# Help! Is this a hacker?



## Rollofthedice (Jul 28, 2007)

*Is this a hacker?*

My Firefox internet session froze up on me and I guess my Comodo Firewall went down too.  I then scanned with the Kaspersky Anti-Virus and towards the end it said "The Comodo Firewall requested the runtime to terminate it in an unusual way." or something close to that.

In the activity log for the Comodo Firewall there are about 50 medium severity Inbound Policy Violations and they're still going on!


----------



## Rollofthedice (Jul 28, 2007)

I have a Cable internet connection and I just restarted my computer and the Inbound Policy Violations are still happening.

The destinations are:
One is from 239.255.255.250:upnp-mcast(1900)
Another is   192.168.0.255:nbname(137)
And another 192.168.0.255:nbdgram(138)

If that helps with anything.


----------



## tlarkin (Jul 28, 2007)

Rollofthedice said:


> I have a Cable internet connection and I just restarted my computer and the Inbound Policy Violations are still happening.
> 
> The destinations are:
> One is from 239.255.255.250:upnp-mcast(1900)
> ...



Those are all non routeable IP addresses, meaning they are your network.  Do you broadcast unsecured wireless?


----------



## Rollofthedice (Jul 28, 2007)

I am linked to my roommates computer I'm plugged into the router and he has a wireless card.  I don't know if it's secured or unsecured.

It looks like it's stopped for now.  There were 81 inbound policy violations from 12:17 to 12:53.  I think this is the first time this has happened since I got the cable modem around 3 months ago.


----------



## tlarkin (Jul 28, 2007)

If your router is wifi capable you need to enable some sort of encryption on the signal.  At least WEP, if not WPA (WPA is better).  Also if your router support it (which most do) turn on NAT which does not allow remote hosts to connect to your machine.  This should take care of most of your issues, unless you have some sort of trojan or exploit on your machine giving other things access.


----------



## Rollofthedice (Jul 28, 2007)

Where can I change those things?


----------



## tlarkin (Jul 28, 2007)

Rollofthedice said:


> Where can I change those things?



In your router's control panel


----------



## Rollofthedice (Jul 28, 2007)

Hmmm.   Maybe I don't have a router.  It says Wireless Cable Modem Gateway on the side of the device and I can't find anything in my computer's control panel that says router.  I did find something in the Network Connections.  Local Area Connection - Enabled/Firewalled Via Rhine II Fast Ethernet Adapter.

I'm only good with Microsoft Office and HTML programming, I don't know too much about the computer hardware or the other stuff.


----------



## tlarkin (Jul 28, 2007)

Hmm okay, did you purchase the router or did your ISP provide it, a gateway/modem implies that its a combo device that is both your modem and your router.

Do you have wireless networking at your place?

Have you run any recent anit spyware and anti virus scans?


----------



## Rollofthedice (Jul 29, 2007)

The ISP provided the router and I'm plugged in using an ethernet cable and my roommate has a wireless network card? in his laptop that he uses.

I ran Ad-Aware and Spybot Search and Destroy, but only found a tracking cookie.  No threats found by the Anti-Virus either just "The Comodo Firewall requested the runtime to terminate it in an unusual way." that popped up.


----------

