• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

!URGENT! help, security experts

C

CaesarX

Banned
Since i now know i'm being hacked, i have created a new thread, a followup to this one. I got ActivePorts as suggested, closed up a bunch of ports. DirectUpdate from DynDns.org was listening even though it was off. So was Serv-U. I was watching ActivePorts and new connections just started popping up. No path name, no process name, just port number and remote IP. Ports were (last two digits uncertain) 2620, 2621, etc. Six ended up popping up. Five had similar IPs, one of which was 205.188.10.28 - a tracert lead absolutely nowhere (no resolve on last two hops). The other four were very similar, i.e. 205.188.11.30. One was totally different, started with a 68 i think. I turned on Zone Alarm lock immediately, and they disappeared after turning it off. I don't know how to block those ports. The status on them was TIME_WAIT (or something similar) when active.


This is the second time today
There will not be a third

AnandTech Moderator
 
Process Name: lsass.exe or lsass
Description: Local Security Authority server process (cannot be modified in NT/2000/XP, owned by system)
Common Errors: N/A
System Process: Yes


The Lsass.exe process is responsible for management of local security authority domain authentication and Active Directory management. This process handles authentication for both the client and the server, and it also governs the Active Directory engine. The Lsass.exe process is responsible for the following components:
Local Security Authority
Net Logon service
Security Accounts Manager service
LSA Server service
Secure Sockets Layer (SSL)
Kerberos v5 authentication protocol
NTLM authentication protocol
 
Originally posted by: FoBoT
Process Name: lsass.exe or lsass
Description: Local Security Authority server process (cannot be modified in NT/2000/XP, owned by system)
Common Errors: N/A
System Process: Yes


The Lsass.exe process is responsible for management of local security authority domain authentication and Active Directory management. This process handles authentication for both the client and the server, and it also governs the Active Directory engine. The Lsass.exe process is responsible for the following components:
Local Security Authority
Net Logon service
Security Accounts Manager service
LSA Server service
Secure Sockets Layer (SSL)
Kerberos v5 authentication protocol
NTLM authentication protocol
Click to expand...
Thanks! Main post updated with new happenings
 
205.188.10.28 is an AOL user.

edit:
205.188.11.30 is an AOL user also.

You can not trace past the AOL data center in VA.
 
Great so five were AOL IPs. We'll never know what the other was because this piece of junk doesn't log events! So what do i do? How do i block those ports? Path was empty, process said "unknown." What the hell do i do?
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top