A
ahs10
I tried to solve this question yesterday being very brief
and it didn't work. I'm trying again, this time with a
much more detailed explanation and more questions. If
you can, please help me to decide whether or not my
computer has been accessed without permission, and if so
what I can do to figure out who it is.
Let me first explain my computer and network setup...I
have two computers on a wireless network using Netgear's
Wireless Cable Modem Gateway. I run two programs
constantly on one computer called "no-ip"
and "shoutcast". No-ip updates a url so that my dynamic
ip address can be accessed using the url at anytime.
Shoutcast is a audio stream server program, that streams
audio files over the net when users connect to my "no-ip"
url using just about any media player. To use shoutcast,
I have forwarded port 8000 to my computer's lan ip
address. For about a week, the firewalls on both my
router and XP were disabled. How hard would it be to
change a file on my computer under these conditions? My
router has a password, is that easy to bypass?
Shoutcast keeps a log of all connections made to my
stream. Yesterday, someone connected to my stream for
almost six hours, which I thought was bizarre because the
music I played changed drastically several times within
that period. After they logged off, I started wondering
about the security of my setup, and eventually found out
that I can run my router's firewall and broadcast at the
same time (was told differently when I set it up)...so I
turned it on. I then scanned for viruses, spyware,
adware, registry errors...that sort of thing, had no
results out of the ordinary. I still wasn't completely
satisfied, so I decided to use Windows Search and find
all the files that were modified that day. When I did,
the normal files came up (about 250-300 results and it
was an average day as far as computer usage...that's
important later), stuff that I had worked on...except one
file. A .mp3 file that I didn't even know was on my
computer. The file was a mislabeled, entire song, but
with about a minute of another song as well. Now I
understand that if my media player was to play this song,
it could have updated it using CDDB (or whatever it's
called), but I am 100% positive that it did not play that
song. The program also keeps logs of what is played, and
I checked it....three times. Also, since I broadcast
music over the net, I have to keep great care of my music
inventory as there are certain rules to follow on what
you can and can't play. That's why the mislabeling threw
me off, the title had no reference to either the group or
song title at all.
So, I post a brief version of this question yesterday on
here and didn't get much response. Today, the same user
logs onto my stream (now I have my router's firewall
enabled though) and stays connected for approx 40
minutes. I kill my music server after he logs off, run
my diagnostic and virus checks, then search for updated
files with today's date on it. Let me first say that
today was a VERY light computer usage day, much less than
the previous day which returned almost 300 results. So I
was surprised when over 99,000 results were returned.
Almost every file in "My Documents" had been modified
today, files I haven't touched for weeks, all kinds of
files too...from .txt to .swf (that's a Macromedia Flash
file). That same .mp3 file was again the only .mp3 file
on the list too.
Now, while obviously I'm new to networking and
broadcasting, I do have online contacts that would have
the knowledge to do something like this. Without going
much into it, I also have a game on my website that would
definitely trigger a response like this, from someone
that knew how. So I really don't believe there are any
malicious intentions here...I believe someone's playing
with me, I mean if someone did access my
computer...wouldn't they have already done something
wrong if that was their intention? What do you think?
Am I just being paranoid? Is there a way I can find out
if anyone did access my computer? Anything I can do with
that .mp3 file? I've already played it, looked at it's
properties, and checked it out with WMP's advanced tag
editor...nothing, just a file name and the music.
So I sit here, with both firewalls on and not
braodcasting now...waiting for some guidance. Any help
is much appreciated. Thanks in advance and have a great
night!
and it didn't work. I'm trying again, this time with a
much more detailed explanation and more questions. If
you can, please help me to decide whether or not my
computer has been accessed without permission, and if so
what I can do to figure out who it is.
Let me first explain my computer and network setup...I
have two computers on a wireless network using Netgear's
Wireless Cable Modem Gateway. I run two programs
constantly on one computer called "no-ip"
and "shoutcast". No-ip updates a url so that my dynamic
ip address can be accessed using the url at anytime.
Shoutcast is a audio stream server program, that streams
audio files over the net when users connect to my "no-ip"
url using just about any media player. To use shoutcast,
I have forwarded port 8000 to my computer's lan ip
address. For about a week, the firewalls on both my
router and XP were disabled. How hard would it be to
change a file on my computer under these conditions? My
router has a password, is that easy to bypass?
Shoutcast keeps a log of all connections made to my
stream. Yesterday, someone connected to my stream for
almost six hours, which I thought was bizarre because the
music I played changed drastically several times within
that period. After they logged off, I started wondering
about the security of my setup, and eventually found out
that I can run my router's firewall and broadcast at the
same time (was told differently when I set it up)...so I
turned it on. I then scanned for viruses, spyware,
adware, registry errors...that sort of thing, had no
results out of the ordinary. I still wasn't completely
satisfied, so I decided to use Windows Search and find
all the files that were modified that day. When I did,
the normal files came up (about 250-300 results and it
was an average day as far as computer usage...that's
important later), stuff that I had worked on...except one
file. A .mp3 file that I didn't even know was on my
computer. The file was a mislabeled, entire song, but
with about a minute of another song as well. Now I
understand that if my media player was to play this song,
it could have updated it using CDDB (or whatever it's
called), but I am 100% positive that it did not play that
song. The program also keeps logs of what is played, and
I checked it....three times. Also, since I broadcast
music over the net, I have to keep great care of my music
inventory as there are certain rules to follow on what
you can and can't play. That's why the mislabeling threw
me off, the title had no reference to either the group or
song title at all.
So, I post a brief version of this question yesterday on
here and didn't get much response. Today, the same user
logs onto my stream (now I have my router's firewall
enabled though) and stays connected for approx 40
minutes. I kill my music server after he logs off, run
my diagnostic and virus checks, then search for updated
files with today's date on it. Let me first say that
today was a VERY light computer usage day, much less than
the previous day which returned almost 300 results. So I
was surprised when over 99,000 results were returned.
Almost every file in "My Documents" had been modified
today, files I haven't touched for weeks, all kinds of
files too...from .txt to .swf (that's a Macromedia Flash
file). That same .mp3 file was again the only .mp3 file
on the list too.
Now, while obviously I'm new to networking and
broadcasting, I do have online contacts that would have
the knowledge to do something like this. Without going
much into it, I also have a game on my website that would
definitely trigger a response like this, from someone
that knew how. So I really don't believe there are any
malicious intentions here...I believe someone's playing
with me, I mean if someone did access my
computer...wouldn't they have already done something
wrong if that was their intention? What do you think?
Am I just being paranoid? Is there a way I can find out
if anyone did access my computer? Anything I can do with
that .mp3 file? I've already played it, looked at it's
properties, and checked it out with WMP's advanced tag
editor...nothing, just a file name and the music.
So I sit here, with both firewalls on and not
braodcasting now...waiting for some guidance. Any help
is much appreciated. Thanks in advance and have a great
night!