Okay....first of all, you don't need to be running a web server to provide access to your file system. All someone needs to do is run a port scan to find that you are doing NetBIOS file sharing on an interface with a legal IP address. Then it is just a matter of adding your IP address and machine name to the LMHOSTS file on their PC and using "net use G: \\machinename\sharename" to map a drive directly to your file system. You need to think about using a firewall device or proxy server between your PCs and the DSL modem that does NAT (address translation) to prevent the IP address of your PC from being seen by the outside world. Netwatch, BlackIce and the likes are nice for reporting attacks, but it is often too late at that point. With read/write access to your shares, someone could have easily wiped out every file on your PC. Consider yourself lucky! Next, Findfast is an indexing utility used by MS Office. It is installed by default runs at scheduled intervals to take inventory of your drives. The FFASTUN.* you referred to is normal. I usually take findfast out of the startup folder whenever I install Office, because it slows your PC down considerably every time it runs. Last but not least, you think about using a more robust OS besides Windows 98 if you plan to share files. Windows NT Workstation, Windows 2000, OS/2 Warp, Linux, etc. all allow you to set user-based security on your file system. Windows 95 and 98 only give you the option of read-only or read/write and anyone can access them. Just my $.02 worth, Mike ____________________________________ | Michael J. Ballard | | Master CNE, MCSE, CCNA, ACP | | Enterprise Network Engineer | | Inacom Information Systems | | mballard@inacom-ar.com | |____________________________________| -----Original Message----- From: owner-firewall-wizardsat_private [mailto:owner-firewall-wizardsat_private]On Behalf Of Richard Toscano Sent: Sunday, January 02, 2000 3:03 PM To: firewall-wizardsat_private Subject: Re: Help, some one's hacked into my home computer Actually, someone did hack my system, and used FINDFAST to scan for files. They had open a .MPG movie I had made from my digital camera. Here's my setup: Win98SE with internet sharing enabled. I have a local net and am trying to share the DSL connection amongst my various machines. The DSL modem has a fixed IP and is always connected. The intruder came in to the host machine and ran FINDFAST and was accessing the MPG. I caught all this a day later. I guess their connection got hung. I used NETWATCH to discover the connection, and what files they were looking at. Seeing this, I looked over my system and found FFASTUN.* in both root directories of my C and D drive. All files had the same time/date stamp when the intrusion occured. This matched the connection time reported by NETWATCH. So, Windows 98 SE with internet sharing is allowing people to hack into systems from the outside. I don't have a web server running, so I'm not sure what services they were using to access my file system. I did have the C and D drives setup with full read/write shares! Ack, not again! ...Doug
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:56:26 PDT