We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Is my Network Hacked

Alexjc01
Alexjc01 asked
on
Medium Priority
280 Views
Last Modified: 2010-04-11
When in My Computer / My Network Places, there are two sections.  Local and Internet.

IN the INternet section there has always been an MSN entry.  All of a sudden a new one appeared.  It is

tmp on Davide Ramo (10.0.1.158)

I have no idea what it is or how it got there, but if I left or right click on it, explorer hangs
Comment
Watch Question

rid

Commented:
What kind of network is this? Is there a firewall somewhere? Is 10.0.x.x a valid address on your LAN?
/RID

Author

Commented:
It's a simple home network with a main pc and 2 laptops sharing files and a printer.  Internet connection comes into a router which has a wired connection to the main PC and a wireless to the laptops.

The strange entry is visable from one of the laptops.  It is a main folder

I have no such valid address
rid

Commented:
Well, I guess it's time for a thorough virus and malware scan. Download something you trust and/or believe can scan the computer(s) and then disconnect the suspect from the network and scan it. Are you running a server of any kind, visible to the internet? If so, close the connection (port forwarding) in the router for the time being.
/RID

Author

Commented:
No server...wouldn't know how
rid

Commented:
OK :) then it's time for virus scan.... Can't help you with specifics, unfortunately, but you may have comments from experts with more knowledge or you can search the site for "virus scan" or something similar; "free virus scanner" might be a search string that could be useful.
/RID

Author

Commented:
I'm scanning with AVG in a second.  IT's a work laptop and only has XP Firewall and Symantic Anti-Virus.  I can't see how to scan the specific file with this tool so will use AVG

Author

Commented:
If it's fine though, how do I get rid of this file?  I can neither left or right click on it nor find reference to it in the registry
rid

Commented:
Try it in safe mode...

Also, of course, check any autostarting processes/programs (msconfig or check the registry or the services applet in control panel>??? ; I don't have an english windows here to check the proper applet, sorry).
/RID
Do you know anyone named Davide Ramo?  There are several of them
http://www.zabasearch.com/query1_zaba.php?sname=David%20Ramo&state=ALL&ref=%24ref&se=%24se&doby=&city=&name_style=1

Can you ping 10.0.1.158?

Without looking in detail, I would guess someone joined a rouge laptop to your network.  Can you log into and look at your wireless router to see logs etc?  I usually lock down wireless routers by MAC address, so only authorized NICs can use the connection.

Author

Commented:
How can somebody do that.  I have the SSID hidden and the higher security level on my network?

Where can I check on my BT Voyager to find a log.

Do you think they were just stealing bandwidth?

Author

Commented:
And no..I don't know anyone calld that for sure.
What you can do is do a lookup on the ip address/service provider and then do a people search on his name in that city until you think you have pretty much narrowed it down and then go knock on his door and ask him what the hell he wants.

Author

Commented:
Well whilst not connected to the net, I was able to right click and delete the file.  Don;t know is that achieves anything but it's gone.  Seems there was nothing really suggested that did much good though I'm still interested if I can see what happened if expexchuser can continue that thread
apostle, the IP is most likely a nat ip address and even if it were real, at best you would probably only get the contact information to an ISP and go knock on their door.  And without a subpeona they'll just laugh at you.

Alex, if it's just your home network don't sweat it.  Just monitor to see if it appears again.  If it was a rogue, they were probably just trying to get at your bandwidth.  Post again if you see it again and reference a link back to this question.  It's hard to garner much info w/o the connection being live.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
First of all, 10.x.x.x are non-routable addresses reserved for private LAN use.

http://en.wikipedia.org/wiki/Private_network

You will not be able ping this 10.x.x.x address anywhere outside of your own local network.

What address space is your home network set up in? Typical home use is 192.168.x.x but some routers do allow 10.x.x.x addressing. Typically the 10.x.x.x addressing is used in larger companies or maybe even a hotspot location.  Has the laptop in question ever been in another location?  Windows wireless can connect to hotspots automatically. Or if you plugged into a network somewhere else with the 10.x.x.x the tmp link could just be a remnant of a connection done outside of your home network.

Plain and simple, if your home network is not set up in the 10.0.1.x address space it is highly unlikely that this tmp link was a result of someone connecting to your network at home.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.