Jump to content
Posted 31 January 2014 - 12:42 AM
Posted 31 January 2014 - 12:47 AM
Well, if they are scanning your system they have already made it past your modem/router. If thats the case you need to disable the management interface so it doesnt allow remote connections to the management page.
Also, they would be scanning for any update vulnerabilities you havnt patched. really, the list is so big it cannot be written in one page lol.
GRC Shields up will scan your modem/router for any open conenctions (Internet facing), thats always a good start.
Posted 31 January 2014 - 10:41 PM
Think of your computer as the following: Your office, your car, your home, your apartment, your garage, your gym locker, etc.. Now when a person is looking for a vulnerabilities, they are trying to gain access into what is yours, which is not their's.
Black hats are those that go and try to gain access into systems, to prove that there are problems in the software, so that the Software Engineers can fix those problems. Basically they are reverse engineering the OS or hardware, to find back doors, or open gateways, that the programmer forget that was there, or they accidentally created when writing the software.
When you see software with millions or billions of lines of code, that are written by multiple people, it is easy to leave cookie crumbs along the way Just like Hansel & Gretel left in the woods. Now back in the days of writing code in Machine Language, not C++, etc, it was a lot harder to find ways to access into the OS or other software programs, or even hardware.
So again, think of finding a way into a piece of hardware or software, is just like a thief trying to gain access to your property.
Posted 01 February 2014 - 02:55 AM
Posted 01 February 2014 - 04:53 PM
They are looking for any way in. Updates usually fix stuff, but in turn can break something else. Think of an update like putting in a new door lockset, like the Schlage Securekey deadbolt. For example, that lock can be broken into either by bumping, or using a screwdriver to force it open. Now say you put in a Commercial lock set, that has been made, to not be bumped, or a screwdriver used to break the pins, to force it open.
Even better, say you went to the local hardware store, and purchased the lock set off the shelf, thinking that all keys in the other packages are going to be different then your lock set that you just bought. Come to find out that your neighbor went and purchased the same brand and style that you did a couple weeks or months before they bought their lock.
They come over and without having your key to unlock your deadbolt, they find out the key that came with their new lock set, unlocks your lock without a problem
What I just described, is how they are looking for vulnerabilities through software, updates, hardware like routers. The only thing you are doing, is keeping the honest people out. The dishonest will still find a way in.
Posted 03 February 2014 - 02:49 AM
Posted 03 February 2014 - 08:20 AM
Captain Kirk, been busy the past couple of days, straightening things out on my network. Found out I had a A/P going bad, and had to spend yesterday moving stuff around due to that. It all started of course at 2 am Sunday morning, when I started to finally diagnose my problem.
Networking makes or breaks you, when you are trying to get stuff to play nice, along with also making sure everything is secured. Going back on topic now. If you were to scan my router, you would find ports showing "Open", but in reality they actually are not. I have found that the TL-R600VPN, does not Stealth ports as it should.
Posted 03 February 2014 - 08:21 AM
Greg62702 hello there"vulnerabilities through software, updates, hardware"that's good to know.what things can i do to prevent them from getting in?--cAptain KIrkUNknown mYSTeRies
Keep ports closed, if you do not need them open. That means not using UPnP if you can get by not having to. You & I have pretty much covered all of the basics and then some.
Posted 03 February 2014 - 09:03 PM
Some times even closing a port wont stop someone gettign through your modem./router (Ecspecially when using a spoof technique and also creating your own SYNC number sequence) and this also includes guessing the LAN IP of the internal network.
Anyway with out going into too much detail, it basically tells your modem that a packet (TCP) has requested the negotiate (Handshake) packet and needs access, some of the older modem/routers allow this but most of the new ones wont be folled by this as they store the connection table (Whos calling the out side world) and also (Who is meant to receieve the packet).
Once again, you could go on & on about how people try/access your network/computer but everyone comes up with their own way and this site wont help you achieve what i sus[ect you might be asking for!.
If you aitn running any open ports which direct to a service running on a host then about the only thing you need to worry abotu is drive by downloads or .exe files. Anyone wgho runs a web server will tell you about the chinese ISP ranges that constantly run scripts against a target, i mean i literally get hundreds a day.
Posted 03 February 2014 - 10:10 PM
Edited by Greg62702, 03 February 2014 - 10:13 PM.
Posted 03 February 2014 - 11:06 PM
The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)
A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)
"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)
Posted 04 February 2014 - 12:44 AM
Posted 04 February 2014 - 08:41 AM
Yeah. I had a Netgear WN802T-200, that was dying, and would loose connection to the devices that were using it. But also in turn, it was packet flooding my network, causing devices to disconnect from the other Access Point I had in my home (Trendnet TEW-690ap).
It is easier to use a A/P in setups like mine. If I do not want the kid using the wifi, I can take it with me, since it is no bigger then my cellphone, or the power cord. I also found that with the Trendnet A/P's, that you can not place a dash in the name. It makes it appear as a hidden SSID, even though SSID broadcast is turned on.
As for summarizing, I think that we can pretty much state that the first part is making sure the person setting up the devices, knows what they are doing, and knows how to use a good strong password. The second is to not really worry much about what is in the logs, since those of us that have been around this stuff for a long time, know that there is a a lot of non-essential items to not worry about in those logs.
When I am gong through the logs, I am usually looking for hardware failures, or as in my case, packet flooding from failing devices, causing the router to cause the other A/P's to trip offline and cycle back to looking for clients.
Posted 05 February 2014 - 02:51 AM
0 members, 0 guests, 0 anonymous users