Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Software router intrusion


  • Please log in to reply
3 replies to this topic

#1 thomast1777

thomast1777

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 19 October 2012 - 06:19 PM

I recently found an outside device connected to Connectify (software router) that I installed a while back in an attempt to improve my WIFI calling. Essentially, I was trying to use it as an access point for my router.

Once I found the device, I ran AVG and nothing was detected. I installed Malwarebytes and it found 60 issues, most of these were registry edits.

It concerned me enough that I formatted my drive and re-installed Windows.

My main concern is that anything performed on this outside device that was listed in Connectify would be seen by my work's VPN.

Is this possible?

BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 PM

Posted 20 October 2012 - 05:11 AM

Can you provide more info?

What WiFi encryption did you use in Connectify? Or was it open?

Did you have a VPN connection when Connectify was running?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 thomast1777

thomast1777
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 20 October 2012 - 09:25 AM

Sorry for the confusion.

For more clarification:
I do not have phone reception in my apartment so I use Wifi calling to call the clients when I am working from home. I was having a lot of dropped calls on Wifi so I set up my computer with a software router in hopes that it would decrease the amount of dropped calls since my router is on the other side of the apartment. The software router didnt make much of an improvement, if any, so I rarely used it.


I now have a good password on my HW router but the password on my software router was weak. I have no idea what encryption was used. The password was my dog's name and I assume that is how they figured it out. I meant to uninstall the thing but I kept forgetting about it.


It looks like one of my neighbors found out my software router's password and was using the connection. I don't know how long this has been going on.

I know for a fact that Connectify was running in one instance while I was connected to the VPN.

Since the software router is on the laptop I connect to my work's VPN, I am wondering if anything done on my neighbor's computer can be seen on my work's VPN?

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 PM

Posted 21 October 2012 - 06:49 AM

Well, then it depends if your work VPN uses split tunneling or not. If it does, then the requests of the rogue machine would not have been send to the corporate network.

But something worse could have happened than your neighbor surfing via your work VPN.
The user of the rogue machine could also have figured out that it was connected to a VPN, and started to explore your corporate network.
But again, it depends on different factors. For example, if Connectify uses NAT to provide network access to clients, then it's likely that clients can use your VPN connection.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users