My m0n0wall was hacked

I have a home network and am currently using m0n0wall for the firewall.
We have VPN enabled. The firewall has been broken into by a hacker
known to us as Neo. He leaves messages taunting us on the status page
of the m0n0wall web-based configuration site. Once on our network, Neo
opens up the microphone on my laptop and eavesdrops. This same hacker
used to break into our Linksys router when we had one. He evenutally
"bricked" the Linksys router. He's been with us on and off for two
years. I need help. I feel like I've tried everything. You can hear my
whole story at talkshoe.com. It's Hacker in the House in the Technology
section. If anyone is an expert I would appreciate an email, or better,
a call into the show to discuss what we can do to find out how Neo
breaks in and how to stop him. Also, I have posted some sniffer data of
one of Neo's attacks in my group here in Google Groups beta "Hacker in
the House".

Re: My m0n0wall was hacked

Sitting Duck wrote:
> I have a home network and am currently using m0n0wall for the firewall.
> We have VPN enabled.

That VPN thing tells me that you don't know how VPN works. VPN is only
valid when there are two valid VPN endpoints. A device such as a router
that has VPN enabled or VPN server software running on a computer is one
valid VPN endpoint.

The other valid endpoint would be with another router that has VPN
enabled or software running on a client machine running VPN client
software, which should match the server VPN software, like AT&T's
Extranet as an example, that's the kind of VPN software I have used.
That's hardware to hardware VPN or server software to client software
VPN solutions.

You having VPN enabled really means nothing in your case as none of your
clients are using VPN. The VPN protocol rides on the TCP/IP protocol and
encrypts the data between two valid VPN endpoints, so that the data
cannot be eavesdropped on, just like a Web server and a browser running
on a client machine are using HTTPS in a secure browser session with a site.

VPN does not ensure that a network is unhackable.

> The firewall has been broken into by a hacker
> known to us as Neo. He leaves messages taunting us on the status page
> of the m0n0wall web-based configuration site. Once on our network, Neo
> opens up the microphone on my laptop and eavesdrops. This same hacker
> used to break into our Linksys router when we had one. He evenutally
> "bricked" the Linksys router. He's been with us on and off for two
> years. I need help. I feel like I've tried everything. You can hear my
> whole story at talkshoe.com. It's Hacker in the House in the Technology
> section. If anyone is an expert I would appreciate an email, or better,
> a call into the show to discuss what we can do to find out how Neo
> breaks in and how to stop him. Also, I have posted some sniffer data of
> one of Neo's attacks in my group here in Google Groups beta "Hacker in
> the House".
>

I went to your site. To be honest, I don't think the hacker came past
the Linksys or m0n0wall. Since you have a Web server exposed to the
Internet, it's most likely not secured and the Web applications running
on the Web server are not secure applications that are facing the Internet.

I think that's where the hacker is coming in on is the Web server. And
to be very frank about it, if you're the one who has setup the Web
server and your network, then you don't know about the security issues
of protecting a machine running a Web Server and the Web applications
running on the server to face the Internet, nor the network, and apply
the solutions.

One thing you can do is secure the Web server, the O/S, File system,
etc, etc and the Web applications to face the Internet and put the
machine into the DMZ facing the Internet, the unprotected zone. You put
your LAN where your laptop is at into a protected zone.

You ever hear of a Honey Pot?

Long

http://www.google.com/search?hl=en&lr=&q=what%27s+a+honey+po t+on+a+network&btnG=Search

Short

http://tinyurl.com/y7ctym

Duane :)

Re: My m0n0wall was hacked

Also, I would assume the laptop is running a Windows NT based O/S like
Win 2K or XP.

Obviously, the hacker has some kind of backdoor software installed on it
that's giving the hacker control of the machine. I suggest you wipe out
the laptop.

Long

http://www.windowsecurity.com/articles/Hidden_Backdoors_Troj an_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html

Short
http://tinyurl.com/klw1

You should secure the NT base O/S as much as possible, in your case.

http://labmice.techtarget.com/articles/winxpsecuritychecklis t.htm

Duane :)

Re: My m0n0wall was hacked

Sitting Duck wrote:
> I have a home network and am currently using m0n0wall for the firewall.
> We have VPN enabled. The firewall has been broken into by a hacker
> known to us as Neo.

Seems to be a Matrix-Fan ;-)

Well, maybe your firewall has been "broken". More likely there was a
Windoze box behind it, which was openend through malware, for example.

Because your net is compromized now, you have to rebuild everything.
Unfortunately.

Yours,
VB.
--
"Life was simple before World War II. After that, we had systems."
Grace Hopper

Re: My m0n0wall was hacked

Duane, if you must spoof your mail address in the first place, could you
please stick with one address so I don't have to adjust my killfile
every once in a while? Thank you.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: My m0n0wall was hacked

Ansgar -59cobalt- Wiechers wrote:
> Duane, if you must spoof your mail address in the first place, could you
> please stick with one address so I don't have to adjust my killfile
> every once in a while? Thank you.
>
> cu
> 59cobalt
Bastard, I am not twisting your arm to read a damn thing. What you can
do is kiss my Black ass about it.

Re: My m0n0wall was hacked

Mr. Arnold1 wrote:
> Ansgar -59cobalt- Wiechers wrote:
>> Duane, if you must spoof your mail address in the first place, could
>> you please stick with one address so I don't have to adjust my
>> killfile every once in a while? Thank you.
>
> Bastard, I am not twisting your arm to read a damn thing.

Actually you are, by trying to crawl back out of my killfile.

*re-plonk*

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: My m0n0wall was hacked

Ansgar -59cobalt- Wiechers wrote:
> Mr. Arnold1 wrote:
>
>>Ansgar -59cobalt- Wiechers wrote:
>>
>>>Duane, if you must spoof your mail address in the first place, could
>>>you please stick with one address so I don't have to adjust my
>>>killfile every once in a while? Thank you.
>>
>>Bastard, I am not twisting your arm to read a damn thing.
>
>
> Actually you are, by trying to crawl back out of my killfile.
>
> *re-plonk*
>

Stop whining you pussy and shut the Hell up about it. It's free world
and no one is dancing to your tune, partner. I don't even know who you
think you are. But you're no one as far as I am concerned. I don't read
your posts in the first place, so I have no need to KF you. The only
thing you can do for me is clean the sh*t off of my shoes and spit shine
them with your tongue, partner.

Re: My m0n0wall was hacked

Hey, I am giving you the opportunity for another pussy-plonk-and-run
response. ;-)

Re: My m0n0wall was hacked

Mr. Arnold3 wrote:
> Hey, I am giving you the opportunity for another pussy-plonk-and-run
> response. ;-)

Duane,

it's sad enough that you're refusing to avoid doubling SPAM traffic to
the SPAM victims, because you're insisting in (ab)using fake addresses.

Maybe it would be a good idea for you not to provoke with such
misbehaviour to keep reputation as a partner in discussion.

Yours,
VB.
--
"Life was simple before World War II. After that, we had systems."
Grace Hopper

Re: My m0n0wall was hacked

Ansgar -59cobalt- Wiechers wrote:
> Mr. Arnold1 wrote:
>
>>Ansgar -59cobalt- Wiechers wrote:
>>
>>>Duane, if you must spoof your mail address in the first place, could
>>>you please stick with one address so I don't have to adjust my
>>>killfile every once in a while? Thank you.
>>
>>Bastard, I am not twisting your arm to read a damn thing.
>
>
> Actually you are, by trying to crawl back out of my killfile.
>
> *re-plonk*
>



Stop whining you pussy and shut the Hell up about it. It's a free world
and no one is dancing to your tune, partner. I don't even know who you
think you are. But you're no one as far as I am concerned. I don't read
your posts in the first place, so I have no need to KF you. The only
thing you can do for me is clean the sh*t off of my shoes and spit shine
them with your tongue, partner.