wireless router hacked - "machine name" ...?

wireless router hacked - "machine name" ...?

am 03.05.2007 03:08:29 von Danny Boy

Hi, a while back, someone hacked into my 2wire wireless router, switched
wireless back on, used it for few weeks and departed. The only trace they
left behind is "machine name" (282XH41D3 ) .

which I'm not sure means anything. I've since re-booted the device and
installed a more complex password, so no problem so far.

Can a person be traced by this "machine name" or is that something that can
be spoofed as well?

thanks for any input ...

Daniel.

Re: wireless router hacked - "machine name" ...?

am 03.05.2007 03:19:35 von MR. Arnold

"Danny Boy" wrote in message
news:hCa_h.141$Vi6.138@edtnps82...
>
> Can a person be traced by this "machine name" or is that something that
> can
> be spoofed as well?
>

Where are you going to trace the name to? You can't do it. You can only
trace the name of the machine when it's connected to the LAN.

For a novice wireless hacker, the link might stop them. For anyone with some
expertise, you can't stop them.

http://compnetworking.about.com/od/wirelesssecurity/tp/wifis ecurity.htm

Re: wireless router hacked - "machine name" ...?

am 03.05.2007 03:21:18 von Gerald Vogt

Danny Boy wrote:
> Hi, a while back, someone hacked into my 2wire wireless router, switched

How did they hack into the router?

> wireless back on, used it for few weeks and departed. The only trace they
> left behind is "machine name" (282XH41D3 ) .

Where exactly did you find this machine name?

> which I'm not sure means anything. I've since re-booted the device and
> installed a more complex password, so no problem so far.

If someone hacked into the router they may have replaced the firmware on
the router to keep a back door open. Simply replacing the password may
not help at all. You should download the latest firmware for your
router, reset the router completely, upgrade the router with this new
firmware, then reset once more and reconfigure the router. If the
firmware upgrade was successful it should have removed anything the
hackers might have left behind. Although you cannot be 100% sure unless
you sent the router to support and have the router properly reflashed.

> Can a person be traced by this "machine name" or is that something that can
> be spoofed as well?

Generally, you can assign any name you like to a computer thus it won't
help you to trace someone.

Gerald

Re: wireless router hacked - "machine name" ...?

am 03.05.2007 10:15:58 von Danny Boy

> > Hi, a while back, someone hacked into my 2wire wireless router, switched
>
> How did they hack into the router?

my guess is during an electical outage, the router went offline and reset to
defaults; anyone can find generic default passwords on the internet and log
in. i've logged into a neighbor's wireless myself that way.

> Where exactly did you find this machine name?

the machine name was in the router at the time they were connected, and now
it remains as an option in one of the routers drop-down menu's for "allow
users thru the firewall to hosted applications". (ie, on the drop-down menu
is my IP - 192.168.1.64 and this other "machine name"...)



one other question ... I often test my inbound protection status with Steve
Gibson's (www.grc.com) "Shields Up" utility. In past years, I always
maintained "stealth" status on all ports, but now, due to some combo of
OS/firewalls/routers, my common ports are not "stealth" but "closed".

one of the options in the management console of this 2wire (wireless)
router/modem is a checkbox that enables "steath mode" ... which, when tested
against Sheilds Up, now reports all ports stealthed. However, my FTP is now
burdenend with an extra wait-time for the hand-shake and SMTP often fails
downright. no explanation given in any of their online documentation.

any comments appreciated...


Dan

Re: wireless router hacked - "machine name" ...?

am 03.05.2007 13:37:45 von Gerald Vogt

Danny Boy wrote:
>>> Hi, a while back, someone hacked into my 2wire wireless router, switched
>> How did they hack into the router?
>
> my guess is during an electical outage, the router went offline and reset to
> defaults; anyone can find generic default passwords on the internet and log
> in. i've logged into a neighbor's wireless myself that way.

That's why you always should check your equipment after events like
power outages or thunderstorms...

>> Where exactly did you find this machine name?
>
> the machine name was in the router at the time they were connected, and now
> it remains as an option in one of the routers drop-down menu's for "allow
> users thru the firewall to hosted applications". (ie, on the drop-down menu
> is my IP - 192.168.1.64 and this other "machine name"...)

That name is user defined. Unless you accidentally find the name
somewhere there is little you can do. You could leave the router running
as before and wait until they connect again. If they connect through
wireless you may be able to locate them...

> one other question ... I often test my inbound protection status with Steve
> Gibson's (www.grc.com) "Shields Up" utility. In past years, I always
> maintained "stealth" status on all ports, but now, due to some combo of
> OS/firewalls/routers, my common ports are not "stealth" but "closed".

"Stealth" is one of the most useless things in the internet world.
"Stealth" does not exist. A computer/router that does not answer is not
an "invisible" computer but simply a computer that does not answer. It
is almost like you would be standing in the middle of the street and
would not answer to anyone who talks to you: you are not stealthed but
very visibly there. You are just not answering.

Really stealth would be if everything was as if you were actually not
there. A computer that is not there, i.e. an IP address which is unused,
would have the upstream router return an error to an sender. If the
upstream router returns this error, it looks as if you are not there.
Then you would be really stealthed.

But all that "stealthing" which software firewalls and some routers do
is not worth the money. It may actually increase the incoming traffic to
your router/computer as any accidental sender to your IP address will
usually retry the connections several times if the answer times out. If
however the sender gets the "port closed" immediately as reply there
won't be retransmissions.

The important thing is that all your ports are closed. If everything is
closed you are secured.

Gerald

Re: wireless router hacked - "machine name" ...?

am 03.05.2007 14:49:07 von Robert Nichols

In article <2Tg_h.180$Vi6.91@edtnps82>, Danny Boy wrote:
:
:one of the options in the management console of this 2wire (wireless)
:router/modem is a checkbox that enables "steath mode" ... which, when tested
:against Sheilds Up, now reports all ports stealthed. However, my FTP is now
:burdenend with an extra wait-time for the hand-shake and SMTP often fails
:downright. no explanation given in any of their online documentation.
:
:any comments appreciated...

If you have port 113 in stealth mode, servers that send an ident probe
during connection setup will wait for a timeout before proceeding.

--
Bob Nichols AT comcast.net I am "RNichols42"

Re: wireless router hacked - "machine name" ...?

am 03.05.2007 18:44:00 von suraku

On May 3, 3:15 am, "Danny Boy" wrote:
> > > Hi, a while back, someone hacked into my 2wire wireless router, switched
>
> > How did they hack into the router?
>
> my guess is during an electical outage, the router went offline and reset to
> defaults; anyone can find generic default passwords on the internet and log
> in. i've logged into a neighbor's wireless myself that way.
>
> > Where exactly did you find this machine name?
>
> the machine name was in the router at the time they were connected, and now
> it remains as an option in one of the routers drop-down menu's for "allow
> users thru the firewall to hosted applications". (ie, on the drop-down menu
> is my IP - 192.168.1.64 and this other "machine name"...)
>
> one other question ... I often test my inbound protection status with Steve
> Gibson's (www.grc.com) "Shields Up" utility. In past years, I always
> maintained "stealth" status on all ports, but now, due to some combo of
> OS/firewalls/routers, my common ports are not "stealth" but "closed".
>
> one of the options in the management console of this 2wire (wireless)
> router/modem is a checkbox that enables "steath mode" ... which, when tested
> against Sheilds Up, now reports all ports stealthed. However, my FTP is now
> burdenend with an extra wait-time for the hand-shake and SMTP often fails
> downright. no explanation given in any of their online documentation.
>
> any comments appreciated...
>
> Dan

generally you should have some higher level security on your router
such as wpa2, added mac address filtering, things like that even
though we all know that they can be cracked/spoofed etc. but most
hackers tend to look for easy targets and there are alot of people out
there running the old linksys ssid with default passwords so why spend
the time to break in to your system, well unless they are purposefully
wanting to attack your router specifically they won't easy targets my
friend easy targets. Next if you got your 2wire router from the the
pathetic isp of your choice they typically ship with the default
password of the last 6 or 7 digits of your phone number that is on the
service agreement i have seen several models that even if you change
the password in the settings the default password will still work, and
lets face it getting someones phone number is childsplay. If you can i
would suggest throwing two wire out the window and then shooting it
repeatedly i've never had good experiences with them, replacing it
with a linksys or dlink, or in my paranoid case cisco aironet and
pumping up security should help prevent cases like this in the future
but wireless is far from secure even in the best setups so if you
aren't willing to live with the possibility of someone getting on your
network disable the wireless feature on your router. (note that long
term power outages may reset some of the values to default including
wireless on most of these cheap routers, not typically your password
or security configs though)

Well now that my two-wire bashing is over, there is no such thing as
stealth mode over wireless anyone with a good sniffer/port scanner can
still get any information that is hidden by this stealth mode feature
they just have to have a little more skill to do it and lets face it
anything that they will need to do this is free, online and readily
documented. close your ports, batten down the services, and hope for
the best :)

Brett

Re: wireless router hacked - "machine name" ...?

am 03.05.2007 19:52:03 von shimmyshack

On May 3, 5:44 pm, "sur...@gmail.com" wrote:
> On May 3, 3:15 am, "Danny Boy" wrote:
>
>
>
> > > > Hi, a while back, someone hacked into my 2wire wireless router, switched
>
> > > How did they hack into the router?
>
> > my guess is during an electical outage, the router went offline and reset to
> > defaults; anyone can find generic default passwords on the internet and log
> > in. i've logged into a neighbor's wireless myself that way.
>
> > > Where exactly did you find this machine name?
>
> > the machine name was in the router at the time they were connected, and now
> > it remains as an option in one of the routers drop-down menu's for "allow
> > users thru the firewall to hosted applications". (ie, on the drop-down menu
> > is my IP - 192.168.1.64 and this other "machine name"...)
>
> > one other question ... I often test my inbound protection status with Steve
> > Gibson's (www.grc.com) "Shields Up" utility. In past years, I always
> > maintained "stealth" status on all ports, but now, due to some combo of
> > OS/firewalls/routers, my common ports are not "stealth" but "closed".
>
> > one of the options in the management console of this 2wire (wireless)
> > router/modem is a checkbox that enables "steath mode" ... which, when tested
> > against Sheilds Up, now reports all ports stealthed. However, my FTP is now
> > burdenend with an extra wait-time for the hand-shake and SMTP often fails
> > downright. no explanation given in any of their online documentation.
>
> > any comments appreciated...
>
> > Dan
>
> generally you should have some higher level security on your router
> such as wpa2, added mac address filtering, things like that even
> though we all know that they can be cracked/spoofed etc. but most
> hackers tend to look for easy targets and there are alot of people out
> there running the old linksys ssid with default passwords so why spend
> the time to break in to your system, well unless they are purposefully
> wanting to attack your router specifically they won't easy targets my
> friend easy targets. Next if you got your 2wire router from the the
> pathetic isp of your choice they typically ship with the default
> password of the last 6 or 7 digits of your phone number that is on the
> service agreement i have seen several models that even if you change
> the password in the settings the default password will still work, and
> lets face it getting someones phone number is childsplay. If you can i
> would suggest throwing two wire out the window and then shooting it
> repeatedly i've never had good experiences with them, replacing it
> with a linksys or dlink, or in my paranoid case cisco aironet and
> pumping up security should help prevent cases like this in the future
> but wireless is far from secure even in the best setups so if you
> aren't willing to live with the possibility of someone getting on your
> network disable the wireless feature on your router. (note that long
> term power outages may reset some of the values to default including
> wireless on most of these cheap routers, not typically your password
> or security configs though)
>
> Well now that my two-wire bashing is over, there is no such thing as
> stealth mode over wireless anyone with a good sniffer/port scanner can
> still get any information that is hidden by this stealth mode feature
> they just have to have a little more skill to do it and lets face it
> anything that they will need to do this is free, online and readily
> documented. close your ports, batten down the services, and hope for
> the best :)
>
> Brett

the only thing stealth mode does is slows non thread aware probes
down, or ties them up with many tcp connections, if you intend to see
if a computer is there or not though, you dont just try telnetting any
old port, you go for the obvious ones, 21,22,23,25,80,81,110,113,
etc... if you any services listening on those ports, they gotta say hi
innit!! so if you run servers, dont bother with stealth