April 24th, 2004, 11:57 AM
Illegal IP Address tracing
Hi, ive just got a question...coz im not sure how it happened. Im the network administrator of an internet shop. The shop has 10 computers linked together (cable connection) and they get their internet connection through a DSL router. Im using a LINKSYS router, and as far as i am aware, there havent been any recent vulnerabilities discovered with that type of router have there? Ive heard of the CISCO vulnerabilities, but none yet from LINKSYS so far. The problem was, all of a sudden, ive lost my access to my router! The password (which i foolishly forgot to change from its default :admin was changed and now i have no access to it at all. The internet connection is still ok, but the router config is inaccessible. I have already discovered how to regain control of it, i just want some expert advice from others here on how it possibly happened. Is this a typical hacking attempt? What ways can be employed to trace the IP of a host computer (coz whoever hacked into my router config and changed the password had to know my IP address) ? Thanks in advance for any advice!
April 24th, 2004, 12:18 PM
If you have your router logs, and the attacker didn't change or delete them then you have the IP of the attacker.
But, whom ever changed your password (linksys), could also have been internal. It didn't have to be from the outside.
The largest vulnerabilities in any router and/or system is the admin of the system. Especially if they leave the default password (linksys) set on a Linksys router. Any scriptkiddie that happens along, either external or internal, could own your system without even hardly trying.
I wouldn't worry about attempting to find out who got you.....you got yourself. I suggest setting a decent password on your admin account and then one by one go through all of your 10 computers and check them to see which ones are owned and or infected with trojans, backdoors and virus.
And set up secure systems while your at it. That will keep you busy for the next couple of months.
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
April 24th, 2004, 12:45 PM
In answer to your question about whether this is typical "hacking".................no it isn't it is more like someone fooling around and playing a trick on you. A true hacker would have left the router password alone so as not to alert you to your vulnerability?
It sounds as if your ISP has given you a static IP address/block. If this is the case, it would be wise to ask them to change it for you.
The "textbook" answer would be that you should format all your machines and reinstall your software, as you never know what may have been put on your machines whilst you were owned.
April 24th, 2004, 01:18 PM
Network Administrator? You left your routers password set as default. It was just a matter of time before someone did this.
The password (which i foolishly forgot to change from its default :admin was changed and now i have no access to it at all.
Someone opened a browser typed http://192.168.x.y
just want some expert advice from others here on how it possibly happened
user = admin
password = linksys
Has full Administrator access to your router because the admin left as default.
April 25th, 2004, 09:06 AM
April 25th, 2004, 10:02 AM
Thanks for letting us know what happened, so many people just leave us wondering....
Hey, I almost got one right for a change
.it was one of my customers who decided to play a joke on us
Actually, you owe him/her a beer..............they did you a favour..............it could have been malicious, and you were wide open to an attack?
April 25th, 2004, 11:48 AM
April 25th, 2004, 08:50 PM
ct04: I would suggest that you set up some kind of sniffer/logger on the local network. In an environment as public as yours you have no idea who is coming in and what they are doing.... I guess you already experienced that....
The problem is that without documenting what occurs on these machines and what people are doing when they do something bad you need logs to look through to see what was done or you may have no choice but to reformat themm all and start again. The logs need to be secure too. If you can afford another machine, (it can be an old POS 'cos it isn't doing much with only 10 PC's), then you can set up a nice little sniffer/logging system that can document your network quite well, easily and securely. A big HD is essential but they aren't that expensive today... The cost of the drive is easily paid off the first time you need to find out what or who messed with your systems.
Oh.... and as an afterthought.... Trust _no-one_.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
April 26th, 2004, 05:12 AM