Thread: Router hacked.
View Single Post
  #6  
Old 07-28-2008, 08:08 PM
unix unix is offline
Junior Member
  
Join Date: Sep 2009
Posts: 0
Default Re: Router hacked.
On 2008-07-28, larrys707 wrote:
> Ignoramus9959 wrote:
>> How have you isolated the problem pointint it to the router?
> We had a power glitch about a week ago that wiped the router settings
> and went to default, leaving my wireless access point wide open. I use
> Windows for some things, and have 2 totally separate Ubuntu Hardy
> installations on two different drives.

So, the router was left wide open, and that possibly opened access to
from the Internet to the servers that were inside, and they got hacked
and were used for spamming. Is that Right?

Or, are you saying that wireless settings were made wide open and your
neighbors could connect?

Cound it be that your neighbors were spamming?

>> Are you
>> sure that it is your router that is spamming? This sounds somewhat
>> improbable, so some clarification would be warranted.
>>
>> What is your home network topology, and where could spam possibly
>> originate?
>>
>> Do you have any windows computers on the network?
>>
> The router is set up as the gateway to the Internet DSl, and my computer
> is the 'Admin' on port 1 of the 10/100 Ethernet, with my daughter's XP
> laptop on the 802.11G (locked mode). She is totally a win-droid, to
> quote some one else, but I use a variety of systems, from DOS, to Sun,
> Suse, Ubuntu, and, yes, XP, but never IE or Outlook.
> Normally I have it set to channel 11, not the default, use WPA-TKIP,
> lock it to her MAC address, and every other possible precaution,
> including no DMZ or gaming holes to exploit. The computer is off when
> not in use, since I am actually trying to conserve energy, so when the
> router wireless is blinking I just assume it is her doing school work
> for her two degrees, English and Psych, but nothing technical. I doubt
> that I could have my Windows XP infected since I have levels of
> protection, including a server type 3COM 3CR990 Ethernet card, and
> Zonealarm, AVG, Avira, Adaware, and Spybot S&D. I also changed the
> router default from 1.101 etc. to 8.101 as the base, so that normally
> would be pretty hard for someone to guess. The next step might be to
> enable port forwarding to Comcast and to tell them to *only* allow those
> 2 to be recognized, but that could, maybe, kill some of my bit torrent
> downloads for program updates or new distributions.
> That leaves me wondering if SHE did get infected on her laptop???, or if
> there is someone in my hick town that actually knows how to 'war-drive',
> since I live in mostly red neck territory.

Could be anything, but you can find out with some persistence. If your
router has some advanced settings, you can block ports by IP.

> The last, and only infection I ever got was ten years ago when somebody
> found a port 445 hole in my windows NT.
> I hate windows, but the truth is I have to have it for work projects for
> my clients now that I don't work a 40 week as a captive employee any more.
> Even Comcast legal can't tell me what happened, except that they sent me
> an email that I never got and blocked me as a spammer.
> The reason the router reset got by me is that both her system and mine
> just looked for the router and went back to default without giving me a
> flag of any kind.
> Kind of a bum deal.
> Bill Baka

Sounds bad. I would try to isolate who is spamming.

i

>> i
>>
>> On 2008-07-28, larrys707 wrote:
>>
>>> This is a semi-Ubuntu question concerning Linksys routers. Comcast
>>> killed my port 25 outgoing e-mail claiming I was spamming and I have a
>>> WRT54G, but considering a GL and DD-WRT. Has anyone else had a wireless
>>> compromised like this? It was in 'open' unprotected mode for a while
>>> after a power glitch last week and apparently a war driver got into it
>>> before I found out. The wireless 802.11G is for my daughter's college
>>> work on her laptop and I haven't been able to catch her to get her MAC
>>> again, and lock out all others.
>>> The question is mainly if anyone has used the GL and or DD-WRT and how
>>> straightforward it is to work with.
>>> Dan C need not answer this, since it is not play time for me right now.
>>> There is the possibility that someone could have spoofed my email but
>>> that seems a bit more unlikely.
>>> Moog? Anyone?
>>> Bill Baka
>>>
>>> After a really pissy hour on the phone to Comcast legal.
>>>
>>
>>

--
Due to extreme spam originating from Google Groups, and their inattention
to spammers, I and many others block all articles originating
from Google Groups. If you want your postings to be seen by
more readers you will need to find a different means of
posting on Usenet.
http://improve-usenet.org/
Reply With Quote