Which IPS should be there?

Posted on 2016-10-17
Last Modified: 2016-11-18
I'm trying to track down a hacker that has accessed my network & devices and been harassing me. But to be honest i have no idea what I'm doing when it comes to reading the logs I've been collecting. On my laptop I've been using WireShark to track network connections and various apps to track them on my android. So my question is, how do I know what IP Addresses are suppose to be there and which may be an intruders?
Also what piece of info (local/foreign/remote IP, MAC, hostname, DNS)is the one that will provide me with the most information if researched properly? & where is the best place with the tools to research said information?
Question by:Fulgencio Eres
  • 3
  • 3

Author Comment

by:Fulgencio Eres
ID: 41847842
--- Oct 18, 2016 12:49:02 AM
--- IP (wlan0) 2601:646:8401:8da5:4094:c8c8:a7a3:d673%6
--- IP (wlan0) fe80::ae5f:3eff:fe94:c5de%wlan0
--- IP (wlan0) 2601:646:8401:8da5:ae5f:3eff:fe94:c5de%6
--- IP (wlan0)
--- IP (dummy0) fe80::60c8:29ff:fed3:28d6%dummy0
--- IP (rmnet_data1) fe80::3b78:5417:a71f:44fb%rmnet_data1
--- IP (rmnet_data1) 2607:fb90:a4ed:e36e:0:14:9c44:8401%8
--- Connection: WIFI

Dig for

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2920
;; flags: qr rd ra ad ; qd: 1 an: 0 au: 4 ad: 1
;;, type = A, class = IN


.                  10800      IN      SOA 2016101800 1800 900 604800 86400
.                  10800      IN      RRSIG      SOA 8 0 86400 20161031050000 20161018040000 39291 . dsUOdeHZ+npC/8RradQc4xReQRU+yieFnrkYTugUQ28BMwuyZgXmmGSoLQm7DUs9SjZY7IfRe4mUkzckA8JBYqjuLzmP0oYOAu3wMsIBE1i/GFc+9Q6LaDmfau8TCorD71AMvgH/7lLWSwNTds6f353GPZh2ADDGMxH+ErXu0F8zQcn+JWwAXizMzcZlLzSkR7c7w+G8flMkm5b9zG80JwVYKb1lcIJffS3zTFrXdWJDHiFux6d0+N6zHVVPbI3UiodMm03Rl61ma2sRqxRHQrqGZfh6lXyWlbFRUsGIE0aSRz0sRwq5vQIAaBfT5WyGxPj5cPawtwg9QQveb5bDig==
.                  10800      IN      NSEC      aaa. NS SOA RRSIG NSEC DNSKEY
.                  10800      IN      RRSIG      NSEC 8 0 86400 20161031050000 20161018040000 39291 . JlntYvem2HL3mJd2lDrgIBdDgSZL9ypJ9UM5cwKx2IQzHBU6A2216Jg6cDXjtkU1J/SHJbdLbFWbd/1Mj0bQWQe+VFOrnyB+RZ0K/y3lxbmJ8KRpMl90HEwM5/3oUbEWHpGMf96oVRyZlvflI8kljlGALaAK0sBjhYGp7asjUkCYIvn8guAXctO2GdhFP6j3spDTPdsdw8VMXt5ssXwjheLby7H3zPCPUTX867eln1PIu1eQVSgg26RLd00QUJMSiUR5R7ULPv7ohpwjetuS0gipY5Hk+UB3LKmJS1yeI8to5cSWeCm9a7fy+a6OwFzup4gMWbMJlTD0JmerW3OEyQ==

.                  32768      CLASS512      OPT       ; payload 512, xrcode 0, version 0, flags 32768

;; Message size: 714 bytes

Query time: 240 ms

DNS server: 2001:558:feed::1, port 53, UDP
LVL 25

Accepted Solution

masnrock earned 500 total points (awarded by participants)
ID: 41855357
IP helps, but remember there are also lots of botnets and a number of hackers are also smart enough to cover their tracks.

You also should be run a vulnerability scan of the entire network, because you may need a number of patches on your systems.

And I also highly recommend you check for all of open ports and ways to connect to any systems on your network remotely.

Author Comment

by:Fulgencio Eres
ID: 41865588
How do I do that?
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

LVL 25

Assisted Solution

masnrock earned 500 total points (awarded by participants)
ID: 41865680
The vulnerability scans, you need a tool like Nessus or Retina.

The open ports, you could use tools like Nmap. Also you could check all of your firewall rules.

Author Comment

by:Fulgencio Eres
ID: 41865912
can anyone see anything suspect here?

Report: NetStat
Generated on 10/29/2016 at 11:19:08 PM by Essential NetTools.
Process      Proto      Loc. IP      Loc. Port      Rem. IP      Rem. Port      State      Hostname      PID
System      TCP      wsd      N/A      N/A      LISTEN             4
System      TCP      microsoft-ds      N/A      N/A      LISTEN             4
System      TCP      8092      N/A      N/A      LISTEN             4
svchost.exe      TCP      epmap      N/A      N/A      LISTEN             260
lsass.exe      TCP      49664      N/A      N/A      LISTEN             736
explorer.exe      TCP      49688      N/A      N/A      LISTEN             872
lsass.exe      TCP      49665      N/A      N/A      LISTEN             892
svchost.exe      UDP      isakmp      N/A      N/A      LISTEN             1032
svchost.exe      UDP      ipsec-msft      N/A      N/A      LISTEN             1032
svchost.exe      TCP      49667      N/A      N/A      LISTEN             1032
mDNSResponder.exe      UDP      59692      N/A      N/A      LISTEN             1248
svchost.exe      TCP      49666      N/A      N/A      LISTEN             1264
svchost.exe      UDP      5050      N/A      N/A      LISTEN             1436
svchost.exe      UDP      56811      N/A      N/A      LISTEN             1436
svchost.exe      UDP      5353      N/A      N/A      LISTEN             1716
svchost.exe      UDP      llmnr      N/A      N/A      LISTEN             1716
McSvHost.exe      UDP      6646      N/A      N/A      LISTEN             2268
McSvHost.exe      TCP      6646      N/A      N/A      LISTEN             2268
svchost.exe      UDP      59688      N/A      N/A      LISTEN             2376
svchost.exe      UDP      ws-discovery      N/A      N/A      LISTEN             2376
spoolsv.exe      TCP      49672      N/A      N/A      LISTEN             2864
svchost.exe      TCP      49674      N/A      N/A      LISTEN             3020
sqlservr.exe      TCP      50717      N/A      N/A      LISTEN             3648
dasHost.exe      UDP      56813      N/A      N/A      LISTEN             4900
Degoo.exe      TCP      53821      N/A      N/A      LISTEN             5144
GamesAppIntegrationService.exe      TCP      65530      N/A      N/A      LISTEN             7392
GamesAppIntegrationService.exe      UDP      57421      N/A      N/A      LISTEN             7392
sqlbrowser.exe      UDP      ms-sql-m      N/A      N/A      LISTEN             9880
mDNSResponder.exe      TCP      5354      N/A      N/A      LISTEN             1248
svchost.exe      UDP      ssdp      N/A      N/A      LISTEN             2376
svchost.exe      UDP      58975      N/A      N/A      LISTEN             2376
ManyCamService.exe      TCP      1234      N/A      N/A      LISTEN             3096
GamesAppIntegrationService.exe      UDP      57420      N/A      N/A      LISTEN             7392
System      TCP      netbios-ssn      N/A      N/A      LISTEN             4
System      UDP      netbios-dgm      N/A      N/A      LISTEN             4
System      UDP      netbios-ns      N/A      N/A      LISTEN             4
mDNSResponder.exe      UDP      5353      N/A      N/A      LISTEN             1248
svchost.exe      UDP      ssdp      N/A      N/A      LISTEN             2376
svchost.exe      UDP      58974      N/A      N/A      LISTEN             2376
OneDrive.exe      TCP      50824      http      ESTABLISHED             5184
Degoo.exe      TCP      50517      https      CLOSE_WAIT             5144
sqlceip.exe      TCP      50795      https      TIME_WAIT             2440
vsmon.exe      TCP      50803      http      TIME_WAIT      1056
explorer.exe      TCP      49771      https      ESTABLISHED      5840
Degoo.exe      TCP      50308      https      CLOSE_WAIT      5144
Degoo.exe      TCP      50520      https      CLOSE_WAIT      5144
Degoo.exe      TCP      50305      https      CLOSE_WAIT      5144
Degoo.exe      TCP      50313      50312      ESTABLISHED      Fulgencio      5144
Degoo.exe      TCP      50311      50310      ESTABLISHED      Fulgencio      5144
Degoo.exe      TCP      50310      50311      ESTABLISHED      Fulgencio      5144
Degoo.exe      TCP      50312      50313      ESTABLISHED      Fulgencio      5144
ProductAgentService.exe      TCP      50434      50433      ESTABLISHED      Fulgencio      9776
ProductAgentService.exe      TCP      50436      50437      ESTABLISHED      Fulgencio      9776
ProductAgentService.exe      TCP      50437      50436      ESTABLISHED      Fulgencio      9776
ProductAgentService.exe      TCP      50433      50434      ESTABLISHED      Fulgencio      9776
OneDrive.exe      TCP      49861      https      ESTABLISHED      5184
ProductAgentService.exe      TCP      50446      http      ESTABLISHED      9776
Ent.exe      TCP      50811      http      CLOSE_WAIT      2688
LVL 25

Expert Comment

ID: 41892660
Best answers given available info

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

So you think no one can listen in on your VOIP conversations, eh? Well... if you haven't setup Secure Real Time Transport (SRTP), your voice communications can be hacked into by just about anyone! First, let's talk about the intended audience for…
I recently purchased a Bluetooth headset called the Music Jogger (model BSH10). The control buttons on it look like this: One of my goals is to use it as the microphone and speakers for Skype calls. In that respect, it works well. However, I …
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question