able to right click and delete the file.  Don;t know is that achieves anything but it's gone.  Seems there was nothing really suggested that did much good though I'm still interested if I can see what happened if expexchuser can continue that thread
0
 
LVL 4

Accepted Solution

by:
expexchuser earned 252 total points
ID: 17812988
apostle, the IP is most likely a nat ip address and even if it were real, at best you would probably only get the contact information to an ISP and go knock on their door.  And without a subpeona they'll just laugh at you.

Alex, if it's just your home network don't sweat it.  Just monitor to see if it appears again.  If it was a rogue, they were probably just trying to get at your bandwidth.  Post again if you see it again and reference a link back to this question.  It's hard to garner much info w/o the connection being live.
0
 
LVL 8

Assisted Solution

by:PatG042800
PatG042800 earned 248 total points
ID: 17816693
First of all, 10.x.x.x are non-routable addresses reserved for private LAN use.

http://en.wikipedia.org/wiki/Private_network

You will not be able ping this 10.x.x.x address anywhere outside of your own local network.

What address space is your home network set up in? Typical home use is 192.168.x.x but some routers do allow 10.x.x.x addressing. Typically the 10.x.x.x addressing is used in larger companies or maybe even a hotspot location.  Has the laptop in question ever been in another location?  Windows wireless can connect to hotspots automatically. Or if you plugged into a network somewhere else with the 10.x.x.x the tmp link could just be a remnant of a connection done outside of your home network.

Plain and simple, if your home network is not set up in the 10.0.1.x address space it is highly unlikely that this tmp link was a result of someone connecting to your network at home.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware, the malware that locks down its victim’s files until they pay up, has always been a frustrating issue to deal with. However, a recent mobile ransomware will make the issue a little more personal… by sharing the victim’s mobile browsing h…
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question