1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Being attacked from my own network?

Discussion in 'General Security' started by Nihility, Jul 30, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Nihility

    Nihility Thread Starter

    Joined:
    Feb 17, 2010
    Messages:
    6
    I've recently suspected that a roommate of mine has been spying on my activity / or on my computer.
    I recently bought a VPN to encrypt the data being sent, and checked out Wireshark to make sure it was indeed encrypted.
    Everything seems great with that, and then I saw this:

    Link to Capture SS: http://i46.tinypic.com/1yon6u.jpg

    His network IP is 192.168.0.71, mine is 192.168.1.80
    I've been trying to do all of the research that I can, but I'm not 100% clear what he's actually trying to accomplish with this.
    I've seen it a few times in the past hour.

    What is the path \IPC$, and srvsvc?
    What is the SMBServer he's accessing?
    What are these netbios-ssn packets?

    I also see 192.168.1.80 to 224.0.0.22 "membership report / Join Group 239.255.255.250" on occasion. Not sure if that is normal.

    I just want help identifying what this group of packets is trying to accomplish.
    Also, what else I can do to completely block any unwanted connection attemps from inside my network, ontop of my VPN.

    Thank you.
     
  2. aks56h

    aks56h

    Joined:
    Jul 30, 2012
    Messages:
    31
    he is trying to hack into your computer! Trying installing zone alarm firewall
     
  3. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    6,224
    What version of Windows are you using? If you're on Vista or Windows 7, go to Network > Properties and set your Network to Public instead of Home or Work.

    To get rid of IPC$, go to Services.msc and disable the Server service.

    The SMB server is your File and Printer Sharing. Go to Network and Sharing Center > Local Area Connection > Properties and uncheck File and Printer Sharing For MS Networks.

    All of the above assumes that you are not sharing any folders or printers for other to use. If you are sharing a printer, consider buying a wireless laser printer, mine only cost $75.
     
  4. Nihility

    Nihility Thread Starter

    Joined:
    Feb 17, 2010
    Messages:
    6
    I'm currently using XP.
    Since posting I got Zone Alarm firewall, and those packets have been denied completely.
    I'm seeing different packets from his IP to mine now, relating to __MSBROWSE__.
    I'm also getting a "multiple names on the network" error, even after changing my computer's name and restarting.

    I read that there is a vulnerability with WINS and multiple names allowing for remote access.
    I have no idea if he is connecting or not, and I'm unsure what to do about this.

    I've taken the steps suggested so far, thank you both.
     
  5. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    6,224
    Can you provide a link to that article ? Lets see if it affects you or not.
     
  6. Nihility

    Nihility Thread Starter

    Joined:
    Feb 17, 2010
    Messages:
    6
    I re-read and I dont think it affects XP. Either way I've uninstalled the netbios and blocked all related ports with outpost. I think I'm fine for now.
     
  7. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    6,224
    Glad you solved the problem. If you need more XP security guidelines, have a look through my blog project on securing XP at the link below.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1063119