wireless router hacked - "machine name" ...? - Firewalls

This is a discussion on wireless router hacked - "machine name" ...? - Firewalls ; Hi, a while back, someone hacked into my 2wire wireless router, switched wireless back on, used it for few weeks and departed. The only trace they left behind is "machine name" (282XH41D3 ) . which I'm not sure means anything. ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: wireless router hacked - "machine name" ...?

  1. wireless router hacked - "machine name" ...?

    Hi, a while back, someone hacked into my 2wire wireless router, switched
    wireless back on, used it for few weeks and departed. The only trace they
    left behind is "machine name" (282XH41D3 ) .

    which I'm not sure means anything. I've since re-booted the device and
    installed a more complex password, so no problem so far.

    Can a person be traced by this "machine name" or is that something that can
    be spoofed as well?

    thanks for any input ...

    Daniel.




  2. Re: wireless router hacked - "machine name" ...?


    "Danny Boy" wrote in message
    news:hCa_h.141$Vi6.138@edtnps82...
    >
    > Can a person be traced by this "machine name" or is that something that
    > can
    > be spoofed as well?
    >


    Where are you going to trace the name to? You can't do it. You can only
    trace the name of the machine when it's connected to the LAN.

    For a novice wireless hacker, the link might stop them. For anyone with some
    expertise, you can't stop them.

    http://compnetworking.about.com/od/w...fisecurity.htm


  3. Re: wireless router hacked - "machine name" ...?

    Danny Boy wrote:
    > Hi, a while back, someone hacked into my 2wire wireless router, switched


    How did they hack into the router?

    > wireless back on, used it for few weeks and departed. The only trace they
    > left behind is "machine name" (282XH41D3 ) .


    Where exactly did you find this machine name?

    > which I'm not sure means anything. I've since re-booted the device and
    > installed a more complex password, so no problem so far.


    If someone hacked into the router they may have replaced the firmware on
    the router to keep a back door open. Simply replacing the password may
    not help at all. You should download the latest firmware for your
    router, reset the router completely, upgrade the router with this new
    firmware, then reset once more and reconfigure the router. If the
    firmware upgrade was successful it should have removed anything the
    hackers might have left behind. Although you cannot be 100% sure unless
    you sent the router to support and have the router properly reflashed.

    > Can a person be traced by this "machine name" or is that something that can
    > be spoofed as well?


    Generally, you can assign any name you like to a computer thus it won't
    help you to trace someone.

    Gerald

  4. Re: wireless router hacked - "machine name" ...?

    > > Hi, a while back, someone hacked into my 2wire wireless router, switched
    >
    > How did they hack into the router?


    my guess is during an electical outage, the router went offline and reset to
    defaults; anyone can find generic default passwords on the internet and log
    in. i've logged into a neighbor's wireless myself that way.

    > Where exactly did you find this machine name?


    the machine name was in the router at the time they were connected, and now
    it remains as an option in one of the routers drop-down menu's for "allow
    users thru the firewall to hosted applications". (ie, on the drop-down menu
    is my IP - 192.168.1.64 and this other "machine name"...)



    one other question ... I often test my inbound protection status with Steve
    Gibson's (www.grc.com) "Shields Up" utility. In past years, I always
    maintained "stealth" status on all ports, but now, due to some combo of
    OS/firewalls/routers, my common ports are not "stealth" but "closed".

    one of the options in the management console of this 2wire (wireless)
    router/modem is a checkbox that enables "steath mode" ... which, when tested
    against Sheilds Up, now reports all ports stealthed. However, my FTP is now
    burdenend with an extra wait-time for the hand-shake and SMTP often fails
    downright. no explanation given in any of their online documentation.

    any comments appreciated...


    Dan



  5. Re: wireless router hacked - "machine name" ...?

    Danny Boy wrote:
    >>> Hi, a while back, someone hacked into my 2wire wireless router, switched

    >> How did they hack into the router?

    >
    > my guess is during an electical outage, the router went offline and reset to
    > defaults; anyone can find generic default passwords on the internet and log
    > in. i've logged into a neighbor's wireless myself that way.


    That's why you always should check your equipment after events like
    power outages or thunderstorms...

    >> Where exactly did you find this machine name?

    >
    > the machine name was in the router at the time they were connected, and now
    > it remains as an option in one of the routers drop-down menu's for "allow
    > users thru the firewall to hosted applications". (ie, on the drop-down menu
    > is my IP - 192.168.1.64 and this other "machine name"...)


    That name is user defined. Unless you accidentally find the name
    somewhere there is little you can do. You could leave the router running
    as before and wait until they connect again. If they connect through
    wireless you may be able to locate them...

    > one other question ... I often test my inbound protection status with Steve
    > Gibson's (www.grc.com) "Shields Up" utility. In past years, I always
    > maintained "stealth" status on all ports, but now, due to some combo of
    > OS/firewalls/routers, my common ports are not "stealth" but "closed".


    "Stealth" is one of the most useless things in the internet world.
    "Stealth" does not exist. A computer/router that does not answer is not
    an "invisible" computer but simply a computer that does not answer. It
    is almost like you would be standing in the middle of the street and
    would not answer to anyone who talks to you: you are not stealthed but
    very visibly there. You are just not answering.

    Really stealth would be if everything was as if you were actually not
    there. A computer that is not there, i.e. an IP address which is unused,
    would have the upstream router return an error to an sender. If the
    upstream router returns this error, it looks as if you are not there.
    Then you would be really stealthed.

    But all that "stealthing" which software firewalls and some routers do
    is not worth the money. It may actually increase the incoming traffic to
    your router/computer as any accidental sender to your IP address will
    usually retry the connections several times if the answer times out. If
    however the sender gets the "port closed" immediately as reply there
    won't be retransmissions.

    The important thing is that all your ports are closed. If everything is
    closed you are secured.

    Gerald

  6. Re: wireless router hacked - "machine name" ...?

    In article <2Tg_h.180$Vi6.91@edtnps82>, Danny Boy wrote:
    :
    ne of the options in the management console of this 2wire (wireless)
    :router/modem is a checkbox that enables "steath mode" ... which, when tested
    :against Sheilds Up, now reports all ports stealthed. However, my FTP is now
    :burdenend with an extra wait-time for the hand-shake and SMTP often fails
    :downright. no explanation given in any of their online documentation.
    :
    :any comments appreciated...

    If you have port 113 in stealth mode, servers that send an ident probe
    during connection setup will wait for a timeout before proceeding.

    --
    Bob Nichols AT comcast.net I am "RNichols42"

  7. Re: wireless router hacked - "machine name" ...?

    On May 3, 3:15 am, "Danny Boy" wrote:
    > > > Hi, a while back, someone hacked into my 2wire wireless router, switched

    >
    > > How did they hack into the router?

    >
    > my guess is during an electical outage, the router went offline and reset to
    > defaults; anyone can find generic default passwords on the internet and log
    > in. i've logged into a neighbor's wireless myself that way.
    >
    > > Where exactly did you find this machine name?

    >
    > the machine name was in the router at the time they were connected, and now
    > it remains as an option in one of the routers drop-down menu's for "allow
    > users thru the firewall to hosted applications". (ie, on the drop-down menu
    > is my IP - 192.168.1.64 and this other "machine name"...)
    >
    > one other question ... I often test my inbound protection status with Steve
    > Gibson's (www.grc.com) "Shields Up" utility. In past years, I always
    > maintained "stealth" status on all ports, but now, due to some combo of
    > OS/firewalls/routers, my common ports are not "stealth" but "closed".
    >
    > one of the options in the management console of this 2wire (wireless)
    > router/modem is a checkbox that enables "steath mode" ... which, when tested
    > against Sheilds Up, now reports all ports stealthed. However, my FTP is now
    > burdenend with an extra wait-time for the hand-shake and SMTP often fails
    > downright. no explanation given in any of their online documentation.
    >
    > any comments appreciated...
    >
    > Dan


    generally you should have some higher level security on your router
    such as wpa2, added mac address filtering, things like that even
    though we all know that they can be cracked/spoofed etc. but most
    hackers tend to look for easy targets and there are alot of people out
    there running the old linksys ssid with default passwords so why spend
    the time to break in to your system, well unless they are purposefully
    wanting to attack your router specifically they won't easy targets my
    friend easy targets. Next if you got your 2wire router from the the
    pathetic isp of your choice they typically ship with the default
    password of the last 6 or 7 digits of your phone number that is on the
    service agreement i have seen several models that even if you change
    the password in the settings the default password will still work, and
    lets face it getting someones phone number is childsplay. If you can i
    would suggest throwing two wire out the window and then shooting it
    repeatedly i've never had good experiences with them, replacing it
    with a linksys or dlink, or in my paranoid case cisco aironet and
    pumping up security should help prevent cases like this in the future
    but wireless is far from secure even in the best setups so if you
    aren't willing to live with the possibility of someone getting on your
    network disable the wireless feature on your router. (note that long
    term power outages may reset some of the values to default including
    wireless on most of these cheap routers, not typically your password
    or security configs though)

    Well now that my two-wire bashing is over, there is no such thing as
    stealth mode over wireless anyone with a good sniffer/port scanner can
    still get any information that is hidden by this stealth mode feature
    they just have to have a little more skill to do it and lets face it
    anything that they will need to do this is free, online and readily
    documented. close your ports, batten down the services, and hope for
    the best

    Brett


  8. Re: wireless router hacked - "machine name" ...?

    On May 3, 5:44 pm, "sur...@gmail.com" wrote:
    > On May 3, 3:15 am, "Danny Boy" wrote:
    >
    >
    >
    > > > > Hi, a while back, someone hacked into my 2wire wireless router, switched

    >
    > > > How did they hack into the router?

    >
    > > my guess is during an electical outage, the router went offline and reset to
    > > defaults; anyone can find generic default passwords on the internet and log
    > > in. i've logged into a neighbor's wireless myself that way.

    >
    > > > Where exactly did you find this machine name?

    >
    > > the machine name was in the router at the time they were connected, and now
    > > it remains as an option in one of the routers drop-down menu's for "allow
    > > users thru the firewall to hosted applications". (ie, on the drop-down menu
    > > is my IP - 192.168.1.64 and this other "machine name"...)

    >
    > > one other question ... I often test my inbound protection status with Steve
    > > Gibson's (www.grc.com) "Shields Up" utility. In past years, I always
    > > maintained "stealth" status on all ports, but now, due to some combo of
    > > OS/firewalls/routers, my common ports are not "stealth" but "closed".

    >
    > > one of the options in the management console of this 2wire (wireless)
    > > router/modem is a checkbox that enables "steath mode" ... which, when tested
    > > against Sheilds Up, now reports all ports stealthed. However, my FTP is now
    > > burdenend with an extra wait-time for the hand-shake and SMTP often fails
    > > downright. no explanation given in any of their online documentation.

    >
    > > any comments appreciated...

    >
    > > Dan

    >
    > generally you should have some higher level security on your router
    > such as wpa2, added mac address filtering, things like that even
    > though we all know that they can be cracked/spoofed etc. but most
    > hackers tend to look for easy targets and there are alot of people out
    > there running the old linksys ssid with default passwords so why spend
    > the time to break in to your system, well unless they are purposefully
    > wanting to attack your router specifically they won't easy targets my
    > friend easy targets. Next if you got your 2wire router from the the
    > pathetic isp of your choice they typically ship with the default
    > password of the last 6 or 7 digits of your phone number that is on the
    > service agreement i have seen several models that even if you change
    > the password in the settings the default password will still work, and
    > lets face it getting someones phone number is childsplay. If you can i
    > would suggest throwing two wire out the window and then shooting it
    > repeatedly i've never had good experiences with them, replacing it
    > with a linksys or dlink, or in my paranoid case cisco aironet and
    > pumping up security should help prevent cases like this in the future
    > but wireless is far from secure even in the best setups so if you
    > aren't willing to live with the possibility of someone getting on your
    > network disable the wireless feature on your router. (note that long
    > term power outages may reset some of the values to default including
    > wireless on most of these cheap routers, not typically your password
    > or security configs though)
    >
    > Well now that my two-wire bashing is over, there is no such thing as
    > stealth mode over wireless anyone with a good sniffer/port scanner can
    > still get any information that is hidden by this stealth mode feature
    > they just have to have a little more skill to do it and lets face it
    > anything that they will need to do this is free, online and readily
    > documented. close your ports, batten down the services, and hope for
    > the best
    >
    > Brett


    the only thing stealth mode does is slows non thread aware probes
    down, or ties them up with many tcp connections, if you intend to see
    if a computer is there or not though, you dont just try telnetting any
    old port, you go for the obvious ones, 21,22,23,25,80,81,110,113,
    etc... if you any services listening on those ports, they gotta say hi
    innit!! so if you run servers, dont bother with stealth


+ Reply to Thread