ok, everyone make fun of me now
Results 1 to 9 of 9

Thread: ok, everyone make fun of me now

  1. #1
    Banned
    Join Date
    Jul 2004
    Posts
    297

    Talking ok, everyone make fun of me now

    My home network is small, about 6 or 7 people use it, we all split the cost. I started noticing strange lag on my pc. It was interfering with my mmo, so naturally it was a priority issue. Picture alarms, flashing lights, and screaming coming from a loud speaker. I first check my pc's firewall log for any thing weird, and low and behold, there is. Im getting dropped connections from an ip on my network that has no reason to connect to my pc. So I check the connected devices list and nothing too unusual, all the regulars and the new guy. hmmm.
    Now i did mention this issue has top priority right? I decide to block the port from connecting to my pc at the router thats generating the traffic. This should solve the issue, but no, port scanns start, same ip, but the subnet has changed. Now Im thinking the new guy on the network is up to something shifty. Now I have to make some changes on my pc to capture traffic in promiscious mode since im conneting via wireless. Im just about ready to bridge my 1394 connection with my wireless connection so ethereal can grab traffic (i dont know why this works), before I do I want to check the routers connected devices list to make sure of the mac addresses im going to filter.
    Newguy's ip address isnt the one generating traffic, its the @#$@#$!!! new network printer.
    I had to laugh at my self. You can laugh at me too if you want, the $%$% funny.

  2. #2
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    So...bridging your 1394 connection with your wireless on will let Ethereal capture wireless traffic...... 802.11 traffic???
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  3. #3
    Banned
    Join Date
    Jul 2004
    Posts
    297
    nope, it doesnt capture traffic of a network im not connected to already, just the stuff thats on my network. It does allow ethereal to capture promiscus(how ever its spelled) over my wireless connection though, which without the bridging it will not.

  4. #4
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    I don't follow you buddy - it captures in promiscuous mode...but only on your network?
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  5. #5
    Banned
    Join Date
    Jul 2004
    Posts
    297
    yes. a lot of 802.11 cards do not support promiscuous capture, or etereal does not support a lot of network cards, how ever you want to look at it. To be honest Im not sure why it works. but after I bridge the two, when i open ethereal I can select the mac miniport adapter to capture from. This captures traffic from all devices on the network. I wasnt meaning promiscuous, as in kismet promiscuous.

    The bridge can be used with other software as well, instead of having a cable run to my station, all I have to do is make the bridge and reboot. I know its a cheap and unprofessonal way to capture traffic, but hey, its my home network. I prefer this over using cain or ettercap since there is not a man in the middle needed to see what going through the wire.

    And I still say its weird that my printer port scanned me.

  6. #6
    Junior Member
    Join Date
    Sep 2002
    Posts
    22

    Talking

    Cant laugh at you but will laugh with you had something sim happen to be while running a small network

  7. #7
    Member
    Join Date
    Jun 2004
    Posts
    37
    "Back in the day"(tm)

    I used to do initial forensics and network security for some 'interesting' networks. One time I got a call from a network admin telling me they had a cracked machine but they couldn't figure out the attack, apparently, the attack was from an insider, and they were still trying to track down who the IP belonged to.

    I flew to the site, started my investigation (after much remote investigation to make sure I wasn't flying for stupidity), and to make a long story short, we found out that an external machine had popped a network printer and then had used the network printer to pop other machines.

    Moral: Just because it's a printer, don't disregard it. It has an OS, Harddrive, and network capabilities too.

  8. #8
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    And I still say its weird that my printer port scanned me.
    It is weird. I wouldn't disregard it, especially with an active person you don't know on the network. Granted it's wireless so that's going to happen. I would restore that printer to factory default then turn off SNMP, change the password etc. Since this guy or gal was connected its possible there are some modifications to your pcs, devices and those of the others you allow on the network. And anyone of them could have comprimised your security key.

    The reason bridging works is because you wireless card isn't communicating with other cards. It's communicating with the router, or access point. You will only see packets destined to your mac address associated with your IP and your wireless device. This keep the overhead on the wirless channel low. When you bridge a device you are essentially saying everything coming through here goes to every thing on this network.

    Even then depending on software support every packer may or may not get captured.

    //EDIT oh and the printer may have just been responding to normal network enquiries too. When you say scan you mean multiple ports? Windows will poll printers for status and they will respond.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  9. #9
    Member
    Join Date
    Sep 2005
    Posts
    77
    Supporting what KCORE and ROADCLOSED Said:


    Just because it's a printer, don't disregard it. It has an OS, Harddrive, and network capabilities too.
    I wouldn't disregard it, especially with an active person you don't know on the network.
    Check out Irongeeks presentation at Notacon2006 on hacking network printers HERE
    %42%75%75%75%75%72%70%21%00

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •