Heyas all, my bro in law was hacked recently, he just went apeshznit and formated and reinstalled. He also bought a router and hes worried about being re-hacked. Im curious what can I do/go/get to test hackability?
I know about the gnc site but Ive heard its utter crap and its even proven itself to be not completely trust worthy for that overall.
This has to be at least a remotely easy testing due to not being too experienced....

any help/thoughts/advice?

If he's behind a router he's going to be pretty much unhackable (except by an attacker deceiving him) unless he puts himself into the dmz.

Thanks, thats what I figured, but I was curious due to when i go into the router settings it shows this...

http://www.theforumisdown.com/uploadfiles/0103/routershot.JPG

so is this setting right or?

According to the Linksys BEFSR41 manual:

Gateway Mode should be used if your Router is hosting your network's connection to the Internet. Router Mode should be selected if the Router exists on a network with other routers.

IFMU did your bro have software firewall before he was hacked? I know Norton allows you to actually shut down ports just like a router...although this is software and not hardware (which always leaves room for problems)

Originally posted by JohnnyTheRed
According to the Linksys BEFSR41 manual:
Ok that works then, thanks.
Originally posted by ManOfKnight
IFMU did your bro have software firewall before he was hacked? I know Norton allows you to actually shut down ports just like a router...although this is software and not hardware (which always leaves room for problems)
He was using this (his) computer as a router for other computers on the network. I thought he had the XP firewall being used, but its possible it wasnt.
I personally cant stand software firewalls, resources being used for it. I cant stand Norton in even the slightest...

But ok thanks guys I guess this will have to be enough for him. Just wish there was a way to actually test it, but guess its good enough.

Just for a sense of security, you can go to dslreports.com - I believe they have tests to scan your ports. Or get yourself a free port scanner, and do it yourself (preferably from outside of your network). AFAIK unless otherwise specified, the router shuts all ports for incoming connections. So unless he opens them up himself, or has downloaded and executed some viri/trojan, then there should be no way to get into it.

Keep up to date on OS patches, as well as anti-virus patches. Scan comp for viri regularly, as well as Spyware.

Originally posted by JohnnyTheRed
Just for a sense of security, you can go to dslreports.com - I believe they have tests to scan your ports. Or get yourself a free port scanner, and do it yourself (preferably from outside of your network). AFAIK unless otherwise specified, the router shuts all ports for incoming connections. So unless he opens them up himself, or has downloaded and executed some viri/trojan, then there should be no way to get into it.

Keep up to date on OS patches, as well as anti-virus patches. Scan comp for viri regularly, as well as Spyware.

yeah, i would use the dslreports.com port scanner. the full address for it is http://www.dslreports.com/scan/

that should give you a pretty good clue about what ports you have open. if your router has the ability to not respond to pings, enable it. that is one way that somebody will check to see if your ip address is being used. if your router does not reflect the ping back, the person who is checking your ip address will probably assume that your internet connection is off.

If you've got access to a computer running Linux or Unix, you can use Nessus (www.nessus.org) to scan his computer for a very large number of known vulnerabilities. It's a far more detailed scan than either GRC or dslreports offers.

Nessus is nice but alot of the stuff it might report you'd have a hard time resolving short of putting a firewall on the box since Windows only affords you so much control. And if the box is already behind nat with no port forwarding or dmz, then it is safe anyways.

XP's firewall isnt very strong, zonealarm is pretty good as it will asorb ping requests so hackers will not know to even keep trying, as for XP's firewall it will send back a ping request thus allowing a hacker to know that the address is live, and then he will probe, once finding out what OS the person has he will try diffrent techniques to gain access. however a NAT firwall is very good as long as you dont leave ports open or forwarded, or set a computer in DMZ mode. however he still isnt scott free, if he gets a email with a trojan virus in its attachment and he runs it he will be infected and his firewall will be useless. so I sugest a good antivirus with email scan enabled for incomming emails.
that witha NAT firewall router and he is all good.
-L_P

Im not too worried about email, we all use web-based, yahoo, hotmail etc. Its a little more difficult to get virus' that way so Ive gotten most folks to stick to using it. They are pretty good at not downloading things if they dont know what they are/who they are from. I think they should be ok, just needed some backing up basiclly. lol

XP's firewall is good enough for most people, imho. As far as I can tell, all it does is drop all incoming connections. Its not any weaker then Zonealarm or anything else by doing that, although its less flexible.

Zonealarm and the others will alert you to outgoing traffic on your box.. but if you've got nasty outgoing traffic then you should re-examine your computing practices.

Gibson Research. www.grc.com has a range of security stuff you can use......

any software firewall is only as secure as the OS that it runs on.

GRC is the least effective of the security scanning tools, scanning only 13 ports. The DSLreports scan is better, scanning with Nmap yourself is even better, and scanning with Nessus is one of the best.