Robert Hurlbut Blog

Thoughts on Software Security, Software Architecture, Software Development, and Agility

Have you been hacked?

Tuesday, July 20, 2004 Comments

 .NET  Security 
Share:   Share on LinkedIn    Share on Twitter    Share on Facebook   

Have you or a friend of yours been hacked?  I am referring to the way an attacker can exploit your computer through a missing patch, or an open port that needs to be closed, and essentially now “owns” the machine.

Dana Epp has posted a link to an introductory article that tries to answer the question “How do I go about seeing if I have been hacked?”:

The guys over at Bleeping Computer have written a tutorial that will show you how to determine if your Windows NT, XP, or 2000 box is hacked and how you can go about cleaning up the files they may have left behind.

The tutorial shows you how to detect most hacks, but there are other methods that will be much harder to detect and will require a greater degree of knowledge in detecting them. The author believes that most of the hacks that are done in mass, especially by the script kiddies, will be detectable through these methods.

Dana lists the tools mentioned in the article for performing a simple forensic analysis on your Windows system:

  • Fport - Lists all open ports (Think nstat like)
  • TCPView - Similar to Fport, but graphical, and shows more info such as CLOSED connections (very important post analysis)
  • Process Explorer - A great tool from Sysinternals which shows parent/child relationships with processes
  • PSTools - A set of cmd line tools used to open and kill processes, control servives, change passwords etc
  • Filealyzer - Windows explorer shell extension to your right click on a file

This is great for your friends and family members who may be wondering and asking you this question.

Share:   Share on LinkedIn    Share on Twitter    Share on Facebook