Router hacked. - Ubuntu

This is a discussion on Router hacked. - Ubuntu ; Bill Baka wrote: > Joe wrote: > >> On 2008-07-28, larrys707 wrote: >> >> >>> This is a semi-Ubuntu question concerning Linksys routers. Comcast >>> killed my port 25 outgoing e-mail claiming I was spamming and I have a >>> ...

+ Reply to Thread
Page 2 of 4 FirstFirst 1 2 3 4 LastLast
Results 21 to 40 of 68

Thread: Router hacked.

  1. Re: Router hacked.

    Bill Baka wrote:
    > Joe wrote:
    >
    >> On 2008-07-28, larrys707 wrote:
    >>
    >>
    >>> This is a semi-Ubuntu question concerning Linksys routers. Comcast
    >>> killed my port 25 outgoing e-mail claiming I was spamming and I have a
    >>> WRT54G, but considering a GL and DD-WRT. Has anyone else had a wireless
    >>> compromised like this? It was in 'open' unprotected mode for a while
    >>> after a power glitch last week and apparently a war driver got into it
    >>> before I found out. The wireless 802.11G is for my daughter's college
    >>> work on her laptop and I haven't been able to catch her to get her MAC
    >>> again, and lock out all others.
    >>> The question is mainly if anyone has used the GL and or DD-WRT and how
    >>> straightforward it is to work with.
    >>> Dan C need not answer this, since it is not play time for me right now.
    >>> There is the possibility that someone could have spoofed my email but
    >>> that seems a bit more unlikely.
    >>> Moog? Anyone?
    >>> Bill Baka
    >>>
    >>> After a really pissy hour on the phone to Comcast legal.
    >>>
    >>>

    >> Are you running a mail server on any machine? Sendmail or some other
    >> such software? Perhaps you have a win machine with a bot installed
    >> accidentally?
    >>
    >>

    > No server here since I turn off my machine when not in use and my
    > daughter's laptop is a battery eater. My win, when I am in it, has so
    > many protection programs that they are a maintenance problem on their
    > own, but my daughter insists on remaining ignorant of that stuff and
    > stubbornly refuses to use anything but XP, IE, and Outlook, with very
    > little protection. I snuck in Adaware and Spybot, and put AVG on over
    > her complaints so it is at least a possibility that her computer was the
    > source of the problem.
    >
    >> Your router cannot send spam.
    >>

    > That much I know.
    >
    >> Your router has not been compromised.
    >>

    > I didn't say that. It was wide open for a few days and someone could
    > have hooked into my wireless from down the street and it would show up
    > as my IP address to Comcast.
    >
    >>
    >> You simply need to close port 25, if you are not using it for a Mail
    >> agent.
    >>

    > So far, I have been, but may turn paranoid and switch to port 587, as
    > Comcast wanted, but then I would have to mess with her computer and she
    > uses port 25 sometimes at a hot spot at Cal-State, causing me more home
    > problems.
    > She is an English and Psych double major and hates math and thinking
    > about computer details, a perfect example of a win-droid.
    >
    >> If you are, you need to secure the agent. If whichever
    >> software you are using is allowing an open relay, you will transmit
    >> spam.
    >>
    >>
    >>
    >>

    > Pretty much FF and T-bird for me, Linux and XP, and IE and Outlook for
    > her, the stubborn daughter. Try telling a 4.0GPA double major, high IQ
    > daughter anything, and see what happens.....
    > She tells me "Everybody else uses Windows, why do you use weird
    > systems?", with a totally straight face.
    > Frustration, to an exponential level.
    > Bill Baka
    >



    Who pays for the ISP?

    Disconnect her if she won't conform to your demands.

    If you don't, Comcast certainly will! That will also include your
    connection!


    --
    John

    No Microsoft, Apple, AT&T, Intel, Novell, Trend Micro, nor Ford products were used in the preparation or transmission of this message.

    The EULA sounds like it was written by a team of lawyers who want to tell me what I can't do. The GPL sounds like it was written by a human being, who wants me to know what I can do.

  2. Re: Router hacked.

    HiTech RedNeck wrote:
    > "larrys707" wrote in message
    > news:Gnojk.19289$N87.540@nlpi068.nbdc.sbc.com...
    >
    >> This is a semi-Ubuntu question concerning Linksys routers. Comcast
    >> killed my port 25 outgoing e-mail claiming I was spamming and I have a
    >> WRT54G, but considering a GL and DD-WRT. Has anyone else had a wireless
    >> compromised like this? It was in 'open' unprotected mode for a while
    >> after a power glitch last week and apparently a war driver got into it
    >> before I found out.
    >>

    >
    > If you have verified that the router actually forgot to be in WPA mode,
    > that's awfully naughty of it, power glitch or no. You might want to give a
    > shout in some Cisco newsgroups (Linksys is owned by Cisco).

    The Cisco logo is kind of a give away, huh? The power glitch was only
    one second and may have been seen as a reset attempt.
    > However, it's
    > also possible that through a hack of a (most likely) Windows machine, a
    > command got sent to the router at its normal default IP address to TELL it
    > to go into unprotected mode. Such a hack can happen through a virus or
    > through visiting an engineered or compromised web page with Javascript or
    > buffer overflow, etc. exploits in it.

    That would be my daughter's laptop since she refuses to let me install
    all the protection she needs, but then the infection would have had to
    come back through the wireless connection, and it is set up for
    administration only by the hard wire port 1.
    > You might also want to consider a
    > different wireless router (Belkin/My Essentials is one of many) that lets
    > you set an administrative password on it, then set a nontrivial
    > administrative password as well as changing the IP address of its LAN to
    > something other than the default 192.168.2.X or whatever it may be.
    >
    >



    Belkin is such a small fish I fear them going under and having an
    orphaned router. Cisco appears to be here to stay, but who can say if
    they will someday kill the Linksys name. My login is usually my first
    name and my password is a take off on something only known to the family
    or just me, as in a math sequence that a hacker might be clueless about.
    I changed my base address to 192.168.8. x and the channel to something
    other than the default, locked in my daughter's MAC, etc., so getting
    into it should have been nearly impossible. After the reset, anyone
    could have gotten into it since the defaults are painfully obvious.
    Right now, Ubuntu is my friend and XP is slower than mud, but that has
    been a gradual slowdown from registry gunk. All valuable information is
    backed up to a 500GB SATA that is NOT a bootable drive, and is NTFS
    compressed, which Linux sees just fine. Windows tells me my ext 2,3 and
    rieserfs are 'unknown' and wants to format them, so bad M$.
    I have picked up some good ideas today, much better than arguing about spam.
    A thought which I have is to maybe daisy chain 2 routers, the first
    having wireless turned off and only used as a super firewall, before
    turning it over to the one I now use. That could work or just fry my
    head trying to make it all play together. My specialty is analog
    hardware design for test equipment and sometimes military stuff (can't
    say), but I always did my own programming for the first go, then let
    someone else package it for final release.
    Anyway, thanks for the input.
    Bill Baka

  3. Re: Router hacked.

    John F. Morse wrote:
    > Bill Baka wrote:
    >> Joe wrote:
    >>
    >>> On 2008-07-28, larrys707 wrote:
    >>>
    >>>> This is a semi-Ubuntu question concerning Linksys routers. Comcast
    >>>> killed my port 25 outgoing e-mail claiming I was spamming and I have a
    >>>> WRT54G, but considering a GL and DD-WRT. Has anyone else had a
    >>>> wireless
    >>>> compromised like this? It was in 'open' unprotected mode for a while
    >>>> after a power glitch last week and apparently a war driver got into it
    >>>> before I found out. The wireless 802.11G is for my daughter's college
    >>>> work on her laptop and I haven't been able to catch her to get her MAC
    >>>> again, and lock out all others.
    >>>> The question is mainly if anyone has used the GL and or DD-WRT and how
    >>>> straightforward it is to work with.
    >>>> Dan C need not answer this, since it is not play time for me right
    >>>> now.
    >>>> There is the possibility that someone could have spoofed my email but
    >>>> that seems a bit more unlikely.
    >>>> Moog? Anyone?
    >>>> Bill Baka
    >>>>
    >>>> After a really pissy hour on the phone to Comcast legal.
    >>>>
    >>> Are you running a mail server on any machine? Sendmail or some
    >>> other such software? Perhaps you have a win machine with a bot
    >>> installed accidentally?
    >>>

    >> No server here since I turn off my machine when not in use and my
    >> daughter's laptop is a battery eater. My win, when I am in it, has so
    >> many protection programs that they are a maintenance problem on their
    >> own, but my daughter insists on remaining ignorant of that stuff and
    >> stubbornly refuses to use anything but XP, IE, and Outlook, with very
    >> little protection. I snuck in Adaware and Spybot, and put AVG on over
    >> her complaints so it is at least a possibility that her computer was the
    >> source of the problem.
    >>
    >>> Your router cannot send spam.

    >> That much I know.
    >>
    >>> Your router has not been compromised.
    >>>

    >> I didn't say that. It was wide open for a few days and someone could
    >> have hooked into my wireless from down the street and it would show up
    >> as my IP address to Comcast.
    >>
    >>> You simply need to close port 25, if you are not using it for a
    >>> Mail agent.

    >> So far, I have been, but may turn paranoid and switch to port 587, as
    >> Comcast wanted, but then I would have to mess with her computer and she
    >> uses port 25 sometimes at a hot spot at Cal-State, causing me more home
    >> problems.
    >> She is an English and Psych double major and hates math and thinking
    >> about computer details, a perfect example of a win-droid.
    >>
    >>> If you are, you need to secure the agent. If whichever software
    >>> you are using is allowing an open relay, you will transmit spam.
    >>>
    >>>
    >>>

    >> Pretty much FF and T-bird for me, Linux and XP, and IE and Outlook for
    >> her, the stubborn daughter. Try telling a 4.0GPA double major, high IQ
    >> daughter anything, and see what happens.....
    >> She tells me "Everybody else uses Windows, why do you use weird
    >> systems?", with a totally straight face.
    >> Frustration, to an exponential level.
    >> Bill Baka
    >>

    >
    >
    > Who pays for the ISP?

    Hah! Me, of course.
    >
    >
    > Disconnect her if she won't conform to your demands.

    I may block her if she keeps being stubborn. Going for 2 masters or
    doctorates is a bit much, but she can damn well listen to me, the source
    of her 'smarts'. Problem is, she inherited my stubbornness too.
    >
    > If you don't, Comcast certainly will! That will also include your
    > connection!

    They did block my port 25, as I found out today, but the legal
    department could not say exactly what kind of spam my computer (or
    hacker) was sending out. The first 2 dimwits I talked to in customer
    *service* had no idea what they were talking about, but legal actually
    had people with real IT educations and intelligence. Funny how Joe
    average thinks the first guy on the line is an expert and will follow
    their advice blindly.
    Today has been very educational.
    Thanks to all.
    Bill Baka
    >
    >


  4. Re: Router hacked.

    On 2008-07-28, Bill Baka wrote:
    > Joe wrote:
    >> On 2008-07-28, Bill Baka wrote:
    >>
    >>> I didn't say that. It was wide open for a few days and someone could
    >>> have hooked into my wireless from down the street and it would show up
    >>> as my IP address to Comcast.
    >>>

    >>
    >> Yup, but fairly easy to correct and detect. Look at your router's
    >> wireless MAC page, and check the connected clients. In your case,
    >> there should only be one...
    >>

    > Been there, done that, had it locked to only her MAC, and will as soon
    > as I can get my hands on her laptop.
    > Major PMS right now, so not safe.
    >>
    >>>>
    >>>> You simply need to close port 25, if you are not using it for a Mail
    >>>> agent.
    >>>>
    >>> So far, I have been, but may turn paranoid and switch to port 587, as
    >>> Comcast wanted, but then I would have to mess with her computer and she
    >>> uses port 25 sometimes at a hot spot at Cal-State, causing me more home
    >>> problems.
    >>>

    >>
    >> What is she using it for? With port 25 closed on the router, you can
    >> still connect out to a mail server. The router doesn't block outgoing
    >> connections.
    >>
    >>
    >>

    > You may send me back to the books on that one. I was under the
    > impression that SMTP wanted port 25, just as news wants 119, etc.


    They do. But they can initiate the outgoing connection even if your
    nat router is not passing it. The only thing that would stop it is an
    IPTables rule set to the out side, and having all of your internet go
    through your local PC.

    If you install DD-WRT on your router, you'll be able to do the same at
    that device, but the standard Linksys firmware does not have a
    firewall, just NAT.

    --
    Joe - Linux User #449481/Ubuntu User #19733
    joe at hits - buffalo dot com
    "Hate is baggage, life is too short to go around pissed off all the
    time..." - Danny, American History X

  5. Re: Router hacked.

    Ignoramus9959 wrote in
    news:M5idnZoDW_GvuhPVnZ2dnUVZ_sDinZ2d@giganews.com :

    > Or, are you saying that wireless settings were made wide open and your
    > neighbors could connect?
    >
    > Cound it be that your neighbors were spamming?


    You people with these wireless systems are in for more and more of this.
    They are now marketing a device that will allow someone to drive around
    with a laptop, and it will alert them when it detects a wireless network
    that can be accessed. The person can then park, get into the network, and
    do anything he wants, including getting free Internet access, which he can
    use to send spam or whatever. This is very possibly what happened to the
    OP.

  6. Re: Router hacked.

    Bill Baka wrote:
    > John F. Morse wrote:
    >> Who pays for the ISP?
    >>

    > Hah! Me, of course.
    >



    Then that likely makes you the legally-responsible person. ;-)


    >> Disconnect her if she won't conform to your demands.
    >>

    > I may block her if she keeps being stubborn. Going for 2 masters or
    > doctorates is a bit much, but she can damn well listen to me, the source
    > of her 'smarts'. Problem is, she inherited my stubbornness too.
    >



    I have absolutely no respect (nor disrespect) for "college-bred" idiots.
    Going to school does not make a person any smarter, and from what I've
    seen in the past 30 or so years, many are brainwashed into becoming
    corporate robots.

    You need to take control of your ISP connection and secure it -- or lose it.

    Show her your stubbornness, and let her be stubborn to her kids.


    >> If you don't, Comcast certainly will! That will also include your
    >> connection!
    >>

    > They did block my port 25, as I found out today, but the legal
    > department could not say exactly what kind of spam my computer (or
    > hacker) was sending out. The first 2 dimwits I talked to in customer
    > *service* had no idea what they were talking about, but legal actually
    > had people with real IT educations and intelligence. Funny how Joe
    > average thinks the first guy on the line is an expert and will follow
    > their advice blindly.
    >



    Blocked your port 25? Incoming or outgoing? If you are not running an
    MTA, then incoming blocks are nothing to worry about -- you aren't using
    them.

    However, if you are running Unix or Linux, you are likely running some
    kind of MTA, which is necessary for important system messages, errors,
    warnings, etc., to be mailed to Root. But you should not have port 25
    forwarded to any computer on your LAN.

    Outgoing is likely the issue. Someone may have compromised one of your
    computers, and installed a spam bot, which then sends out spam.

    Most ISPs block port 25 to eliminate these compromised computers from
    sending spam. Usually they will unblock port 25 after someone has been a
    customer for 30 days, which eliminates many of the spammers who sign up
    for an account just to immediately send spam and run.

    The port 25 block is usually applied to block the ISP's MTA from
    relaying your e-mail from your MTA to the Internet. They don't block
    port 25 into their own MTA, or you wouldn't be able to originate e-mail
    on your ISP mail account.

    You need to find out exactly which one of these conditions fits your
    problem so you can intelligently discuss the issue with them.

    Remember that they have thousands of paying customers, and messing
    around with you and your trouble is not in their best interest when it
    comes to their bottom line. This is that corporate philosophy I spoke
    about above.


    --
    John

    No Microsoft, Apple, AT&T, Intel, Novell, Trend Micro, nor Ford products were used in the preparation or transmission of this message.

    The EULA sounds like it was written by a team of lawyers who want to tell me what I can't do. The GPL sounds like it was written by a human being, who wants me to know what I can do.

  7. Re: Router hacked.

    Joe wrote:
    > On 2008-07-28, Bill Baka wrote:
    >
    >> Joe wrote:
    >>
    >>> On 2008-07-28, Bill Baka wrote:
    >>>
    >>>
    >>>> I didn't say that. It was wide open for a few days and someone could
    >>>> have hooked into my wireless from down the street and it would show up
    >>>> as my IP address to Comcast.
    >>>>
    >>>>
    >>> Yup, but fairly easy to correct and detect. Look at your router's
    >>> wireless MAC page, and check the connected clients. In your case,
    >>> there should only be one...
    >>>
    >>>

    >> Been there, done that, had it locked to only her MAC, and will as soon
    >> as I can get my hands on her laptop.
    >> Major PMS right now, so not safe.
    >>
    >>>
    >>>
    >>>>>
    >>>>> You simply need to close port 25, if you are not using it for a Mail
    >>>>> agent.
    >>>>>
    >>>>>
    >>>> So far, I have been, but may turn paranoid and switch to port 587, as
    >>>> Comcast wanted, but then I would have to mess with her computer and she
    >>>> uses port 25 sometimes at a hot spot at Cal-State, causing me more home
    >>>> problems.
    >>>>
    >>>>
    >>> What is she using it for? With port 25 closed on the router, you can
    >>> still connect out to a mail server. The router doesn't block outgoing
    >>> connections.
    >>>
    >>>
    >>>
    >>>

    >> You may send me back to the books on that one. I was under the
    >> impression that SMTP wanted port 25, just as news wants 119, etc.
    >>

    >
    > They do. But they can initiate the outgoing connection even if your
    > nat router is not passing it. The only thing that would stop it is an
    > IPTables rule set to the out side, and having all of your internet go
    > through your local PC.
    >
    > If you install DD-WRT on your router, you'll be able to do the same at
    > that device, but the standard Linksys firmware does not have a
    > firewall, just NAT.
    >
    >

    I'm finding that out, all of the above, but Linksys has a very limited 4
    site only firewall built in, too small to do any good. If I remember it
    right there is a basic protection against DOS or Ping of death attacks,
    but probably not much more. The port thing had me going since I once
    watched windows via Sygate firewall trying ports in sequence and never
    apparently releasing the port they opened, to the point where I am now
    convinced that M$ really doesn't care about messing up the average
    sucker's computer. They will probably just say 'upgrade'.
    Thanks,
    I'm getting some education today.
    Bill Baka

  8. Re: Router hacked.

    elaich wrote:
    > Ignoramus9959 wrote in
    > news:M5idnZoDW_GvuhPVnZ2dnUVZ_sDinZ2d@giganews.com :
    >
    >
    >> Or, are you saying that wireless settings were made wide open and your
    >> neighbors could connect?
    >>
    >> Cound it be that your neighbors were spamming?
    >>

    >
    > You people with these wireless systems are in for more and more of this.
    > They are now marketing a device that will allow someone to drive around
    > with a laptop, and it will alert them when it detects a wireless network
    > that can be accessed. The person can then park, get into the network, and
    > do anything he wants, including getting free Internet access, which he can
    > use to send spam or whatever. This is very possibly what happened to the
    > OP.
    >

    I'm the OP in this case, and I have heard of that software. It seems
    unlikely that it would be good for a hot spot like Starbucks but the
    main use would be for someone with criminal intent, and I am not wanting
    to be a hot spot.
    Like I said it 'was' locked down but gave me absolutely no indication
    that a one second power glitch had reset it somehow. If I had my way,
    and I might, the router would send a software revision number to me on
    first access or send me an email of daily status. My neighbors are
    mostly red neck or blue collar types but that doesn't mean some high
    school kid couldn't do it. We have a community college a half mile away
    and I am near Beale AFB, so some AF jerk could have been involved. Most
    of the fly boys are pretty good but there are a few that should be
    behind bars. My grandson tried to hack me for Play-station hacks but I
    locked him out real fast.
    I'm personally NOT a wireless fan since I knew this kind of thing would
    happen sooner or later, but alas, even I must carry a cell phone these days.
    Progress?
    Thanks,
    Bill Baka

  9. Re: Router hacked.

    On 07/28/2008 07:25 PM Bill Baka scribbled:
    >
    >
    > Belkin is such a small fish I fear them going under and having an
    > orphaned router.



    Belkins been around longer than Cisco.

    the more you write, the dumber you sound - or is this all just a mental
    exercise to watch others jump through hoops?
    if you care about your system, your daughter doesn't fit into the
    equation - if you can't get to the machine your worried about, what do
    you expect anyone here to do about it?

    your questions may better be answered over @ NANAE (no insult intended
    to those present)...


  10. Re: Router hacked.

    John F. Morse wrote:
    > Bill Baka wrote:
    >> John F. Morse wrote:
    >>> Who pays for the ISP?
    >>>

    >> Hah! Me, of course.
    >>

    >
    >
    > Then that likely makes you the legally-responsible person. ;-)

    Lucky me, huh?
    >
    >
    >>> Disconnect her if she won't conform to your demands.
    >>>

    >> I may block her if she keeps being stubborn. Going for 2 masters or
    >> doctorates is a bit much, but she can damn well listen to me, the source
    >> of her 'smarts'. Problem is, she inherited my stubbornness too.
    >>

    >
    >
    > I have absolutely no respect (nor disrespect) for "college-bred"
    > idiots. Going to school does not make a person any smarter, and from
    > what I've seen in the past 30 or so years, many are brainwashed into
    > becoming corporate robots.

    Her IQ is actually about 140, inherited from me genetically, since my
    wife clocks in at about 95 or so. I was way over 160 when I was younger
    but 60 years of sex, drugs, and rock and roll has taken a bit of a toll.
    I used to call my college professors for not teaching fast enough and
    actually made one look like a moron after he tried to argue a point with
    me. She gets the attitude legitimately.
    >
    > You need to take control of your ISP connection and secure it -- or
    > lose it.

    I know, since I spent a fair amount of time talking to Comcast legal today.
    >
    >
    > Show her your stubbornness, and let her be stubborn to her kids.

    She has the good sense not to want any, and I agree. Why bring kids into
    such a messed up world??
    >
    >
    >
    >>> If you don't, Comcast certainly will! That will also include your
    >>> connection!
    >>>

    >> They did block my port 25, as I found out today, but the legal
    >> department could not say exactly what kind of spam my computer (or
    >> hacker) was sending out. The first 2 dimwits I talked to in customer
    >> *service* had no idea what they were talking about, but legal actually
    >> had people with real IT educations and intelligence. Funny how Joe
    >> average thinks the first guy on the line is an expert and will follow
    >> their advice blindly.
    >>

    >
    >
    > Blocked your port 25? Incoming or outgoing? If you are not running an
    > MTA, then incoming blocks are nothing to worry about -- you aren't
    > using them.

    It was outgoing only, since I got my mail but couldn't reply.
    >
    >
    > However, if you are running Unix or Linux, you are likely running some
    > kind of MTA, which is necessary for important system messages, errors,
    > warnings, etc., to be mailed to Root. But you should not have port 25
    > forwarded to any computer on your LAN.

    I don't. She uses Hotmail or Yahoo so she can have her own account away
    from daddies prying eyes. She was using Limewire which could have been a
    magnet for trouble, but she figured that out on her own.
    >
    >
    > Outgoing is likely the issue. Someone may have compromised one of your
    > computers, and installed a spam bot, which then sends out spam.

    I only have mine hard wired and hers on wireless with the router on top
    of my monitor so I can tell when she is on line. Mine has so much
    protection on windows it actually seems to be slowing it down. Hers has
    the minimum, again due to her stubbornness. I go clean it up when she is
    at Sac State.
    >
    >
    > Most ISPs block port 25 to eliminate these compromised computers from
    > sending spam. Usually they will unblock port 25 after someone has been
    > a customer for 30 days, which eliminates many of the spammers who sign
    > up for an account just to immediately send spam and run.

    About 4 years as of now. I am out of DSL range and had to change, and my
    old standby dial up was unbearable.
    >
    > The port 25 block is usually applied to block the ISP's MTA from
    > relaying your e-mail from your MTA to the Internet. They don't block
    > port 25 into their own MTA, or you wouldn't be able to originate
    > e-mail on your ISP mail account.

    Figured that.
    >
    > You need to find out exactly which one of these conditions fits your
    > problem so you can intelligently discuss the issue with them.

    I had to get to legal to find an intelligent person on the other end,
    but when I did, she was very nice and obviously an IT pro. The customer
    service tech *and* his supervisor were both idiots, so I was kind of
    harsh with them.
    >
    >
    > Remember that they have thousands of paying customers, and messing
    > around with you and your trouble is not in their best interest when it
    > comes to their bottom line. This is that corporate philosophy I spoke
    > about above.
    >
    >

    This is why I am independent these days. I got overdosed on corporate
    when I was an engineer at Hewlett-Packard.
    Anyway, thanks for the response, and I will be busy de-virusing tomorrow.
    Bill Baka

  11. Re: Router hacked.

    jrg wrote:
    > On 07/28/2008 07:25 PM Bill Baka scribbled:
    >
    >> Belkin is such a small fish I fear them going under and having an
    >> orphaned router.
    >>

    >
    >
    > Belkins been around longer than Cisco.
    >

    Look at the marketing and sales numbers, or percentage of market share.
    Belkin is small.
    > the more you write, the dumber you sound - or is this all just a mental
    > exercise to watch others jump through hoops?
    >

    Bouncing ideas never hurt, or does it pain you? Someone else may read
    this exchange and benefit from it, so why not?
    > if you care about your system, your daughter doesn't fit into the
    > equation - if you can't get to the machine your worried about, what do
    > you expect anyone here to do about it?
    >

    Talk, with some degree of civility. When someone posts an URL or two it
    can help anyone reading the thread.
    > your questions may better be answered over @ NANAE (no insult intended
    > to those present)...
    >
    >

    You seem to be the only jerk on the group today. Everyone else has been
    most helpful.
    Later.
    Bill Baka

  12. Re: Router hacked.

    Joe wrote:
    > On 2008-07-28, Bill Baka wrote:
    >
    >> Joe wrote:
    >>
    >>> On 2008-07-28, Bill Baka wrote:
    >>>
    >>>
    >>>> I didn't say that. It was wide open for a few days and someone could
    >>>> have hooked into my wireless from down the street and it would show up
    >>>> as my IP address to Comcast.
    >>>>
    >>>>
    >>> Yup, but fairly easy to correct and detect. Look at your router's
    >>> wireless MAC page, and check the connected clients. In your case,
    >>> there should only be one...
    >>>
    >>>

    >> Been there, done that, had it locked to only her MAC, and will as soon
    >> as I can get my hands on her laptop.
    >> Major PMS right now, so not safe.
    >>
    >>>
    >>>
    >>>>>
    >>>>> You simply need to close port 25, if you are not using it for a Mail
    >>>>> agent.
    >>>>>
    >>>>>
    >>>> So far, I have been, but may turn paranoid and switch to port 587, as
    >>>> Comcast wanted, but then I would have to mess with her computer and she
    >>>> uses port 25 sometimes at a hot spot at Cal-State, causing me more home
    >>>> problems.
    >>>>
    >>>>
    >>> What is she using it for? With port 25 closed on the router, you can
    >>> still connect out to a mail server. The router doesn't block outgoing
    >>> connections.
    >>>
    >>>
    >>>
    >>>

    >> You may send me back to the books on that one. I was under the
    >> impression that SMTP wanted port 25, just as news wants 119, etc.
    >>

    >
    > They do. But they can initiate the outgoing connection even if your
    > nat router is not passing it. The only thing that would stop it is an
    > IPTables rule set to the out side, and having all of your internet go
    > through your local PC.
    >
    > If you install DD-WRT on your router, you'll be able to do the same at
    > that device, but the standard Linksys firmware does not have a
    > firewall, just NAT.



    Most "home" routers, including Linksys, do have a port range filter
    ability. This is for outbound traffic blocking.

    The range can be port 25 to port 25. ;-)

    Of course this will eliminate any possibility of originating mail to the
    ISP's SMTP server. If you use some form of Web mail then you can still
    originate e-mail.

    Certain IPs and/or certain MAC addresses can also be filtered.

    However I doubt that these routers can be configured to filter a certain
    service from a certain IP. For that you need a more-configurable firewall.

    A simple and easily-configurable firewall fix is to install something
    like Firestarter (it's in the APT repository), and set up the IP and
    port rules on the fly as you learn them from Firestarter's "Events" log.
    Firestarter is a GUI front end for iptables/ipchains.
    http://en.wikipedia.org/wiki/Firestarter_%28firewall%29

    It works on a per-client Unix or GNU/Linux computer though, so it can't
    be used for the Windows PC(s).

    In this case, unless you want to research for and fight some Windows
    firewall, a dedicated GNU/Linux firewall PC, with two NICs, is required.
    It could be an old junker, just modern enough to permit a Linux distro
    to install. The Ubuntu 8.04 Server Edition will probably install on a
    486DX with as little as 16 MB of RAM and a 500 MB hard drive. I have one
    running on an AMD-K6 233 with 48 MB of RAM. This is a classic "Dumpster" PC.

    If you have to buy a PC, it should cost about $1.95 total, and about
    $1.95 per month in electricity charges. However it can do other things
    at the same time, like an e-mail server, DNS server, NTP server, Web
    server, .... No monitor, keyboard nor mouse is required, just a corner
    of your basement, power, and a LAN connection.


    --
    John

    No Microsoft, Apple, AT&T, Intel, Novell, Trend Micro, nor Ford products were used in the preparation or transmission of this message.

    The EULA sounds like it was written by a team of lawyers who want to tell me what I can't do. The GPL sounds like it was written by a human being, who wants me to know what I can do.

  13. Re: Router hacked.

    On 07/28/2008 10:08 PM Bill Baka scribbled:

    > jrg wrote:
    >> On 07/28/2008 07:25 PM Bill Baka scribbled:
    >>
    >>> Belkin is such a small fish I fear them going under and having an
    >>> orphaned router.
    >>>


    an orphaned router, yes, a major problem in many households.

    >>
    >> Belkins been around longer than Cisco.
    >>

    > Look at the marketing and sales numbers, or percentage of market share.
    > Belkin is small.


    ah, that makes sense - size = quality.
    must make microsloth the best...

    >> the more you write, the dumber you sound - or is this all just a mental
    >> exercise to watch others jump through hoops?
    >>

    > Bouncing ideas never hurt, or does it pain you?


    Bouncing ideas?? You started by saying your router was hacked (an
    unlikely event but your thinking so shows maybe you should read the
    manual that came with it). I'm not going to bother to go back through
    the thread but at least 3 times we heard about your 2-major daughter
    that owns a computer you pay for that won't give it up for review - I'm
    sure this is enlightening to a whole bunch of folks, but after the 3rd
    time, yes, it pained me - and meanwhile, no concrete discussion of what
    the problem is that you started the thread for...


    > You seem to be the only jerk on the group today.


    look in the mirror, after your panic attack has passed and your daughter
    has graduated...

  14. Re: Router hacked.



    "larrys707" wrote in message
    news:Trpjk.5907$np7.4461@flpi149.ffdc.sbc.com...


    > The reason the router reset got by me is that both her system and mine
    > just looked for the router and went back to default without giving me a
    > flag of any kind.


    Vista wouldn't have done that and I think there is also a wireless setting
    on XP to say to only connect to secure networks.
    That's the trouble with XP, it can be far more secure than it is but, seven
    years ago when it was put together there wasn't the need.
    Now it needs a little thought to secure it properly just like it would with
    a seven year old linux distro.
    Most people don't do it and blame M$.
    Those people really should get vista.
    I put the incident down to user error and hope everyone that's reading
    learns a little from the experience.





  15. Re: Router hacked.



    "larrys707" wrote in message
    news:Gnojk.19289$N87.540@nlpi068.nbdc.sbc.com...
    > This is a semi-Ubuntu question concerning Linksys routers. Comcast
    > killed my port 25 outgoing e-mail claiming I was spamming and I have a
    > WRT54G, but considering a GL and DD-WRT. Has anyone else had a wireless
    > compromised like this? It was in 'open' unprotected mode for a while
    > after a power glitch last week and apparently a war driver got into it
    > before I found out. The wireless 802.11G is for my daughter's college
    > work on her laptop and I haven't been able to catch her to get her MAC
    > again, and lock out all others.


    Locking out MACs doesn't work very well, all you do is scan the network
    until you see a MAC and then spoof it.
    It may deter someone who is in a hurry if there are no machines transmitting
    or they may just try a brute force scan if they have a week or two to waste.
    Its another layer in the security.. just not a very good one.




  16. Re: Router hacked.



    "HiTech RedNeck" wrote in message
    news:xgujk.8708$vn7.5347@flpi147.ffdc.sbc.com...


    > If you have verified that the router actually forgot to be in WPA mode,
    > that's awfully naughty of it, power glitch or no. You might want to give
    > a
    > shout in some Cisco newsgroups (Linksys is owned by Cisco). However, it's
    > also possible that through a hack of a (most likely) Windows machine, a
    > command got sent to the router at its normal default IP address to TELL it
    > to go into unprotected mode.


    Doesn't that require you to leave the router unprotected?
    These attacks only work if the user leaves the default password AFAIK.
    I haven't seen one that does a brute force attack yet.

    > Such a hack can happen through a virus or
    > through visiting an engineered or compromised web page with Javascript or
    > buffer overflow, etc. exploits in it. You might also want to consider a
    > different wireless router (Belkin/My Essentials is one of many) that lets
    > you set an administrative password on it, then set a nontrivial
    > administrative password as well as changing the IP address of its LAN to
    > something other than the default 192.168.2.X or whatever it may be.


    They all allow passwords AFAIK, many users don't set them.
    >
    >


  17. Re: Router hacked.

    John F. Morse wrote:
    >
    >
    > Most "home" routers, including Linksys, do have a port range filter
    > ability. This is for outbound traffic blocking.
    >
    > The range can be port 25 to port 25. ;-)
    >
    > Of course this will eliminate any possibility of originating mail to
    > the ISP's SMTP server. If you use some form of Web mail then you can
    > still originate e-mail.

    I can't since I still have professional contacts and such that have to
    look semi-dignified.
    >
    > Certain IPs and/or certain MAC addresses can also be filtered.

    The first thing I did was to allow only one MAC and to exclude all others.
    >
    > However I doubt that these routers can be configured to filter a
    > certain service from a certain IP. For that you need a
    > more-configurable firewall.

    I found that out early on.
    >
    >
    > A simple and easily-configurable firewall fix is to install something
    > like Firestarter (it's in the APT repository), and set up the IP and
    > port rules on the fly as you learn them from Firestarter's "Events"
    > log. Firestarter is a GUI front end for iptables/ipchains.
    > http://en.wikipedia.org/wiki/Firestarter_%28firewall%29
    >
    > It works on a per-client Unix or GNU/Linux computer though, so it
    > can't be used for the Windows PC(s).

    I know about Firestarter but have had zero problems with Ubuntu.
    >
    > In this case, unless you want to research for and fight some Windows
    > firewall, a dedicated GNU/Linux firewall PC, with two NICs, is
    > required. It could be an old junker, just modern enough to permit a
    > Linux distro to install. The Ubuntu 8.04 Server Edition will probably
    > install on a 486DX with as little as 16 MB of RAM and a 500 MB hard
    > drive. I have one running on an AMD-K6 233 with 48 MB of RAM. This is
    > a classic "Dumpster" PC.

    I do have a spare clunker of only 1.8GHz so I definitely 'could' do that
    if I had room. I can't see the wood on my desk because of all the
    computer stuff already living there.
    >
    >
    > If you have to buy a PC, it should cost about $1.95 total, and about
    > $1.95 per month in electricity charges. However it can do other things
    > at the same time, like an e-mail server, DNS server, NTP server, Web
    > server, .... No monitor, keyboard nor mouse is required, just a corner
    > of your basement, power, and a LAN connection.
    >
    >

    I have thought about using that 'old' one for something.
    Thanks,
    More wheels turning.
    Bill Baka

  18. Re: Router hacked.

    dennis@home wrote:
    >
    >
    > "larrys707" wrote in message
    > news:Trpjk.5907$np7.4461@flpi149.ffdc.sbc.com...
    >
    >
    >> The reason the router reset got by me is that both her system and mine
    >> just looked for the router and went back to default without giving me a
    >> flag of any kind.

    >
    > Vista wouldn't have done that and I think there is also a wireless
    > setting on XP to say to only connect to secure networks.
    > That's the trouble with XP, it can be far more secure than it is but,
    > seven years ago when it was put together there wasn't the need.
    > Now it needs a little thought to secure it properly just like it would
    > with a seven year old linux distro.
    > Most people don't do it and blame M$.
    > Those people really should get vista.
    > I put the incident down to user error and hope everyone that's reading
    > learns a little from the experience.
    >
    >
    >
    >

    Vista and me minus my $$$ is never going to happen.
    Experience is *not* the problem since I have used an acoustic to couple
    to the main frame at work back in 1978.
    No user error here, just a power glitch/router problem from Hell.
    Bill Baka

  19. Re: Router hacked.

    dennis@home wrote:
    >
    >
    > "larrys707" wrote in message
    > news:Gnojk.19289$N87.540@nlpi068.nbdc.sbc.com...
    >> This is a semi-Ubuntu question concerning Linksys routers. Comcast
    >> killed my port 25 outgoing e-mail claiming I was spamming and I have a
    >> WRT54G, but considering a GL and DD-WRT. Has anyone else had a wireless
    >> compromised like this? It was in 'open' unprotected mode for a while
    >> after a power glitch last week and apparently a war driver got into it
    >> before I found out. The wireless 802.11G is for my daughter's college
    >> work on her laptop and I haven't been able to catch her to get her MAC
    >> again, and lock out all others.

    >
    > Locking out MACs doesn't work very well, all you do is scan the
    > network until you see a MAC and then spoof it.
    > It may deter someone who is in a hurry if there are no machines
    > transmitting or they may just try a brute force scan if they have a
    > week or two to waste.
    > Its another layer in the security.. just not a very good one.
    >
    >
    >

    That part I know about, but with even Playstations sending out wireless
    I don't think any of the local crooks would take the time.

  20. Re: Router hacked.

    dennis@home wrote:
    >
    >
    > "HiTech RedNeck" wrote in
    > message news:xgujk.8708$vn7.5347@flpi147.ffdc.sbc.com...
    >
    >
    >> If you have verified that the router actually forgot to be in WPA mode,
    >> that's awfully naughty of it, power glitch or no. You might want to
    >> give a
    >> shout in some Cisco newsgroups (Linksys is owned by Cisco). However,
    >> it's
    >> also possible that through a hack of a (most likely) Windows machine, a
    >> command got sent to the router at its normal default IP address to
    >> TELL it
    >> to go into unprotected mode.

    >
    > Doesn't that require you to leave the router unprotected?
    > These attacks only work if the user leaves the default password AFAIK.
    > I haven't seen one that does a brute force attack yet.

    I did change the password after I got it set up.
    >
    >> Such a hack can happen through a virus or
    >> through visiting an engineered or compromised web page with
    >> Javascript or
    >> buffer overflow, etc. exploits in it. You might also want to consider a
    >> different wireless router (Belkin/My Essentials is one of many) that
    >> lets
    >> you set an administrative password on it, then set a nontrivial
    >> administrative password as well as changing the IP address of its LAN to
    >> something other than the default 192.168.2.X or whatever it may be.

    >
    > They all allow passwords AFAIK, many users don't set them.

    I do. Passwords on everything these days. I was definitely not born
    yesterday, nor even the last 2 half centuries.
    Bill Baka
    >>
    >>


+ Reply to Thread
Page 2 of 4 FirstFirst 1 2 3 4 LastLast