Freeper Tech Help Needed -- Have I Been HACKED?

[Maceman]

My Black Ice 3.5 just gave me a "data changed" red alert. What should I do about this? Can anyone explain this situation and appropriate action to me in language I can understand?

Here is what the Black Ice Advice Screen says:

Summary
An overlap in new TCP data with queued data has been observed, and the overlapping data has changed between the two packets.

Details
This technique is used by advanced hackers to hijack connections. They utilize IP spoofing and sequence number guessing to intercept a user's connection and inject their own data into the connection. If successful, the hacker can gain control of a system.

False Positives
This is may be a false positive. The intrusion is triggered if the TCP data has changed within two frames. In theory, this should never happen. However, some recent TCP implementations (Win 2000 and some Unix implementations) send "status" information after a RESET within the data part of the frame. This condition, which results in a false detection, has been addresed in the 3.0 release of BlackICE.

Your help will be GREATLY appreciated.

[balrog666]

What were you downloading/doing at the time?

If downloading a file, dump it, whatever it was.

[sourcery]

What version of Windows are you using? What type of internet connection do you have? Do you have a local area network, and do you intentionally offer any services over it? Are you publishing a web site from your system?

Try testing your IP connection security using the facilities at Gibson Research and DSL Reports

[Maceman]

What version of Windows are you using? What type of internet connection do you have? Do you have a local area network, and do you intentionally offer any services over it? Are you publishing a web site from your system? Try testing your IP connection security using the facilities at Gibson Research and DSL Reports

I am using Windows XP, with a broadband cable connection from RCN. I don't have a LAN. Just a stand-alone system with a single direct internet connection.

[Maceman]

I am not publishing a website from my system, and don't offer any services over the Internet. I only do surfing (including lots of Freeping) and e-mail.

[Billthedrill]

You might think of obtaining a hardware firewall that sits between the cable-modem and your confuser. I have one that does address translation, which obviates anyone's attempt to get to your machine directly through the IP addy...LinkSys makes one, so does Belden. It acts as a switch, too, so's I can share the connection - instead of only one machine froze up I now can have two...

[dyed_in_the_wool]

Windows XP

Found your problem right here.
Seriously, though. Make sure you have all of the updates available at Windows Updates.
Then you'll want to make sure that you have the inherent firewall enabled on your machine (XP ships with it). Go to Help if you have questions about it.
Check out the other info posted, since it looks VERY helpful.
Chances are you haven't really been hacked, although someone might have attempted it. And the correct phrase is 'cracked' not hacked.
And to get your computer lingo straight, check out the Jargon File.
Good luck.

[dyed_in_the_wool]

and don't offer any services over the Internet

Realize 'services' means Computer-based programs that 'do things' (i.e. serve web pages, send email)
You shouldn't have to worry, but sometimes, if you set up 'Personal Web Server' for example, you have a 'web service' running on your machine.
Simplistic answer, but it will suffice for now.

[mykej]

" Seriously, though. Make sure you have all of the updates available at Windows Updates. "

Of course that's a problem in itself. Yes, you have to have all of the updates to get anywhere close to security on any system, especially a MS system. However, the End User License Agreement that you have to agree to says Microsoft can go on to your computer any destroy any programs or data they don't like. Will they? Probably not. I just don't like signing my rights over to Microsoft.

[sourcery]

I advise following these recommendations from Gibson Research:

• What can you do to protect yourself?
• Network Bondage