General discussion

Macs and Windows computers being hacked

Dear Forum Members,
During the past month I have been under relentless cyber attack. Three computers, including 2 Macs and one older XP machine have been virtually destroyed by constant TCP and now more UDP attacks have been infiltrated and files removed until they no longer function. I have used Little Snitch and Doorstop on the Macs; variety of software and shell scripts on XP. I've wiped the drives and reinstalled, reported this to the Cybercrimes site, twice- no response. Logs clearly show attacks including nmdp lookup, UDP and stealth mode attacks. Any suggestions or thoughts? I've never seen such vicious, mean spirited and relentless attacks in more than 25 years of using computers. Attacks are obviously automated (w/ connection attempts up to 15/sec., over about 1 month now. Firewalls, MAC spoofing, and other solutions have not been consistently helpful. Again, any help with this will be much appreciated. Thank you in advance!

Discussion is locked
Follow
Reply to: Macs and Windows computers being hacked
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Macs and Windows computers being hacked
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Sorry to say

Sorry to say, but this is probably the wrong place to come for this sort of problem. You want to find some kind of sysadmin kind of forum where people have some experience dealing with DDoS attacks.

But I'd have to guess that one of the Windows machines was probably the beachhead from which these attacks started. XP has some known vulnerabilities that Microsoft has already said they will not be fixing, so you'd probably be wise to get that thing off your network as soon as possible.

Also, while not a universal, USUALLY these kinds of sustained attacks are because you attracted the attention of the wrong people somehow. There's not a whole lot you're going to do about it in the end, except format each computer and completely rebuild it, because unless you have a static IP, the odds of the person being able to more or less instantly find your latest IP address are pretty slim without some kind of program feeding the info back to them.

Take each computer offline, format the drive of each one (simply reinstalling the OS isn't good enough here), go to some other computer and download the latest service pack for Windows and latest point release combo for Mac OS X, and be sure to install those BEFORE connecting to the Internet. Then, connect the systems one at a time, and install any subsequent updates that may be necessary. DO NOT connect more than one system until the first one is completely updated. THEN you can add the next one. The idea being to keep the exposure window as small as possible. Along the way, be sure to unplug your router or DSL/Cable modem so that you get a fresh IP address. Also make sure to update important software like Adobe Flash, your web browsers (and do NOT under ANY circumstance other than installing updates, use Internet Explorer on the XP box), etc. Make sure your AV programs are up to date, the usual.

This may or may not solve the problem, and if not, you're going to have to go find a site where actual admins who've dealt with this kind of issue before hang out. I highly doubt many will come to Cnet forums. Afraid I don't have any suggestions for you either.

- Collapse -
Thank You!

I hadn't even considered other windows machines on my network, which didn't appear to have been hacked. The Macs were the first to get noticeably attacked, but I didn't even ask to look at log files and other signs that intruders had been through. I'll need to get permissions to examine those machines, but I think the owners will let me take a look. Thank you for your thoughtful reply, and for the referral to sysadmin sites. Sincerely,
R1ck

CNET Forums