Solved

Is my Network Hacked

Posted on 2006-10-25
18
254 Views
Last Modified: 2010-04-11
When in My Computer / My Network Places, there are two sections.  Local and Internet.

IN the INternet section there has always been an MSN entry.  All of a sudden a new one appeared.  It is

tmp on Davide Ramo (10.0.1.158)

I have no idea what it is or how it got there, but if I left or right click on it, explorer hangs
0
Comment
Question by:Alexjc01
  • 7
  • 4
  • 2
  • +2
18 Comments
 
LVL 31

Expert Comment

by:rid
ID: 17805612
What kind of network is this? Is there a firewall somewhere? Is 10.0.x.x a valid address on your LAN?
/RID
0
 

Author Comment

by:Alexjc01
ID: 17805732
It's a simple home network with a main pc and 2 laptops sharing files and a printer.  Internet connection comes into a router which has a wired connection to the main PC and a wireless to the laptops.

The strange entry is visable from one of the laptops.  It is a main folder

I have no such valid address
0
 
LVL 31

Expert Comment

by:rid
ID: 17805815
Well, I guess it's time for a thorough virus and malware scan. Download something you trust and/or believe can scan the computer(s) and then disconnect the suspect from the network and scan it. Are you running a server of any kind, visible to the internet? If so, close the connection (port forwarding) in the router for the time being.
/RID
0
 

Author Comment

by:Alexjc01
ID: 17805939
No server...wouldn't know how
0
 
LVL 31

Expert Comment

by:rid
ID: 17806015
OK :) then it's time for virus scan.... Can't help you with specifics, unfortunately, but you may have comments from experts with more knowledge or you can search the site for "virus scan" or something similar; "free virus scanner" might be a search string that could be useful.
/RID
0
 

Author Comment

by:Alexjc01
ID: 17806113
I'm scanning with AVG in a second.  IT's a work laptop and only has XP Firewall and Symantic Anti-Virus.  I can't see how to scan the specific file with this tool so will use AVG
0
 

Author Comment

by:Alexjc01
ID: 17806140
If it's fine though, how do I get rid of this file?  I can neither left or right click on it nor find reference to it in the registry
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 31

Expert Comment

by:rid
ID: 17806171
Try it in safe mode...

Also, of course, check any autostarting processes/programs (msconfig or check the registry or the services applet in control panel>??? ; I don't have an english windows here to check the proper applet, sorry).
/RID
0
 
LVL 4

Expert Comment

by:expexchuser
ID: 17807124
Do you know anyone named Davide Ramo?  There are several of them
http://www.zabasearch.com/query1_zaba.php?sname=David%20Ramo&state=ALL&ref=%24ref&se=%24se&doby=&city=&name_style=1

Can you ping 10.0.1.158?

Without looking in detail, I would guess someone joined a rouge laptop to your network.  Can you log into and look at your wireless router to see logs etc?  I usually lock down wireless routers by MAC address, so only authorized NICs can use the connection.
0
 

Author Comment

by:Alexjc01
ID: 17809909
How can somebody do that.  I have the SSID hidden and the higher security level on my network?

Where can I check on my BT Voyager to find a log.

Do you think they were just stealing bandwidth?
0
 

Author Comment

by:Alexjc01
ID: 17809911
And no..I don't know anyone calld that for sure.
0
 
LVL 2

Expert Comment

by:apostle12
ID: 17811313
What you can do is do a lookup on the ip address/service provider and then do a people search on his name in that city until you think you have pretty much narrowed it down and then go knock on his door and ask him what the hell he wants.
0
 

Author Comment

by:Alexjc01
ID: 17811503
Well whilst not connected to the net, I was able to right click and delete the file.  Don;t know is that achieves anything but it's gone.  Seems there was nothing really suggested that did much good though I'm still interested if I can see what happened if expexchuser can continue that thread
0
 
LVL 4

Accepted Solution

by:
expexchuser earned 63 total points
ID: 17812988
apostle, the IP is most likely a nat ip address and even if it were real, at best you would probably only get the contact information to an ISP and go knock on their door.  And without a subpeona they'll just laugh at you.

Alex, if it's just your home network don't sweat it.  Just monitor to see if it appears again.  If it was a rogue, they were probably just trying to get at your bandwidth.  Post again if you see it again and reference a link back to this question.  It's hard to garner much info w/o the connection being live.
0
 
LVL 8

Assisted Solution

by:PatG042800
PatG042800 earned 62 total points
ID: 17816693
First of all, 10.x.x.x are non-routable addresses reserved for private LAN use.

http://en.wikipedia.org/wiki/Private_network

You will not be able ping this 10.x.x.x address anywhere outside of your own local network.

What address space is your home network set up in? Typical home use is 192.168.x.x but some routers do allow 10.x.x.x addressing. Typically the 10.x.x.x addressing is used in larger companies or maybe even a hotspot location.  Has the laptop in question ever been in another location?  Windows wireless can connect to hotspots automatically. Or if you plugged into a network somewhere else with the 10.x.x.x the tmp link could just be a remnant of a connection done outside of your home network.

Plain and simple, if your home network is not set up in the 10.0.1.x address space it is highly unlikely that this tmp link was a result of someone connecting to your network at home.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now