[SweetHeart161]

I was wondering if you could help me? I have a firewall (transparent) I continuously get invalid certificates ssl tlsv1 connections in wireshark and I portscan each device and I get unknown ports open high number ports and known ports open after I had closed them personally. Also I was wondering exactly what I should be looking for in wireshark to determine an absolute without a doubt that someone is listening in on my network? I have constent problems with malware and some pc issues as well.. slow connections and such..Also I want to set up a vpn in my fortigate and then set a profile to tunnel my web browsing and my gaming if possible?

Edited by SweetHeart161, 17 May 2012 - 03:44 AM.

[Advertisements]

Hi,
I think, that you should immediately have the malware removed (you can get help here: link), and after that close unnecessarily opened ports. You should also encypt your Wi-Fi with a strong password (WPA2), and a strong password for your router. Then, the possibility, that someone hacked into your network is very close to 0.

Maybe you should get an antivirus to help prevent infections ?


Cheers,
Sinus

Edited by Sinus, 17 May 2012 - 04:44 AM.

[Sinus]

Hi,
I think, that you should immediately have the malware removed (you can get help here: link), and after that close unnecessarily opened ports. You should also encypt your Wi-Fi with a strong password (WPA2), and a strong password for your router. Then, the possibility, that someone hacked into your network is very close to 0.

Maybe you should get an antivirus to help prevent infections ?


Cheers,
Sinus

Edited by Sinus, 17 May 2012 - 04:44 AM.

[rshaffer61]

I am referring to your topic in the malware forum HERE.
It shows you low level formatted and had your system gone through by one of our malware techs. You also did a bios update which would help.
Unless you have reinfected yourself I don't think your issue is malware.
The fact your temps are high on the cpu itself is a problem. Also the date and time in not only the OS but your BIOS can affect certificates being validated.
Have you done a hard reset on your modem and or router?

What you need to do is what is referred to as "power cycling" your modem. To do this, do the following:

• Turn off all computers connected to the router.
• Unplug the power cords from the back of the modem and from the back of the router.
• Wait at least five minutes.
• Plug the power cord into the modem and wait at least one minute for it to initialize.
• Plug the power cord into the router and, again, wait at least one minute for it to initialize.
• Power on one computer and try to connect to the Internet with it.
• If the first computer can connect to the Internet, then you can start turning on the other computers, one by one, and checking their Internet connections.

[SweetHeart161]

Well, I was cleared of infection and I am on a lan line not wifi... Well the thing is everytime I go offline and go online at a later time I have to reset my modem everytime. Well I would like to see for myself, so can anyone tell me how to detect a hacker using wireshark or anyother better program? I have the modem bridged... so there should be ne reason to even touch it even further.. I also tested this on my other modem and it's the same deal.. and also I am running linux not windows.

Edited by SweetHeart161, 17 May 2012 - 04:01 PM.

[rshaffer61]

Well, I was cleared of infection and I am on a lan line not wifi.

This has no bearing on the issue except that wifi is easier to hack then a hardwired system.
You may have some doinked host files or dns issue. Have you contacted the malware tech who helped you and asked that he rescan your system to make sure?

[SweetHeart161]

I am on linux not windows as of the moment.. host files in linux don't change unless someone changes them... and dns should not be getting resolved through my bridged modem.. and the problem is fixed if i reset my bridged modem..so my guess is someone hacks into my briged modem activates my dns in bridge modem than switches it back.. I have mainly Wireshark questions.. and fixing these unknown ports and open port issues...

[rshaffer61]

OK let me try to find one of the techs who know networking better then I do.

[Artellos]

Can you perhaps link us to your malware topic?

Now, onto the actual issue(s);

• Closing ports on a device should be done using a firewall. On Linux you can use the iptables command to set rules on the firewall.
• I very highly doubt someone "hacking into" your bridged modem from the outside. If you don't allow remote management, they won't be able to do anything with it unless they already have access to a device on your network.

Reading through the posts it's quite hard to find out what exactly you're trying to accomplish. Could you perhaps sum up the issues you're trying to correct?

Regards,
Olrik

[Macboatmaster]

Artellos
http://www.geekstogo...rm/page__st__75

[SweetHeart161]

Well I have a router without wifi that I have a fortigate firewall and I have portscanned each device and I get ftp smtp etc also other high numbered ports that say unknown are listed as open like 4444 port which isn't even listed in the router but have blocked.. I have been running live sessions of linux to try and diagnose the ports and running wireshark.. Wireshark gives me multiple errors on tlsv1 ssl connections workgroup/workstation connections..firefox gives me ssl certificates on facebook and other forms behind my firewall..all on linux.. I would like to know what to look for in wireshark to detect hacking traffic and malicious traffic.. and the ports have changed and appeared out of nowhere.. like for instants one day I have 2 unknown ports open .. than the next day I have 3 unknown high level ports from which I understand the higher the port the more personable the port.All ports have been blocked or so I thought.. I have multiple psuedo interfaces.. which I didn't install and also usb devices which I don't have in wireshark..? But I would like to take this opportunity with the knowledge of these problems to fix them before trying my windows machine.. and how could there be unknown open ports on a device? Can you add ports to a device without seeing them in the device interface?
Remote management is turned off in the brideged modem and the router.. The firewall is in transparent mode and all security measures have been taken as far as configuration to blocking ports except setting up my own vpn..

[SweetHeart161]

So does anyone wanna help or is this site being redirected to a hackers site? Cause it shows 2 identical posts if this questions..

[Artellos]

Hello there,

Sorry if this sounds a bit rude, but it looks like you're a little paranoid..
As far as I can see you are not being redirected to a hackers site. But it does take more than 3 hours for someone to respond to your topic as there are multiple time zones in this world and on top of that, we also have our own social lives.

Let me ask you this; Do you know exactly what you see when you are using Wireshark? Because Wireshark isn't really a tool that you should be looking at if you have no basic understanding of what is happening on a PC all the time. Wireshark is not a tool that the average person uses, as the output can be confusing and misleading.

usb devices which I don't have in wireshark..?

If you mean that wireshark won't capture traffic from a USB port, then you're correct. Because it will only capture traffic on network interfaces.

and how could there be unknown open ports on a device?

Define "unknown"? Can you give me an example?

Can you add ports to a device without seeing them in the device interface?

I'm not sure what you mean here??? Can you tell me exactly what you are trying to do?

Regards,
Olrik

[SweetHeart161]

Well it apperears that I have multiple devices on linux but it also appears that I am getting all of my internet connection through workgroup.. That is why I was asking for info on what I should be looking for in wireshark.. What I meant by adding extra ports is lets say who ever is hacking my pc was to want to get past my firewalls all together.. could they create new ports to bypass it? The ports say unknown as the service..

Edited by SweetHeart161, 18 May 2012 - 01:16 AM.

[Artellos]

Hello there,

Wireshark is not a tool you just learn in a day. It is used by specialists who already know a lot about network protocols and processes.

Quoting the Wireshark manual;¨

Here are some examples people use Wireshark for:

network administrators use it to troubleshoot network problems

network security engineers use it to examine security problems

developers use it to debug protocol implementations

And on the question if hackers can "create" new ports, then the answer is no.

If you look at the process in which one PC communicates with the other, ports are simply used for the PC to determine what application it should be sending the data to. Now, because we live in a world where network communication is the most common thing of the day we need a way to prevent applications from using the same port numbers. That´s where the IANA (Internet Assigned Numbers Authority) has set a few ranges of ports; System
Ports (0-1023), User Ports (1024-49151), and the Dynamic and/or Private Ports (49152-65535). Since a lot of the ports between 1024 and 65535 are used by different programs, firewalls mark these ports as "unknown".

I hope to have answered a few of your questions.

Regards,
Olrik

[SweetHeart161]

Well it happened again lastnight my laptops connection was hijacked through workgroup/domain and this morning my modem and router have no connection again..