Got hacked,network is down

tjsniper

Hi,

About a month ago,The firewall on one of my terminals stopped working and looked as if it was uninstalled.I was not worried as I had a physical firewall

My connection is like this.All terminals are connecting to the internet through a corporate router with a firewall.

Last night the server was downloading a big file and was left on all night.I woke up today and saw that the firewall on the server was gone and the machine that got its firewall removed before was having networking problems.

I have reinstalled the firewall on the machine that got removed lst night and I have reinstalled the drivers on the one with the networking problems,But it says "A Network Cable is unplugged" when it is plugged in and works on any other computer

what is happening? I need help really fast!

matt-dublin

what make is the software firewall on the terminal?

tjsniper

ok let me sort out the confusion,

The terminal im trying to fix has no firewall running.
It will not detect any cat5 cable at all.
It just says "A network cable is unplugged" constantly
This computer was hacked recently
so whats can I do?

also when I try and disable it it says "one or more protocols are enabled that do not support plug n play".

That never used to come up.Do you think the hackers may have done something to the network connection and broke it?

I tried reinstalling drivers it didnt work what do i do?

tjsniper

I've just noticed that the guest accounts last login was the exact time the internet stopped working.

What do I do?
Do you think that I should reset IP and format all HDD's?
Or does anyone know how to fix this terminal?
I really need help here

irlrobins

If a Pc is ever hacked the first thing I'd do is to reformat and reinstall. Only sure why of making sure it's clean. I'd even be wary of restoring any backed up files without careful scanning of them.

matt-dublin

no i don't think so.

i would be more interested in finding out how they got past your hardware firewall in the first place.

disable the guest account as well and change the password on it.
This is how most computers are hacked.

Uninstall and re-install the network card drivers. Also check the simpler things like when you plug in the cat 5 cable to your network card do the leds on the card light up. If not its a problem with your cable or the pins on the card.

tjsniper

its all sorted now

how they got passed hardware firewall?
They get a trojan or backdoor on a Pc on the network.Lots of hackers will use this and will have access to your whole network.They just scan for PCs by pinging 192.168.1.1 - 192.168.1.254 nd figure out

zAbbo

Are you seriously in charge of a network ?

Alarm bells to your employers if you are.

Anti

irlrobins wrote:

If a Pc is ever hacked the first thing I'd do is to reformat and reinstall. Only sure why of making sure it's clean. I'd even be wary of restoring any backed up files without careful scanning of them.

Id have to go with this tbh, As if you were hacked younever know what the hacker has put on the machine, keyloggers ect ect.

Reformat to be safe.

KeRbDoG

zabbo wrote:

Are you seriously in charge of a network ?

Alarm bells to your employers if you are.

Second this.

tjsniper

actually its a home network but theres 12 pcs .I reformatted all of them anyways.

matt-dublin

kerbdog wrote:

Second this.

third

_CreeD_

3 posts of condescension with nothing constructive, good job lads.

OP if you have 12 machines on a home network with a hardware firewall you obviously like/don't mind spending time on network technology. Head to www.winsnort.com and fix up a Snort IDS box. Also grab the IDS Policy Manager and HoneyNet Console from here http://www.activeworx.org/Downloads/tabid/54/Default.aspx . All free and by the end you'll have an excellent Intrusion Detection system - it does take a fair amount of tuning to get the IDS filtered correctly for your network but it will help stop this ever happening again (and it's fun if you're into networking at all).

matt-dublin

read above, the op already said he had a physical firewall

_CreeD_

Um, yes...This is an IDS, same ocean different kettle of fish.

Balfa

zabbo wrote:

Are you seriously in charge of a network ?

Alarm bells to your employers if you are.

Get over yourself. We know now that it's a home network, but even if it was a company, who's to say his "employers" weren't himself and two friends with a small startup that can't afford a security analyst and don't have much in the way of sensitive information, and he happens to be the most computer-savvy of the three?

Zillah

Balfa wrote:

Get over yourself. We know now that it's a home network, but even if it was a company, who's to say his "employers" weren't himself and two friends with a small startup that can't afford a security analyst and don't have much in the way of sensitive information, and he happens to be the most computer-savvy of the three?

Seconded

5ftGiant

Zillah wrote:

Seconded

3rd-ed-ed-ed !!