This post originated from an RSS feed registered with .NET Buzz by Robert Hurlbut. Original Post: Have you been hacked? Feed Title: Robert Hurlbut's .Net Blog Feed URL: http://www.asp.net/err404.htm?aspxerrorpath=/rhurlbut/Rss.aspx Feed Description: Development with .Net, Rotor, Distributed Architectures, Security, Extreme Programming, and Databases Latest .NET Buzz Posts Latest .NET Buzz Posts by Robert Hurlbut Latest Posts From Robert Hurlbut's .Net Blog

Have you or a friend of yours been hacked?  I am referring to the way an attacker can exploit your computer through a missing patch, or an open port that needs to be closed, and essentially now “owns” the machine.

Dana Epp has posted a link to an introductory article that tries to answer the question “How do I go about seeing if I have been hacked?”:

The guys over at Bleeping Computer have written a tutorial that will show you how to determine if your Windows NT, XP, or 2000 box is hacked and how you can go about cleaning up the files they may have left behind.

The tutorial shows you how to detect most hacks, but there are other methods that will be much harder to detect and will require a greater degree of knowledge in detecting them. The author believes that most of the hacks that are done in mass, especially by the script kiddies, will be detectable through these methods.

Dana lists the tools mentioned in the article for performing a simple forensic analysis on your Windows system:

• Fport - Lists all open ports (Think nstat like)
• TCPView - Similar to Fport, but graphical, and shows more info such as CLOSED connections (very important post analysis)
• Process Explorer - A great tool from Sysinternals which shows parent/child relationships with processes
• PSTools - A set of cmd line tools used to open and kill processes, control servives, change passwords etc
• Filealyzer - Windows explorer shell extension to your right click on a file

This is great for your friends and family members who may be wondering and asking you this question.