Attempted hack through Wireless?
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Attempted hack through Wireless?

Hybrid View

  1. #1
    Junior Member
    Join Date
    Apr 2007
    Posts
    3

    Attempted hack through Wireless?

    Hello,

    I was wondering if somebody on this forum could advise me here? I live in an apartment building with about 10 - 20 other wireless networks in addition to my own visible to my computer's wireless card at any time. I have my own router WEP encrypted and the admin for the wireless is also set up with a password so only I can access it.

    My question is: I have noticed at times strange login ID's saved in the login boxes for various web sites I need to login at: email accounts, ebay account, paypal, etc. They all look the same. Here's exactly what will happen:

    I will log in at Gmail with my login name, "otisisbald"

    a few days later, when logging in again, I notice as I type in "otisisbald" and that term autofills in the login box, I see another term also prefilling which will look like this: "otisbotisbotisbotisb...." It appears as if somehow the first portion of my login ID was typed into the login box repeatedly. If i select that, the password box will then have what appears to be a limitless amount of characters.

    I have a similar situation occur with logging into ebay on another of the ID's I use there.

    It occured to me that somehow there could be a remote attempt to log in to those accounts through my computer, although as I mentioned my wireless is secure, and I don't have a wireless keyboard so I'm not sure how my computer could have been accessed remotely. I am using an updated version of McAfee antivirus and regularly check for spyware on my computer.

    Advice would be much appreciated

  2. #2
    Junior Member
    Join Date
    May 2005
    Posts
    11
    First, the autofill terms are memorized by the browser, so if some strange term appears is because someone accidentally tapped it.

    Second, WEP is not secure, is better to use WPA. And the admin password can be cracked with bruteforce.
    -

  3. #3
    Junior Member
    Join Date
    Apr 2007
    Posts
    3
    Hey thanks very much for posting a response.

    So just to confirm, are you saying that the autofill terms in no way could be in there due to some bot on my computer or other remote attempt, through my computer, to log into those various accounts? I am fully sure that i did not type the terms, and this has happened to me on two different laptops I have owned while using this wireless router. Do you think this could be some browser issue where it somehow remembers a series of characters from the log in term?

    Again, thanks very much for your assistance.

  4. #4
    Junior Member
    Join Date
    May 2005
    Posts
    11
    Yes, I think that may be a browser issue, try to update your browser. And clear the autofill terms, just to see if they appear again.

    But it is also possible you have a bot/worm in your computers that is trying to use your browser to access your accounts, but if this happens you will see some strange process and network activity.
    -

  5. #5
    Senior Member Info Tech Geek's Avatar
    Join Date
    Jan 2003
    Location
    Vernon, CT
    Posts
    828
    Quote Originally Posted by hknetmaster
    First, the autofill terms are memorized by the browser, so if some strange term appears is because someone accidentally tapped it.

    Second, WEP is not secure, is better to use WPA. And the admin password can be cracked with bruteforce.
    I agree, local "autofill" would only be affected if someone one (AT) your computer or had (REMOTE) access to your computer. If they had access to you router, you would notice by the logs or by checking "connected computers".

  6. #6
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    Enable auditing on your workstations and keep an eye out for unauthorized login attempts. Be sure to password protect your user accounts. I also recommend that you change your passwords to passphrases. Use different passphrases for your computer login than your online accounts. Its also wise to use different passphrases for each online account. I know this can be a bit of a pain to remember all those passphrases, but I've managed to come up with a scheme that relates to the specific service or site.

    See the following link with more information on auditing security events.
    http://www.microsoft.com/resources/d....mspx?mfr=true

    See the following link with more information on passwords best practices.
    http://technet2.microsoft.com/Window....mspx?mfr=true

    As mentioned above, WEP is insecure and can be cracked in under 1 minute. http://www.schneier.com/blog/archive...ng_wep_in.html

    Switch to WPA and and enable MAC filtering.
    Last edited by phishphreek; April 17th, 2007 at 01:22 PM.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  7. #7
    Junior Member
    Join Date
    Apr 2007
    Posts
    3
    hknetmaster, do you know how I could try to detect the bot of the type you mentioned? I have run all major updated anti virus and spyware and my computer is clean according to them.

    Also, re: the bot. Is it possible for hte computer to become remotely controlled by a bot or other type automated program purely through the wireless? Assuming i did not actually download a virus, I'm not sure how this could be possible. It does occur to me that somebody could track my keystrokes through the wireless, and then on a remote computer attempt to log in to my accounts, but I can't see how a bot could actually try to access my accounts from the web browser on my computer via my wireless. That would mean that the bot is accessing my computer through a similar signal as the one that comes from my router with the internet, correct? I wasn't aware that was possible, but I'd be grateful if you could enlighten me as to how this works

    Thanks again you are very helpful

  8. #8
    Junior Member
    Join Date
    May 2005
    Posts
    11
    The best way to detect the bot is to enable auditing as phishphreek said. And see if there is some program(bot) trying to use the browser.
    As I said before WEP is not secure, and is possible that someone has access to your network and infected your computer with the bot and/or manipulate the data between your computer and the Internet.
    I don´t understand the last part. But I think the bot is a program in your computer that simulates a person interacting with the browser, with the objective of accessing accounts that have the password memorized in the browser.
    -

  9. #9
    IT Specialist Ghost_25inf's Avatar
    Join Date
    Sep 2001
    Location
    Michigan
    Posts
    648
    Spybot or AdAware are two of the most common spyware detectors. Use these to verify that all is good. What Antivirus are you using? Dont use easy to guess passwords for your Access Point and the Default password is worse. too many people use the default linksys Admin Admin and thats where they go wrong. Turn off file sharing and make sure your firewall is up and running. Turning off your PC at night is also a good idea. Saves you on the electric bill and keeps crackers out of your computer. On the wireless side remove the SSID so that it is undetected. There is a log you can use to see what computers are connected to the network. once you know what computers are connected get that persons MAC address and block him. there are also access restrictions times you can set on the wireless router so they cant connect after a certain time. There are alot of other things you can do but this information sould be enough to keep the basic war driver at bay or at least frustrated enough to move on.
    S25vd2xlZGdlIGlzIHBvd2VyIQ

  10. #10
    Member e><ius's Avatar
    Join Date
    Mar 2007
    Location
    So.Cal.
    Posts
    61
    WEP is 64-bit right? and WPA is 128-bit?

    what kinda system can crack a 64-bit key in under 1min?

    once a cracker gets the key, he can access the network. he has time to crack the admin pw for router to delete logs and change settings. but how can he dig out other connected computers' pws? i know he could see the computer names listed in the router, but where will he obtain win usernames and bruteforce pw? usually when you try to connect to a comp via \\computername it just says" not authorized," w/o a username and pw prompt.

Similar Threads

  1. Secure your wireless network
    By DeadAddict in forum The Security Tutorials Forum
    Replies: 10
    Last Post: July 21st, 2008, 01:16 AM
  2. Tips
    By XTC46 in forum Site Feedback/Questions/Suggestions
    Replies: 15
    Last Post: August 24th, 2005, 08:52 PM
  3. Installing wireless nic in linux with ndiswrapper ...
    By Shrekkie in forum Other Tutorials Forum
    Replies: 1
    Last Post: September 2nd, 2004, 10:11 AM
  4. Wireless 101
    By mmelby in forum The Security Tutorials Forum
    Replies: 1
    Last Post: October 23rd, 2002, 03:31 PM
  5. hehe...for those who hate AO newbies...
    By zigar in forum AntiOnline's General Chit Chat
    Replies: 10
    Last Post: February 22nd, 2002, 02:24 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •