Personal computing discussed

Moderators: renee, Steel, notfred

 
John Nixon
Gerbil In Training
Topic Author
Posts: 6
Joined: Sat May 12, 2018 4:38 pm

Very basic packet sniffing against invader

Sat May 12, 2018 5:36 pm

Hi. I have a wife with a laptop using Win XP (which she refuses to change to a more recent OS or laptop), which most times is almost unusable because of a huge amount of unsolicited traffic blocking her system. So far, an AV scan doesn't show any malware. I should like to analyse the packets to simply show source IP on the downstream (don't know if that's possible, even if no proxy is involved), and destination IP on the upstream. The port number would be helpful, as well as perhaps the packet types (TCP/UDP). It might then be possible to install a software firewall that can stop those in both directions. Connection is via WiFi, and the router doesn't have its own firewall. As you will have guessed, I have no experience in this field and very limited knowledge. Nor do I want to spend lots of cash on a very posh commercial system. Any suggestions, please?
 
jihadjoe
Gerbil Elite
Posts: 834
Joined: Mon Dec 06, 2010 11:34 am

Re: Very basic packet sniffing against invader

Sat May 12, 2018 6:21 pm

Doesn't Win XP have its own built-in firewall? You could try activating that first.

If you need a third party firewall, I recall ZoneAlarm's Firewall worked pretty well in XP. It has per-application/per-zone permissions, and logged the source IP/host for blocked incoming attacks. I'm just not too sure how much functionality they removed in the free version, but IMO it's worth a try.
 
LostCat
Minister of Gerbil Affairs
Posts: 2102
Joined: Thu Aug 26, 2004 6:18 am
Location: Alphanumeric symbols.

Re: Very basic packet sniffing against invader

Sat May 12, 2018 7:10 pm

John Nixon wrote:
Any suggestions, please?

Force the issue. XP is toxic sludge at this point.

And yes, it has its own firewall built in with SP2 and beyond. (Though it only blocks inbound and doesn't do significant logging iirc.)
Meow.
 
blitzy
Gerbil Jedi
Posts: 1844
Joined: Thu Jan 01, 2004 6:27 pm
Location: New Zealand

Re: Very basic packet sniffing against invader

Sat May 12, 2018 7:51 pm

WireShark will show you the network traffic, it has a bit of a learning curve though.

IMO the best solution is nuke from orbit - complete wipe, being compromised means you really can't trust the pc anymore for much of anything
 
bthylafh
Maximum Gerbil
Posts: 4316
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: Very basic packet sniffing against invader

Sat May 12, 2018 8:38 pm

LostCat wrote:
John Nixon wrote:
Any suggestions, please?

Force the issue. XP is toxic sludge at this point.


Yep. Whether or not your wife likes it, it's time to forcibly retire Windows XP; it's got 4 years of unpatched exploits and that will only increase. You can install something like Classic Shell on a newer Windows to ease the transition.

http://classicshell.net/
Hakkaa päälle!
i7-8700K|Asus Z-370 Pro|32GB DDR4|Asus Radeon RX-580|Samsung 960 EVO 1TB|1988 Model M||Logitech MX 518 & F310|Samsung C24FG70|Dell 2209WA|ATH-M50x
 
just brew it!
Administrator
Posts: 53994
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Very basic packet sniffing against invader

Sun May 13, 2018 4:54 am

If there's a lot of unsolicited traffic, the system is almost certainly already in serious trouble. If there's malware present, blocking the traffic with a firewall doesn't fix the problem, it just masks it.

Yes, the best solution is to ditch XP. If that isn't feasible from a marital peace standpoint, you really need to figure out what is generating the traffic (and Wireshark, mentioned above, is a good way to do that). What AV scanner(s) have you used?

If it is infected with multiple malware strains, keep in mind that getting it truly clean will likely involve a wipe and reinstall... and since XP no longer gets security updates, a re-infection is fairly likely.
Nostalgia isn't what it used to be.
 
DragonDaddyBear
Gerbil Elite
Posts: 985
Joined: Fri Jan 30, 2009 8:01 am

Re: Very basic packet sniffing against invader

Sun May 13, 2018 9:40 am

First, I agree with all others. XP is long past due for replacement.

XP firewall is inbound only. I used zone alarm back in the day.

Second, you should look into snort if you want packet analysis and blocking. Wire shark will carrier but now block. Snort is an IPS. It's not the easiest to use but there are lots of solutions out there.

Again, if you just upgrade the computer and get Windows 10 your won't have much to worry about.
 
UberGerbil
Grand Admiral Gerbil
Posts: 10368
Joined: Thu Jun 19, 2003 3:11 pm

Re: Very basic packet sniffing against invader

Sun May 13, 2018 1:23 pm

just brew it! wrote:
Yes, the best solution is to ditch XP. If that isn't feasible from a marital peace standpoint, you really need to figure out what is generating the traffic (and Wireshark, mentioned above, is a good way to do that). What AV scanner(s) have you used?

If it is infected with multiple malware strains, keep in mind that getting it truly clean will likely involve a wipe and reinstall... and since XP no longer gets security updates, a re-infection is fairly likely.
Well, you could treat it the way some internet cafes handle their machines: run XP in a VM and download a new fresh system image at every boot, then wipe it at shutdown.

Somebody should brew up a Chromebook skinned to look like XP for people like this.
 
John Nixon
Gerbil In Training
Topic Author
Posts: 6
Joined: Sat May 12, 2018 4:38 pm

Re: Very basic packet sniffing against invader

Sun May 13, 2018 1:57 pm

Hey, thank you fellers! You responded so quickly - I've taken some of your advice and downloaded Wireshark. Actually, two versions - one for my own laptop whilst I plod up the learning curve you mentioned. Sadly, although there are lots of YouTube explanations, none of the UIs looks much like the one I have in front of me, but I'm slowly getting the message. A good point about the firewall just masking the problem, but that may be as near as I can get ftb - Viv is well beyond just being a very determined lady! The VirtualBox idea is a good one - I use it myself and it is totally self-cleaning, but Viv is convinced that it is the work of the Devil!
But I'm grateful to you all - yesterday I know nothing at all, today I'm seeing a glimmer at the end of the tunnel. If I run into more trouble, I'll come back a'begging.
 
John Nixon
Gerbil In Training
Topic Author
Posts: 6
Joined: Sat May 12, 2018 4:38 pm

Re: Very basic packet sniffing against invader

Sun May 13, 2018 2:02 pm

Sorry Just Brew it - I forgot to answer your question about the AV - Viv's using Avast. I have thought of taking her HDD out and give it a different scan in a USB cradle on my laptop - maybe AVG or MS Security Essentials.
 
Schmoo
Gerbil
Posts: 29
Joined: Mon Dec 14, 2015 12:32 pm
Location: オーストラリア

Re: Very basic packet sniffing against invader

Sun May 13, 2018 2:29 pm

Some of the guys here have tried to give you helpful advice but as JBI said, it is really only a temporary solution as XP is now over 4 years past the end of support so even if you do a wipe and reinstall it is probably just a matter of time before re-infection occurs, whether it is by the same malware or something else that comes along. Using some sort of anti-virus is not a substitute for having an OS that isn't vulnerable in the first place. Running a machine on an unsupported OS through a router with no firewall seems like madness too. That's the computer equivalent of having sex with AIDS ridden junkie prostitutes and not wearing a condom. Who'd do that ?

Also, don't rule out the option of divorce. It may end up being easier.
 
John Nixon
Gerbil In Training
Topic Author
Posts: 6
Joined: Sat May 12, 2018 4:38 pm

Re: Very basic packet sniffing against invader

Mon May 14, 2018 3:30 am

Thanks, Schmoo. Point taken, though actually you're preaching to the converted here - I abandoned XP quite a long time ago. Sadly stuck with W10 now, though I much preferred W7. Yes all you guys have been helpful to a little old man who just wants his wife to be content. Thanks for your trouble, and your last comment was amusing, though I shall not be showing it to Viv - you'd be reading about a nasty incident in the papers if I did. Shall work on diplomacy, though more tricky to get agreement than, say, Iran or North Korea
Kind regards to you all.
John
 
bthylafh
Maximum Gerbil
Posts: 4316
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: Very basic packet sniffing against invader

Mon May 14, 2018 8:13 am

I'd be looking into sabotage were I you. "Sorry, honey, the computer got a nasty infection and it's totally unable to boot now! I'm ordering you a newer one as a late Mother's Day present".
Hakkaa päälle!
i7-8700K|Asus Z-370 Pro|32GB DDR4|Asus Radeon RX-580|Samsung 960 EVO 1TB|1988 Model M||Logitech MX 518 & F310|Samsung C24FG70|Dell 2209WA|ATH-M50x
 
Wirko
Gerbil Team Leader
Posts: 257
Joined: Fri Jun 15, 2007 4:38 am
Location: Central Europe

Re: Very basic packet sniffing against invader

Mon May 14, 2018 8:49 am

All right, a less radical form of "divorce" could be the separation of LANs, and resigning from her IT support team.
 
The Egg
Minister of Gerbil Affairs
Posts: 2938
Joined: Sun Apr 06, 2008 4:46 pm

Re: Very basic packet sniffing against invader

Mon May 14, 2018 11:30 am

It's going to be impossible to completely secure XP at this point, and I honestly wouldn't waste your time trying. Since her issue is almost certainly the UI, that's where I would focus your efforts. Others have suggested Classic Shell, and I think this (or something similar) is the way to go. Get the UI as close as you can for her, and tell her it's the only way.
 
mmp121
Gerbil
Posts: 31
Joined: Tue Aug 15, 2006 12:09 am

Re: Very basic packet sniffing against invader

Mon May 14, 2018 3:19 pm

Forgive me for asking the obvious, but what is she going to do when the machine eventually has a hardware failure and stops working?

If the answer to that is what we all think and hope it is (RE she will have to suck it up and deal with a new OS), just drop a magnet near it now and get the ball rolling in the right direction now.

Now in the meantime, what about running some malware detection software in addition to just simple AV. Most AV's won't catch Malware (especially XP AV's). I would suggest Malware bytes, Hijack this, SpyBotSearch & Destroy etc.

Also it would not be a bad idea to take the drive out of the laptop and put it in an external enclosure, and from a spare computer (with all internal drives (HDD/SSD) disconnected) run a live disk to scan the drive for 'anomalies'.

https://www.techsupportall.com/best-boo ... -computer/

https://www.digitalcitizen.life/top-fre ... indows-pcs

https://www.lifewire.com/free-bootable- ... ls-2625785

Good luck!
 
MOSFET
Gerbil XP
Posts: 370
Joined: Fri Aug 08, 2014 12:42 am

Re: Very basic packet sniffing against invader

Mon May 14, 2018 3:56 pm

bthylafh wrote:
I'd be looking into sabotage were I you. "Sorry, honey, the computer got a nasty infection and it's totally unable to boot now! I'm ordering you a newer one as a late Mother's Day present".


This is exactly what I was thinking yesterday, but this is slightly nicer, and bthylafh didn't mention a hammer.
Be careful on inserting this (or any G34 chip) into the socket. Once you pull that restraining lever, it is either a good install or a piece of silicon jewelry.
 
bthylafh
Maximum Gerbil
Posts: 4316
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: Very basic packet sniffing against invader

Mon May 14, 2018 5:28 pm

"Unmentioned Hammer" is the name of my next band.
Hakkaa päälle!
i7-8700K|Asus Z-370 Pro|32GB DDR4|Asus Radeon RX-580|Samsung 960 EVO 1TB|1988 Model M||Logitech MX 518 & F310|Samsung C24FG70|Dell 2209WA|ATH-M50x
 
John Nixon
Gerbil In Training
Topic Author
Posts: 6
Joined: Sat May 12, 2018 4:38 pm

Re: Very basic packet sniffing against invader

Tue May 15, 2018 5:27 am

Hi again fellers. This is the most helpful and amusing forum I have ever had help from. However, a minor miracle has happened. When I came in from playing bowls last night, Viv had had the worst session yet trying to use her computer, so retired to watch the TV, where there was an hour-long program going into details of cyber crime etc. With that and some of your comments I had passed on diplomatically to her, she was anxious that I replace her computer, her OS, her AV and my router, ASAP - oh yes, and her sign-in password. It was like the episode of Saul on the road to Damascus. After years of experience, I didn't whoop with delight or do cartwheels (the last part a bit out of reach since I fell out of a tree last summer), just looked doubtful, sucked air through my teeth and said I'd think it over. OK, I've thought it over, and am right now chasing up some more of your suggestions, looking at comparison sites, adverts and arranging a trip for her to a big computer store. A shame, I'd just begun to get to grips with Wireshark.
So thanks again, it was an even better experience than I might have hoped for.
John
 
Aranarth
Graphmaster Gerbil
Posts: 1281
Joined: Tue Jan 17, 2006 6:56 am
Location: Big Rapids, Mich. (Est Time Zone)
Contact:

Re: Very basic packet sniffing against invader

Tue May 15, 2018 6:52 am

John Nixon wrote:
Hi again fellers. This is the most helpful and amusing forum I have ever had help from. However, a minor miracle has happened. When I came in from playing bowls last night, Viv had had the worst session yet trying to use her computer, so retired to watch the TV, where there was an hour-long program going into details of cyber crime etc. With that and some of your comments I had passed on diplomatically to her, she was anxious that I replace her computer, her OS, her AV and my router, ASAP - oh yes, and her sign-in password. It was like the episode of Saul on the road to Damascus. After years of experience, I didn't whoop with delight or do cartwheels (the last part a bit out of reach since I fell out of a tree last summer), just looked doubtful, sucked air through my teeth and said I'd think it over. OK, I've thought it over, and am right now chasing up some more of your suggestions, looking at comparison sites, adverts and arranging a trip for her to a big computer store. A shame, I'd just begun to get to grips with Wireshark.
So thanks again, it was an even better experience than I might have hoped for.
John


WOOHOO!!!!! There ya go!!!!

Now you can buy a new machine for yourself and give her the hand me down!
(Oops did I say that out loud?! I think I did, my wife is giving me the look and sharpening her butcher knife...)
Main machine: Core I7 -2600K @ 4.0Ghz / 16 gig ram / Radeon RX 580 8gb / 500gb toshiba ssd / 5tb hd
Old machine: Core 2 quad Q6600 @ 3ghz / 8 gig ram / Radeon 7870 / 240 gb PNY ssd / 1tb HD
 
Aether
Gerbil First Class
Posts: 153
Joined: Sat Dec 20, 2014 8:50 pm

Re: Very basic packet sniffing against invader

Tue May 15, 2018 7:06 am

John Nixon wrote:
However, a minor miracle has happened ...


As other have suggested, in order to make your wife's transition as painless as possible, you should check out Classic Shell to see how it can make the Windows 10 interface mimic Windows XP or 7. I do not care for the Windows 10 start screen, so all of the computers that I use have Classic Shell configured to make Windows 10 use a Win7-like start menu.
 
Usacomp2k3
Gerbil God
Posts: 23043
Joined: Thu Apr 01, 2004 4:53 pm
Location: Orlando, FL
Contact:

Re: Very basic packet sniffing against invader

Tue May 15, 2018 7:10 am

I'm a fan of using the system as stock as possible. It certainly makes any troubleshooting much easier.
 
bthylafh
Maximum Gerbil
Posts: 4316
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: Very basic packet sniffing against invader

Tue May 15, 2018 9:07 am

While you're overhauling your security setup, you should try hard to sell your wife on using a password manager.

Benefits:
* You only have to remember one or two passwords - one for the manager, and optionally one for your main email account in case you screw up the manager.
* Every account gets a unique randomly-generated password, so if an attacker compromises one account they can't turn around and use those credentials for another account.

I would then use Diceware to generate the password(s) that you have to remember, using the currently-recommended six words.

I'd also think about setting up two-factor authentication for at least the password manager and email account. The purpose of 2FA is so that even if the attacker manages to guess your password, they can't get in because they don't have the "token" linked to your account. The most popular form of 2FA is probably a smartphone app that displays a six-number code which changes once a minute. I prefer Authy because you can back up the codes, so you're not up the creek if your phone breaks and you didn't think to print off any one-time recovery passwords.

There are several password managers to choose from. My wife and I use LastPass and I like it pretty well. A nice feature of the for-pay version is that you can authorize someone else to get in should you die or become incapacitated; likewise, you can share entries in your password manager with or without sharing the password's plaintext. Lastpass is available for many platforms and browsers.

Another good practice is to save your answers to a website's "security questions" into your password manager's Notes field. The reason: instead of truthfully answering those questions, which an attacker might guess, you can have the password manager generate a random string and then save the answer into the notes field. I've done that with my Apple account for years.
Hakkaa päälle!
i7-8700K|Asus Z-370 Pro|32GB DDR4|Asus Radeon RX-580|Samsung 960 EVO 1TB|1988 Model M||Logitech MX 518 & F310|Samsung C24FG70|Dell 2209WA|ATH-M50x
 
John Nixon
Gerbil In Training
Topic Author
Posts: 6
Joined: Sat May 12, 2018 4:38 pm

Re: Very basic packet sniffing against invader

Fri May 18, 2018 10:05 am

Thanks Aether,
Tried Classic Shell - quite an improvement - thank you.
Thank you Bthylafh - a very detailed suggestion. I use a password manager myself (KeePass - free), but hadn't thought of the much more secure alternatives you suggested. I shall dally with that myself before I pass it on to Viv. Much as it makes excellent sense, I sense obstruction looming - I dread having to persuade her to get out of a burning car one day! I shall get started on the 2FA method when my head is feeling clearer, and get back to you with the feedback. Much obliged.

Who is online

Users browsing this forum: No registered users and 2 guests
GZIP: On