Hacked and Attacked (Long)

Status
Not open for further replies.
Originally Posted By: JMJNet
If in the neighboorhood have 10 houses all with WIFI and yours is hidden.

Do you think people will try to find the hidden one or attack the one that is obvious????


I would target the hidden one. And they are ALL obvious if you are scanning, having the SSID concealed doesn't make it any less so.
 
Originally Posted By: 2004tdigls
Originally Posted By: OVERKILL
Originally Posted By: JMJNet
Use "hidden" or "non-broadcasting" network feature on your router?


That's a relatively useless feature. Capturing the SSID isn't overly difficult.


mac filtering is even more useless

http://www.howtogeek.com/204458/why-you-shouldn%E2%80%99t-use-mac-address-filtering-on-your-wi-fi-router/


thumbsup2.gif


Yup, I touched on that above. They are easy to spoof and equally easy to obtain.

The real issue is the false sense of security people get from concealing their SSID or setting up MAC filtering, which many think makes them "super protected" not realizing how easy those things, on their own, are to circumvent.
 
please educate yourself on Linux. get a small computer to act as the router with the Linux OS. https://www.linuxmint.com/ I use the cinnamon version.
linux is FREE and well worth it.!!!
if linux is out of the question. then you HAVE to get a REAL software firewall. Zonealarm comes to mind. it has program control. in and out bound traffic.
check https://www.grc.com/x/ne.dll?rh1dkyd2

scan your router see if any ports are open.
find and download a program wireshark, https://www.wireshark.org/ it's an AMAZING tool. for the good guys and the bad... use it to help shield up your home network. and computers.

be educated.

i've been using Linux for the better part of 20 years. i'm not a power user, just a normal guy. and i love linux. it take a little thinking and reasearch at times. but it's better than any windows i've used. and for 98% of the things i use a computer for, it's perfect, a few games is why i keep windows around.
 
Every security measure has a countermeasure. If we put enough measures in place, it will require a somewhat sophisticated and patient attacker to overcome them, which is a lot better than leaving the shoddy default settings. Clicking a few buttons can take us from "open access point" to "astute neighbor kids figured it out" to "an experienced wardriver could get in".
 
Originally Posted By: Ethan1
Every security measure has a countermeasure. If we put enough measures in place, it will require a somewhat sophisticated and patient attacker to overcome them, which is a lot better than leaving the shoddy default settings. Clicking a few buttons can take us from "open access point" to "astute neighbor kids figured it out" to "an experienced wardriver could get in".


Yep, it is just some measures are far more effective than others. WPA2-AES with a complex password on a router with the most recent firmware, or even better, a solid firewall, also protected with a complex password, with UPNP and other "access" services disabled, not acting as a DNS proxy (have it set to hand out the OpenDNS, Norton or other 3rd party DNS service) is a good start. The actual benefit of adding MAC filtering and SSID hiding to this is questionable, but definitely makes it a bigger PITA to administer.

You can make it really complex with traffic filtering via an appliance and the like, but this is generally outside the comfort zone for your typical home user. Ultimately, the above is generally sufficient when coupled with a good AV solution. Further isolation of wireless devices by putting them on a separate network can also be easily implemented and is supported by a lot of the "better" consumer devices.

For somebody even remotely savvy, picking up a used Cisco ASA or Juniper SSG is an inexpensive way to get far more robust network gear. I would say the SSG is a fair bit easier to setup for your average user. There are also other commercial firewall solutions like CheckPoint and SonicWall which are also easy to setup and worth considering.
 
Originally Posted By: KrisZ
Quite a story and I may sound negative by saying this, but I'm not sure I believe it.


I knew to expect that response from at least one person
No worries, I'm not offended. Nor have I been watching too many re-runs of the X-files nor have little green men implanted a chip in me. Not that I know of, anyway.

Seriously, the events cited in in my original post occurred. And would be cause for great concern by anyone who experienced them.

Thanks for the constructive input, BITOGers.

Someone mentioned in an early response about using "consumer grade" equipment. Am I to assume replacing the TP Link router with an ASA or SSG would help? What about the cable modem? Is there a more "robust" replacement?

Currently, I am back to Windows Defender, MBAM 3.0, and Spyshelter anti-key logger.
Would adding Checkpoint or SonicWall to the above be overkill (with apologies to our knowledgeable friend from Ontario)?

And I have to profess I do not know how to "scan" a router for open ports. Don't torch me for that. I do know how to access and set the various settings on the router. And I did not hide the SSIDs nor try MAC filtering. I had been told that was worthless.

I use an iPad 4th gen a lot. The O/S is always up to date. However, there is no dedicated security software loaded onto it unlike the laptop. How do I know a key logger is not on this device?

Lastly, considering what I invested in the iPad, I ditched the Android "smartphone" for a basic flip phone. Too many apps wanting too much access to info not needed to run a particular app. Consider me anti-Android and anti-Google, though I am currently stuck with a gmail account. There's nothing to hide; I just became turned off to the constant tracking and data collection.

Thanks, again.
 
Last edited:
Interesting.

I had two runs at my wi-fi network.

Ports 21 through 8443.

All reflected "timed out" except two ports: 80 and 443.

80 was open and is the http web-server port.
443 was "closed" and is the https web server port.
 
Originally Posted By: dkryan
Interesting.

I had two runs at my wi-fi network.

Ports 21 through 8443.

All reflected "timed out" except two ports: 80 and 443.

80 was open and is the http web-server port.
443 was "closed" and is the https web server port.


I ran the same tests and all ports including 80 and 443 showed "Timed Out" on my PC behind a TPlink Archer C8 router. Are you running the tests on a PC or your ipad? If on a PC I'd check if there's a web server program (apache, etc) running in the background.
 
Last edited:
Originally Posted By: dkryan
Seriously, the events cited in in my original post occurred. And would be cause for great concern by anyone who experienced them.


It's a serious issue, no question about it, but what struck me as odd is that you used your work laptop after being compromised several times already. There is no way I would do that knowing that someone is actively targeting me.

Security starts with the individual and his/her habits. If what you're telling us is true, I would simply drop off the grid for a while and just use the work computer at work only. Cancel any social media accounts, etc.
Can you check your personal e-mails at work? If yes, I would check occasionally for weird activity.
 
Last edited:
Originally Posted By: dkryan


Someone mentioned in an early response about using "consumer grade" equipment. Am I to assume replacing the TP Link router with an ASA or SSG would help? What about the cable modem? Is there a more "robust" replacement?


It will help in terms of getting rid of the gaping security hole that a lot of consumer garbage can be. Which it sounds like, from your port scan results, is the case.

However, you need to be of sufficient skill to set them up, which might be a challenge. I would say a CheckPoint, or probably a SonicWall would be the best choice for you given their web interface is more "friendly" for somebody who doesn't know Cisco or Juniper.

Your cable modem, assuming it is just acting like a bridge/media converter (it doesn't do NAT or anything) should be fine.

Originally Posted By: dkryan
Currently, I am back to Windows Defender, MBAM 3.0, and Spyshelter anti-key logger.
Would adding Checkpoint or SonicWall to the above be overkill (with apologies to our knowledgeable friend from Ontario)?


No, they serve entirely different purposes. The hardware firewall is a network perimeter device, whilst what you have running on your PC only extends to your network card, not further. Also, I would ditch Defender and go to NOD32.
 
Originally Posted By: dkryan
Interesting.

I had two runs at my wi-fi network.

Ports 21 through 8443.

All reflected "timed out" except two ports: 80 and 443.

80 was open and is the http web-server port.
443 was "closed" and is the https web server port.


This means remote access to your router is enabled. That's bad. VERY bad. It should be disabled by default, which points to either you turning it on or somebody else doing so via a script, shell or some other vulnerability/exploit or through something like UPNP and it pointing to an internal server behind the router. All of these things are not good.

Another remote scan is ShieldsUP! Which I believe somebody else mentioned earlier in the thread.

Go here and run the UPNP test:

Gibson Research ShieldsUP!

Please post the results.
 
Also, if you purchase the above device, set it up from a clean computer that has not been part of this whole extravaganza. You can then, once the firewall is in place and secured, see what is trying to get out via the monitoring interface provided via this same computer.
 
It ain't cheap, but obviously necessary!

I do not need to add Total Security with this router?
 
Originally Posted By: Kibitoshin
Originally Posted By: dkryan
Interesting.

I had two runs at my wi-fi network.

Ports 21 through 8443.

All reflected "timed out" except two ports: 80 and 443.

80 was open and is the http web-server port.
443 was "closed" and is the https web server port.


I ran the same tests and all ports including 80 and 443 showed "Timed Out" on my PC behind a TPlink Archer C8 router. Are you running the tests on a PC or your ipad? If on a PC I'd check if there's a web server program (apache, etc) running in the background.


I used my iPad.
 
Originally Posted By: OVERKILL
This means remote access to your router is enabled. That's bad. VERY bad.

What if you do want to have remote access to your router?

BTW, even if I disable remote access to my router, ShieldsUp reports that port 443 is open. Not sure why.
 
a true software and hardware firewall is what you need. a software one that checks inbound and outbound traffic. simple as that. then get a GOOD router or even two.
your ipad can have malware installed on it.
you need to CLOSE the open ports. it's like a big billboard saying HEY COME ATTACK ME!!!
 
Status
Not open for further replies.
Back
Top