[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 962
  • Last Modified:

Is this someone is hacking my computer?

Could someone please tell me what this message means (see attached picture). It appeared when i started Internet Explorer i think or maybe when i started my PC but once i clicked "done" it dissapeared and i have not seen it since.

My ISP is AT&T Uverse and I think the message must have come from the hardware i have installed in my apartment. I only have one PC in the apartment and that is mine and it is connected wirelessly to the AT&T router.

Is there a log somewhere that could tell me who would connect to my PC? or is there anyway I can trap someone who tried to connect? All help appreciated.

Strangest thing happened within a few hours of this occurring. I went to switch on my PC and nothing happened. The power supply is OK but the PC will just not switch on anymore. Could be a faulty switch i know but, i was wondering if it is possible for someone to kill your PC like that remotely?"

Image1.jpg
0
aphuk
Asked:
aphuk
  • 16
  • 10
1 Solution
 
Hugh FraserConsultantCommented:
It appears the AT&T router is detecting routing protocols on your side, which indicates you already have a router on your home network. Is this the case?
0
 
aphukAuthor Commented:
I have a router as part of my home network. It was installed by the service provider AT&T.

Please explain what you  mean when you say "Detecting routing protocols on your side"
0
 
Hugh FraserConsultantCommented:
Routers connect physical segments of a network, and pass routing topology information (using OSPF, ROP, BGP, etc.) between themselves so that they know how to get a packet of data from a host on one network segment o a host on another.

The AT&T router has received some of these routing packets from the router at address 99.138.41.121 which has been resolved to the name WM_Kenia_Bake17 by your DNS. It's suggesting that you reboot it (presumably to allow it to request a new address).

So this itself isn't a bad sign. If the DNS name bothers you, that's just a DNS issue.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
aphukAuthor Commented:
hfraser,
If I understand you correctly someone at 99.138.41.121 tried to connect to my apartment router and if i had rebooted my router they would have been able to use my router to connect to my PC? If so, can this type of thing be logged osmewhere so that i can view it?
0
 
Hugh FraserConsultantCommented:
Do you have a second router (one in addition to the one AT&T installed for connectivity to their service) in your home? THe message you;re seeing indicates that AT&T's router sees another machine at the address shown doing routing.
0
 
aphukAuthor Commented:
I only have a single router at my apartment and it was installed by my ISP who are AT&T.

What I suspect is someone is trying to connect to my PC remotely.  

If this is the case, what can I do to intercept this? Is there a log on my PC that would show if someone has connected to my PC without my knowledge?

Is this really an attempt by someone to connect to my apartment PC remotely?

Obviously I am very concerned as there is confidential data on my PC that I would not want anyone to have access to.
0
 
Hugh FraserConsultantCommented:
I'm guessing this is a wireless router. Makie sure you've enabled WPA2 for authentication. That will prevent anyone else's computer frm associating with your access point.
0
 
aphukAuthor Commented:
I already have authentication and MAC filter set for my wireless router so it is secure.

What I am really wanting to know here is was this an attempt by someone to connect remotely over the Internet to my PC rather than just trying to log on to my wireless router?

If this is the case, what can I do to intercept this? Is there a log on my PC that would show if someone has connected (or tried ) to my PC without my knowledge?

Will the router have a log showing if someone has tried to connect to it using WiFI. Is there a Firewall log showing connections made to my PC from a remote location?
0
 
Hugh FraserConsultantCommented:
Most consumer routers I've used provide basic firewalling capabilities, with inbound access blocked by default. This should prevent anyone on the Internet from connecting through the router. To make sure the access is blocked, you can check the configuration, or have someone run a tool like nmap against it from the Internet. Combine that with WPA2 authentication (the MAC filters are no more than an inconvenience for a hacker) and you have a pretty secure setup. Be sure to pick a passphrase that's not easily guessed (brute force cracking).

If you used WEP before, make sure it's a different password since it may have been compromised.

Do you do any peer-to-peer wireless at home? If so, switch to routing the traffic through your router.

If you have access to the router, you may be able to turn on logging. At the very least you should be able to see the clients connected to it at any time. If someone unknown is connected, your passphrase has been compromised.

My concern is that the router seems to be saying that it's seen another router behind the router. The routing protocols I talked about won't make it past AT&T's routers, which seems to imply there's another router on your side of the AT&T router. So let's check that web page that's popping up to make sure it isn't some kind of phishing. If you see it again, have a look at he web page details to see where it cam from.
0
 
aphukAuthor Commented:
Wow, always thought MAC filter was impenetrable. Thanks for the info.
Will change the security settings asap.
When you say "on my side" of the router, do you mean that there could be a router in my apartment connecting to my LAN (wireless or not)
By P2P do you mean two PC's within my apartment (behind my router)
How do I look at the Web page details? Is there a wiki somewhere i could look at
I do have access to my AT&T router and know how to log on to it so I will try and see what logging functions are available
Thanks for your patience, as you probably guessed, I am not too clued up about security and this message poping up from someone I know who lives nowhere near me threw me. Is there a possibility that someone could park outside my apartment within WiFI range and therefore be trying to login? and if they were, is this the kind of message I would see?
0
 
Hugh FraserConsultantCommented:
MAC addresses are simple to forge. The card simply suggests to the OS what the MAC address should be to ensure there's no conflicts. But try starting up a VM machine... each machine can be given its own MAC address on the physical network.

The error message seems to indicate it;s seeing another router connected to your side of the AT&T router (your side), and it's indicating it has moved it to a DMZ vlan.  I don't have AT&T as an ISP, so I'm reading into what the message indicates.

I asked about wireless connectivity between machines in your house because you need to ensure that WPA2 is deployed throughout your network, and it's easiest to do if you enforce this as a policy through your wireless AP.

If your router is open or has been compromised (likely of you're using WEP, possible as of a few days ago with WPA), then anyone could sit within range (300 ft minus attenuation from walls, etc.) could connect to your AP and do anything, including set up a router.

The place to look at the source (through IE) would be when you saw that web page.

Your AP likely has a web interface, and its address is likely 192.168.1.1 if your PC's IP address is 192.168.nnn.nnn. That's the easiest way to check how it's configured.
0
 
aphukAuthor Commented:
Just a few clarifications u may b able to help me with
What is :
DMZ vlan?
AP?

When you say "they could setup a router" do you mean their own physical router or are you talking about a virtual router from their PC?

If the Web page message occurs again, can I save it and capture the information needed (as in File>Save) and be able to see what the intruder tried to do?

I am able to connect to my apartment router as i know the IP. If i go in and change the security from WPA to WPA2 does that mean no one can compomise my PC or logon to my WiFi router then?
0
 
Hugh FraserConsultantCommented:
Sorry. By DMZ vlan I meant the DMZPlus mode the message refers to. To allow inbound connections from the Internet, you typically open up a specific port to a specific internal host. The DMZPlus mode opens all ports, effectively exposing the internal host directly to the Internet. I called it a vlan because that's the terminology used to describe "paths" through the router connecting one port to another. I shouldn't have switched terms midstream.

AP is Access Point, or your wireless router. Making assumptions again. Sorry.

If you see the page again, check what the URL is. It would be interesting to know where it comes from.

If you enable WPA2, and you use an appropriately strong password, it will be not be possible (using today's technology anyway) for anyone else to connect to your wireless router.
0
 
aphukAuthor Commented:
I will try and summarise, yikes...
My router is in DMZPlus mode effectively opening my PC (internal host) to any connections from outside if they know the password to connect to my router.
Only topic i feel unsure of still is the implication that there was a another router on my side. I think here we were surmising that the AT&T message suggests that someone is connected to their router and this other 'someone' looks like another router.
0
 
Hugh FraserConsultantCommented:
That's correct. Check on your router... there should only be two connections. One will be to AT&T network, and the other should be your PC. You might want to do this check quick before switching to WPA2, because after that the connection will stop. I'd be curious who the other connection was, since if they've had access to your network, there's a chance your PC may have been compromised.
0
 
aphukAuthor Commented:
I have heard that it is possible to install something on your PC that allows a remote device to monitor your activity (keypress, internet activity etc) is there any way to check for this kind of application having been installed on my PC?
0
 
Hugh FraserConsultantCommented:
Malware's big business these days, and there's a lot of PCs that have been recruited to be part of botnets for hire. You don't want to be part of this.

The standard advice applies.

1. Make sure your OS is legit with the OS patches up-to-date.
2. Install any good AV package, and do daily signature updates. Do a full scan now.
3. Install a spyware package like Spybot, Adware,
4. Install Microsoft's rootkit detector.

To see if there's something actually happening, one additonal step.

5. Configure your firewall to block outbound traffic from unknown apps blocked.
0
 
aphukAuthor Commented:
1. Is OK
2. Have AVG free version (scans at 12:00  every day)
3. I have Windows defender installed
4. Will go look for this
5. Is the last part of this sentence valid "apps blocked" or should it just read "apps"
6. I logged on to my apartment router and have some interesting screenshots which I would like you to take a look at please? If you are OK with this then I will post them on my next reply.
7. I set the router for WPA2 but when I came to connect over WiFi I could not find WPA2 in my options for the connection
0
 
Hugh FraserConsultantCommented:
Apparently my thinking didn't translate too well to my fingers.

5. Configure your firewall to block (and alert) outbound traffic from apps it doesn't know, such as trojans, worms, viruses etc..

6. Sure. Post the screenshots. I will have a look.
7. Set the router for WPA2 and use WPA on your client.
0
 
aphukAuthor Commented:
5. Will do
7. Will do
6. Have posted those I think are most relevant. All taken from the router configuration

Image2.jpg
0
 
aphukAuthor Commented:
0
 
aphukAuthor Commented:
0
 
aphukAuthor Commented:
4
0
 
aphukAuthor Commented:
0
 
aphukAuthor Commented:
0
 
aphukAuthor Commented:
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 16
  • 10
Tackle projects and never again get stuck behind a technical roadblock.
Join Now