Illegal IP Address tracing
Results 1 to 9 of 9

Thread: Illegal IP Address tracing

  1. #1
    Junior Member
    Join Date
    Apr 2004
    Posts
    13

    Question Illegal IP Address tracing

    Hi, ive just got a question...coz im not sure how it happened. Im the network administrator of an internet shop. The shop has 10 computers linked together (cable connection) and they get their internet connection through a DSL router. Im using a LINKSYS router, and as far as i am aware, there havent been any recent vulnerabilities discovered with that type of router have there? Ive heard of the CISCO vulnerabilities, but none yet from LINKSYS so far. The problem was, all of a sudden, ive lost my access to my router! The password (which i foolishly forgot to change from its default :admin was changed and now i have no access to it at all. The internet connection is still ok, but the router config is inaccessible. I have already discovered how to regain control of it, i just want some expert advice from others here on how it possibly happened. Is this a typical hacking attempt? What ways can be employed to trace the IP of a host computer (coz whoever hacked into my router config and changed the password had to know my IP address) ? Thanks in advance for any advice!

  2. #2
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    If you have your router logs, and the attacker didn't change or delete them then you have the IP of the attacker.
    But, whom ever changed your password (linksys), could also have been internal. It didn't have to be from the outside.
    The largest vulnerabilities in any router and/or system is the admin of the system. Especially if they leave the default password (linksys) set on a Linksys router. Any scriptkiddie that happens along, either external or internal, could own your system without even hardly trying.
    I wouldn't worry about attempting to find out who got you.....you got yourself. I suggest setting a decent password on your admin account and then one by one go through all of your 10 computers and check them to see which ones are owned and or infected with trojans, backdoors and virus.
    And set up secure systems while your at it. That will keep you busy for the next couple of months.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    In answer to your question about whether this is typical "hacking".................no it isn't it is more like someone fooling around and playing a trick on you. A true hacker would have left the router password alone so as not to alert you to your vulnerability?

    It sounds as if your ISP has given you a static IP address/block. If this is the case, it would be wise to ask them to change it for you.

    The "textbook" answer would be that you should format all your machines and reinstall your software, as you never know what may have been put on your machines whilst you were owned.

    Cheers

  4. #4
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    The password (which i foolishly forgot to change from its default :admin was changed and now i have no access to it at all.
    Network Administrator? You left your routers password set as default. It was just a matter of time before someone did this.

    just want some expert advice from others here on how it possibly happened
    Someone opened a browser typed http://192.168.x.y

    user = admin
    password = linksys

    Has full Administrator access to your router because the admin left as default.

  5. #5
    Junior Member
    Join Date
    Apr 2004
    Posts
    13

    Smile Thanks!

    Thanks to all of your advice...just this morning, i reset the router config settings and changed the password. I've also already pinpointed who is the most probable culprit behind the attack...it was one of my customers who decided to play a joke on us. Either way, we're not taking any chances, the person is now under tight watch the moment he steps inside here. We dont want t take the chances of it happening again. Anyway, thanks for your advice everyone! To be honest, i was quite surprised, since im a newbie here, i didnt really expect that quick a reply. You can imagine my surprise when i saw such lengthy replies to my post... Thanks again!

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Thanks for letting us know what happened, so many people just leave us wondering....

    .it was one of my customers who decided to play a joke on us
    Hey, I almost got one right for a change


    Actually, you owe him/her a beer..............they did you a favour..............it could have been malicious, and you were wide open to an attack?

    Cheers

  7. #7
    Junior Member
    Join Date
    Apr 2004
    Posts
    13

    Talking Cheers! :)

    Har har, nice idea nihil... i should do that. you do have a point, at least i was forewarned by a non-malicious attack before it became serious. Thanks for the info!

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    ct04: I would suggest that you set up some kind of sniffer/logger on the local network. In an environment as public as yours you have no idea who is coming in and what they are doing.... I guess you already experienced that....

    The problem is that without documenting what occurs on these machines and what people are doing when they do something bad you need logs to look through to see what was done or you may have no choice but to reformat themm all and start again. The logs need to be secure too. If you can afford another machine, (it can be an old POS 'cos it isn't doing much with only 10 PC's), then you can set up a nice little sniffer/logging system that can document your network quite well, easily and securely. A big HD is essential but they aren't that expensive today... The cost of the drive is easily paid off the first time you need to find out what or who messed with your systems.

    Oh.... and as an afterthought.... Trust _no-one_.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    Junior Member
    Join Date
    Apr 2004
    Posts
    13

    Post Nice idea...

    Nice idea Tiger Shark, thanks for the info. I might consider having the network sniffed constantly so i know if anyone is trying to look for vulnerabilities or the like. Nice idea by the way.. Oh and "trust no one"? You're right, I just learned the hard way. Thanks again!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •