Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

General Security General Security
Search Search
Search for:
Tech Support Guy > > >

Being attacked from my own network?


(!)

Nihility's Avatar
Nihility Nihility is offline
Member with 6 posts.
THREAD STARTER
 
Join Date: Feb 2010
30-Jul-2012, 01:33 AM #1
Angry Being attacked from my own network?
I've recently suspected that a roommate of mine has been spying on my activity / or on my computer.
I recently bought a VPN to encrypt the data being sent, and checked out Wireshark to make sure it was indeed encrypted.
Everything seems great with that, and then I saw this:

Link to Capture SS: http://i46.tinypic.com/1yon6u.jpg

His network IP is 192.168.0.71, mine is 192.168.1.80
I've been trying to do all of the research that I can, but I'm not 100% clear what he's actually trying to accomplish with this.
I've seen it a few times in the past hour.

What is the path \IPC$, and srvsvc?
What is the SMBServer he's accessing?
What are these netbios-ssn packets?

I also see 192.168.1.80 to 224.0.0.22 "membership report / Join Group 239.255.255.250" on occasion. Not sure if that is normal.

I just want help identifying what this group of packets is trying to accomplish.
Also, what else I can do to completely block any unwanted connection attemps from inside my network, ontop of my VPN.

Thank you.
aks56h's Avatar
aks56h   (krishna) aks56h is offline
Computer Specs
Member with 31 posts.
 
Join Date: Jul 2012
Location: india
Experience: Advanced
30-Jul-2012, 01:53 AM #2
he is trying to hack into your computer! Trying installing zone alarm firewall
lunarlander's Avatar
Computer Specs
Member with 5,627 posts.
 
Join Date: Sep 2007
30-Jul-2012, 08:08 PM #3
What version of Windows are you using? If you're on Vista or Windows 7, go to Network > Properties and set your Network to Public instead of Home or Work.

To get rid of IPC$, go to Services.msc and disable the Server service.

The SMB server is your File and Printer Sharing. Go to Network and Sharing Center > Local Area Connection > Properties and uncheck File and Printer Sharing For MS Networks.

All of the above assumes that you are not sharing any folders or printers for other to use. If you are sharing a printer, consider buying a wireless laser printer, mine only cost $75.

Last edited by lunarlander; 30-Jul-2012 at 08:16 PM..
Nihility's Avatar
Nihility Nihility is offline
Member with 6 posts.
THREAD STARTER
 
Join Date: Feb 2010
30-Jul-2012, 08:19 PM #4
I'm currently using XP.
Since posting I got Zone Alarm firewall, and those packets have been denied completely.
I'm seeing different packets from his IP to mine now, relating to __MSBROWSE__.
I'm also getting a "multiple names on the network" error, even after changing my computer's name and restarting.

I read that there is a vulnerability with WINS and multiple names allowing for remote access.
I have no idea if he is connecting or not, and I'm unsure what to do about this.

I've taken the steps suggested so far, thank you both.
lunarlander's Avatar
Computer Specs
Member with 5,627 posts.
 
Join Date: Sep 2007
31-Jul-2012, 05:45 PM #5
Quote:
I read that there is a vulnerability with WINS and multiple names allowing for remote access.
Can you provide a link to that article ? Lets see if it affects you or not.
Nihility's Avatar
Nihility Nihility is offline
Member with 6 posts.
THREAD STARTER
 
Join Date: Feb 2010
01-Aug-2012, 05:41 AM #6
I re-read and I dont think it affects XP. Either way I've uninstalled the netbios and blocked all related ports with outpost. I think I'm fine for now.
lunarlander's Avatar
Computer Specs
Member with 5,627 posts.
 
Join Date: Sep 2007
01-Aug-2012, 08:47 PM #7
Glad you solved the problem. If you need more XP security guidelines, have a look through my blog project on securing XP at the link below.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
netbios, packet, security, smb, spy

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑