Question Trying to understand a potential hack

Aug 21, 2019
3
0
10
Today my internet was going really slow and my bf (a computer guy) somehow looked at IP addresses and said hundreds of Chinese, Russian, African etc. numbers were showing up. He tried really hard to explain what's happening, but he just gets frustrated bc I don't understand what he's saying lol. I've read about DDOS attacks, and I know hackers are always trying to hold companies for ransom. So is someone trying to hack my ISP? Or is my wifi network being targeted specifically?

It's pretty mindblowing how vulnerable we non-computer people are, I have no idea how to protect myself from this kind of thing. 😳😳😳

If anyone can explain this like they're talking to a 90 year old that'd be great. (I almost said 6 y.o. but they'd probably understand lol) Thanks!
 

Ralston18

Titan
Moderator
Think of it as a physical mailbox.

Everyday you get a few letters, bills, advertisements (junk mail), and so forth.

Then someone starts sending you all sorts of junk mail to where your mailbox gets full, the postal delivery person has to carry more and stuff to the mailbox, you have to spend more time sorting out the good, the important, and the bad.

Your entire mail performance slows down.

So you try to get off of all those foreign mailing lists which might help.... You try to get the post office to throw those letters away but they really cannot do so. Nor can the postal delivery person decide what should go into your mailbox or into the trashcan you place beside your mailbox.

From the perspective of the internet, your computer is the mailbox. Many people are trying to gain access and/or deliver "things" (malware, viruses, etc.) but hopefully most of those attempts are being blocked by your firewall:

https://www.avast.com/en-gb/f-firewall

(Note: not promoting Avast. You can easily google for other links regarding firewalls and how they work.)

But if as the number of access attempts increases two things happen: 1) the internet connection path to your computer gets busy. There is only a limited amount of bandwidth available. Analogy being traffic lanes - too much traffic slows down internet performance. 2). More time is needed to sort out the allowed traffic to your computer from all of the other unwanted traffic.

Net/End result = slow internet.

What your BF did was just look at the list of senders (sources) trying to gain access to your computer. It seems that, for some reason, there was a lot of attempts being made to do so. Likely not personal.

The bad guys just keep hammering away and trying to get in.

Keep your firewall up, use AV and anti-malware software, use secure passwords to protect your network and computers.

Also, any Wifi network has the added problem of interference and other problems that can slow the performance of your own home's network. You may or may not able to improve on that part of the problem.

Perhaps changing your wireless network frequency and channel may help. But that is an internal factor and not an internet factor.
 
  • Like
Reactions: LizzyT
Today my internet was going really slow and my bf (a computer guy) somehow looked at IP addresses and said hundreds of Chinese, Russian, African etc. numbers were showing up. He tried really hard to explain what's happening, but he just gets frustrated bc I don't understand what he's saying lol. I've read about DDOS attacks, and I know hackers are always trying to hold companies for ransom. So is someone trying to hack my ISP? Or is my wifi network being targeted specifically?

It's pretty mindblowing how vulnerable we non-computer people are, I have no idea how to protect myself from this kind of thing. 😳😳😳

If anyone can explain this like they're talking to a 90 year old that'd be great. (I almost said 6 y.o. but they'd probably understand lol) Thanks!

First off we need to address why your net connection is slow. It may or may not be due to attacks. If you are using WiFi, it's possible your actual connection rate (called "link rate") is really low because your signal is weak. WiFi can be as low as 10% efficient or worse. Which means even though you have a 100mbps card, your connection might able to transfer 10mbps.

You can see how to check your link rate here:
https://www.tenforums.com/tutorials/75371-see-network-adapter-speed-windows-10-a.html

Next I would go to http://www.speedtest.net or http://www.fast.com and see how the numbers compare to your ISP bandwidth.

Now onto infection and attacks:
The question is:
  1. Are you being attacked? OR
  2. Is your system infected, and are hackers using your system to promote attacks?
Answers:
Section 1: Are you being attacked?

Global attacks are common. In fact it happens so often that you couldn't visualize all the data. Here is a reduced form of it:

https://www.fireeye.com/cyber-map/threat-map.html

Random port scans are also common by script kiddies looking for new targets.

What can you do to protect yourself? Use quality antivirus and a router. Don't ever straight connect your computer to your cable modem. Most ISP's use solutions similar to Fireeye, and Cloudflare and will automatically filter out some attacks. So you shouldn't be seeing a lot of direct attacks on your endpoint (your network). If you have a web server running, or some other open access port from your router, then yes, you could very well be a target of an attack

Section 2: Are you infected?
There's two targets here: The Router and your computer itself.

Routers: Hackers attack router weaknesses to gain access to your internal home network, or to use a service that is useful to them. For example: A Hacker may see you have UPnP turned on to the outside world, and may exploit a known weakness there to enter your network. There he can set up things like external FTP access where people can share questionable files, or worse, attack your network from the inside, or most insidious: Reflash your Router firmware to make your network his mindless bot that he controls. To prevent these kinds of attacks, you can test your firewall for known weaknesses and see if any alarms pop up. There are free utilities over the web for this:

https://www.lifewire.com/how-to-test-your-firewall-2487969

The next thing to do is go into your router settings and see if you have any net facing services turned on. These are things the outside world (Hackers) can access and attack like UPnP, FTP, Remote management, web servers, or port forwarding.

Also try to update your router firmware if it's out of date. Unfortunately a lot of networking companies don't update their firmware for the latest vulnerabilities. Netgear and TP-Link are the few that do on a regular basis. (Several times a year)

Computer Infection: There are many ways to infect a computer. However a good antivirus or malware scanner will catch most infections. So if you have a decent anti-virus installed, it shouldn't be hard to find an infection and deal with it.

Side Notes:
If you want to see what's going over your personal computer connection, you can run Fiddler or Wireshark, which will examine and show every piece of data your network card is sending/receiving. Warning: It's a lot of data.

https://www.telerik.com/fiddler

 
Last edited:
  • Like
Reactions: LizzyT
Thank you! This info was very helpful.

One more question: Why do people do this? Is this how identities get stolen?

Why?

How many stars are in the sky? That would be the number of reasons why. It basically breaks down to
  1. Be Mean (Anarchist, and hackers who view the net as theirs (power control issues))
  2. Hide Illegal Activity
  3. Financial gain
  4. Reputation gain (Ego buff)
  5. Personal technical challenge (Like climbing Mt Everest)
  6. State sponsored activities including terrorist attacks.
Identities get stolen when companies have sensitive data and they do not take proper safeguards to encrypt and protect it. (ie: Equifax)
 
Aug 21, 2019
3
0
10
OMG I JUST LOOKED AT FIREEYE. I can't believe this stuff is happening and so many people (me) are utterly oblivious!

I'm simultaneously terrified and super impressed by the people who keep us safe.