Stopping someone from proxying my IP address

tedstokes168

THIS IS NOT A SHORT TOPIC, WARNING!

Hey,

Some might say "isnt this in the wrong section?" I say no, you see I went
and had irish broadbands fully wireless option installed on my roof last month
and have been happy as I could be with it running without problems sending
my data wireless to the nearby mountains and giving me a good ping on my
games (80 for those of you interested).

This is the issue, and indeed my problem:

Before you know the issue there is one thing you should know, thats with this
wireless service you have a static IP address that never changes.

Now, to the point. I have found that someone during the night is using my
IP address to do some shady activity (I have informed irish broadband on
several occasions without reply after saying first time "we are investingating")
I found this after keeping my pc plugged in and turned off, not on standby
but fully off turning on in the middle of the night while I am watching tv.
After searching through my PC settings I found that my NIC card was set to
start the PC up when pinged from the net (even when i told my pc to disable the connection). So, I disabled the setting and now my PC doesnt start without my permission, but I have found that since installing the broadband
my internet email accounts have all been used to send worms and all sorts
with the only way I know about it when some messages get returned to sender (undeliverable). I talked to IBB and they told me that my IP address has been blocked from sending emails on my internet accounts and that they will be sorting it out but have not replied in a week. The other issue I am more
worried about is i did a virus scanner and found nothing on my PC and I like to use my PC during the night to play battlefield 2 and other online games and at times my ping goes through the roof and i find that it is the same time that shady stuff is sent through my email. If it was just this then I would think "ok, change email account and dont worry". But, with the bad ping for sometimes hours on end I am worried that they might be doing something worse than worm emails and that I will be left with the blame when things go bad with them pinging through my IP address as a proxy (my theory that fits the facts).

Now you know the issue my question is this:

Is it possible to track when someone connects to your PC to use it as a proxy without permission a la the bond movie Goldeneye? (I do have windows firewall enabled but its not showing a thing).

I cannot change my IP address as it is specific to my account (no username and password needed just ip address settings).

Please help, I dont want to worry about being done for shady activity when its not me doing it

watty

Buy a separate Ethernet WAN router/NAT/Firewall. It can stealth ports, makes your PC invisible etc. Compare with even a 50 Euro model any Firewall SW on PC is useless. I don't use any PC Firewall Software and have Windows Firewall disabled.

I've been installing various kinds of "separate to the PCs" firewalls since 1994.

It makes no different to hackers if your IP is static or dynamic.

Your IP being "pinged" does not mean you are being used as a proxy. That requires specific software on your PC. Hint: Disable XP Internet Connection Sharing service and untick EVERY box EXCEPT TCP/IP in your network card properties. Any of the other thinks should only be "on" (ticked) if you have a LAN with more than one PC or WiFi Router, all protected by a separate firewall.

These simple changes give more security than any AV / Zonealarm / Firewall etc installed on PC.

bushy...

The easiest/best thing for you to do is buy a separate router. I was setting up a pc on an IBB connection before , there was a lot of windows pc's saying hello and many were from the other side of the country. A bit of prodding and you'd be in the shared folders .

Wcool

In the mean time: you want to know if a trojan is running on your computer.

The easiest way to see what network activity is going on is to install a program that monitors just that.

If you are comfortable using a computer, have a look at http://www.wireshark.org.
This is an open source network packet sniffer and it is very good.

You could use it to find out what kind of network activity is happening at what times.

If you are less comfortable, have a look at http://www.networkmagic.com/
This program comes in a free version and can tell you what site where visited.

Of course, if your computer is truly hacked, a competent hacker could change the log files of your pc, however this aint easy.

Judging from your post though, I don't think that your computer was used at all. Your email address was used. This is unfortunately impossible to stop and it often happens (it happened to me).
The email protocol allows a false Sender (basically it allows anything there).
What spammers do is using your email address in the Reply to field of the millions of emails that they send. Some of those emails are stopped by mailfilters or don't exist any more. The mail program will then send an undeliverable/this is spam message back to the Reply To field in the email.

Unfortunately, that is you... And you will get a lot of undelivered/you sent spam messages in YOUR email box.

If you have your own domain name, it is possible to do a little about this, look for SPF and/or Domain Keys in Google. Basically, this is some sort of attempt to validate where mail is coming from, but it doesn't work really well (yet)

watty

If someone that you know is infected with a virus / trojan, the spammer uses all his address book entries as the "from" addresses. It is easy to do and does not involve your PC at all.

vibe666

watty wrote:

If someone that you know is infected with a virus / trojan, the spammer uses all his address book entries as the "from" addresses. It is easy to do and does not involve your PC at all.

indeed. you've been spoofed. http://en.wikipedia.org/wiki/Email_spoofing

one thing that is worrying though is that anyone with any kind of broadband conneciton thinks that windows firewall is going to save them from anything.

go get yourself a proper firewall. there are freeware firewalls out there, zonealarm znd most of the other firewall big guns do a free version which will do a lot more than windows firewall ever will.

read through this and see where it takes you:

www.firewallguide.com

you need:
a decent firewall
anti-spyware/malware
trojan protection

it's all available free if you look around a bit, but not everything is as good as it seems and there are already quite a few bogus websites giving away anti-spyware software that actually installs spyware on your pc so choose carefully. if you're not totally against paying for software then a good all in one package will do the business. AVG or Zonealarm both do the full enchilada when it comes to what are called 'internet security suites' although personally I'd stay away from the likes of symantec and mcafee as they quite often cause more system problems than the crap they are trying to stop.

think of yourself as a tourist in a strnage land, almost totally without physical protection or the knowledge to protect yourself with. you really aren't going to last long unless you get to know exactly what the dangers are and how to prevent them.

it is a very steep learning curve as you've found out already, but being online all the time is a risky business.

/scaremongering.

zilog_jones

I'd agree with Watty in getting a proper hardware router/firewall. I've been using one since last summer (Netgear DG834GT - though that would be useless to you as it's an ADSL modem router) and haven't had an ounce of trouble. Having ZoneAlarm on the two PCs in the house before was infuriating to deal with in comparison.

watty

There is Ethernet WAN equivalents of most ADSL routers. Argos confusingly calls them "cable modem routers". They aren't, though of course will work with external Cable modems. You can get "real" Cable Modem Routers (if you are a Cable company) for customers.

tedstokes168

thanks everyone for your replies it has given me a good place to start esp the email spoofing article.

azzeretti

vibe666 wrote:

indeed. you've been spoofed.

one thing that is worrying though is that anyone with any kind of broadband conneciton thinks that windows firewall is going to save them from anything.

go get yourself a proper firewall. there are freeware firewalls out there, zonealarm znd most of the other firewall big guns do a free version which will do a lot more than windows firewall ever will.

I'm not sure I agree with most peoples view on the Windows Firewall. The only downside to SP2 Firewall is that there is no control over outbound connections. The inbound restrictions is indeed very good and I would certainly recommend turning this on over not!
It does lack some advanced features but from a hackers point of view they wouldn 't waste their time trying to exploit it when there are so many completely unprotected PC's out there. Anyway, mostly, when turned on with no exceptions, it will not respond to any probing, so I am not sure why people are dissing it.
I have tested various vendors soutions (cisco, juniper, linksys, sonicwall, zyxel etc) and leaving aside the advanced features on most of them, the SPF on all of them are the same.
Beleive me, any hacker trying to hack a machine will look for the short route first i.e an unprotected machine. Unless there is a huge benifit they wouldn't even bother.

As others have said, it looks like your email provider may be allowing open relay or some SMTP engine is just using your address as the mail from: address.

Keep the Firewall on, and if you really need some more advanced features then go ahead and spend a 100 euro or so on a router/firewall, but you won't really notice the difference.

watty

it's easy for a virus/trojan on another machine to spoof a from Address. Nothing to do with open relays.

azzeretti

watty wrote:

it's easy for a virus/trojan on another machine to spoof a from Address. Nothing to do with open relays.

Kinda true, but again, why bother wasting this much time.