Results 1 to 10 of 10

Thread: Wireless Question..

  1. #1
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    1

    Question Wireless Question..

    Well I can't post in the wireless section for some reason but here will work hopefully :P.

    I'm using a D-Link DGL-4300 Wireless Router and it seems to be getting hacked or cracked somehow every day or so and settings changed, I've upgraded the firmware to the latest, made entirely random passwords that would seem to be a little hard to crack (unless there is a serious exploit in the router that isn't anywhere to be found after looking).

    I figured it had to be a keylogger and they were just grabbing the password everytime I reset the router; So I reformatted and still happens again. I'm wondering how exactly this is possible and how to prevent it?

    Thanks for any help.
    *Edit: This is the second router (same model) That this has been happening too. Thought maybe it was a single problem just to that router but I was wrong.

  2. #2
    Junior Member delusr's Avatar
    Join Date
    Jul 2007
    Posts
    31

    Default Some advice

    1. Set up an IDS like Snort that comes with backtrack.

    2. Remove every device from the the router/modem except for the machine running backtrack.

    3. Set up router mac address filtering for the backtrack rig that your about to connect to the router/modem.

    4. Spend a few weeks learning how to use snort and read its logs.

    or

    1. Set up a honey pot server and let them in for a surprise.

    Cheers

  3. #3
    Member imported_blackfoot's Avatar
    Join Date
    Jun 2007
    Posts
    386

    Default reset

    Do a hard reset on the AP.

    Use a CAT5 ethernet connection into the back of the AP.

    Set WPA2 and AES and reset the administration password.

    Reset again using a power down-up cycle and check settings before removing the ethernet cable.

    I see from the web that this is a 'gaming router' preset to open ports for popular games. It may be that your device is 'left open' by default. You might pay attention to what ports are open and lock them down to derive a solution. Since it appears that you can host an ftp or game server through this router maybe it has been left open to attack by default. Check the Advanced Settings Section.

    Other members here may have particular knowledge of this system.
    Lux sit

  4. #4
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by blackfoot View Post
    Do a hard reset on the AP.

    Use a CAT5 ethernet connection into the back of the AP.

    Set WPA2 and AES and reset the administration password.

    Reset again using a power down-up cycle and check settings before removing the ethernet cable.

    I see from the web that this is a 'gaming router' preset to open ports for popular games. It may be that your device is 'left open' by default. You might pay attention to what ports are open and lock them down to derive a solution. Since it appears that you can host an ftp or game server through this router maybe it has been left open to attack by default. Check the Advanced Settings Section.

    Other members here may have particular knowledge of this system.
    In addition to those: If there's an option to disable the Administration web from any interface other than Ethernet, then set it as such. Meaning, no web admin from the wireless or WAN interfaces (if it has a WAN interface).
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  5. #5
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Quote Originally Posted by streaker69 View Post
    In addition to those: If there's an option to disable the Administration web from any interface other than Ethernet, then set it as such. Meaning, no web admin from the wireless or WAN interfaces (if it has a WAN interface).
    This is by far one of the best security mesures I have ever put in place on my home set up.

  6. #6
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    4

    Default

    You could use mac address filtering as well.

  7. #7
    Junior Member wvdmc's Avatar
    Join Date
    Jul 2007
    Posts
    32

    Default

    Quote Originally Posted by unusualbob View Post
    You could use mac address filtering as well.
    That takes about 2 seconds to get around.

  8. #8
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by unusualbob View Post
    You could use mac address filtering as well.
    MAC Filtering is not a security method.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  9. #9
    EnculeurDePoules
    Guest

    Default

    Quote Originally Posted by streaker69 View Post
    MAC Filtering is not a security method.
    yes it is!
    Because if you see:
    DE:AD:BE:EF:66: 6E
    you would die from laughing, and consequently wont hack!!!

    ps: can someone post the funny Macs we can make, I saw it once it was amusing!

  10. #10
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    8

    Default

    @EnculeurDePoules

    Take a look here for funny MACs:

    h*ttp://de.wikipedia.org/wiki/Hexspeak
    h*ttp://en.wikipedia.org/wiki/Hexspeak

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •