Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: What would you do if you got hacked?

  1. #1
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    21

    Default What would you do if you got hacked?

    Well, since I've been experimenting on my own home network, using ettercap, wireshark, and cain and abel in windows.

    It makes me wonder what happens if I get hacked and how can I prevent it when someone breaks the wireless key. Are their any ARP detection or prevention to use. I want some extra protection, maybe something I could install on my DD-WRT wrt54gs router.

    I've read about honey pots but haven't found any good tutorials on that.



    Sorry for the stupid questions, just curious about the what if's.
    New to BT, not new to Linux.

  2. #2
    Junior Member imported_Yottabit's Avatar
    Join Date
    Oct 2008
    Posts
    26

    Default

    the first thing i would do is start capturing all network traffic or if it's easier i'd just switch off my hub.
    i ain't affraid of no script kiddie. :P
    if a solution to a problem is stupid and works, it is not stupid.

    "Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine." - Bill Gates :rolleyes:

  3. #3
    Junior Member kdiggity317's Avatar
    Join Date
    Aug 2008
    Posts
    70

    Default

    If you have an extra machine you could run a program called snort. Its an intrustion detection software. Give it a look and see what you think. Trying to do honey pots and revers "hacking" is still not legal. Try to stop it first before you worry about the what ifs.

  4. #4
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by Andy_R View Post
    Well, since I've been experimenting on my own home network, using ettercap, wireshark, and cain and abel in windows.

    It makes me wonder what happens if I get hacked and how can I prevent it when someone breaks the wireless key. Are their any ARP detection or prevention to use. I want some extra protection, maybe something I could install on my DD-WRT wrt54gs router.

    I've read about honey pots but haven't found any good tutorials on that.



    Sorry for the stupid questions, just curious about the what if's.
    A honeypot is a specific box (or a program looking like it's a box) set up to trap and observe attacks, either live or in a forensic post mortem. That isn't what you want.

    You want a box (or program) to act as an Intrusion Detection System (IDS). Snort is an excellent IDS that is scalable from a single user up to enterprise level pipes. IDS's usually work hand-in-hand with a firewall. A great firewall for is Smoothwall 3.0, which includes Snort.
    Thorn
    Stop the TSA now! Boycott the airlines.

  5. #5
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by kdiggity317 View Post
    If you have an extra machine you could run a program called snort. Its an intrustion detection software. Give it a look and see what you think. Trying to do honey pots and revers "hacking" is still not legal. Try to stop it first before you worry about the what ifs.
    Running a honeypot isn't illegal, at least I've never heard to be illegal anywhere. "Reverse cracking" may be illegal, depending on what you're doing.
    Thorn
    Stop the TSA now! Boycott the airlines.

  6. #6
    Member
    Join Date
    Sep 2008
    Posts
    146

    Default

    honey pots should be fine since you are only passivly monitoring your own network traffic. Anyone who is connected to your network and all information that passes over your network is yours unless specificly stated in some form of EULA.

    Reverse hacking is illegal however the chances of someone who is activly trying to jack your network reporting you is pretty slim. Just remember that if you get caught you are in the same legal boat as the original hacker and you forfit any legal recourse for prosecuting them.
    Morpheus: "You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in Wonderland and I show you how deep the rabbit-hole goes."

    Neo: "What if I take both?"

    Morpheus: "Don't do that! You end up like Nick Nolte!"

  7. #7
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    21

    Default

    I definately look into snort and smoothwall, I don't have a spare computer I can use for monitoring, but I can use a virtual machine.


    Basically, I'm thinking about doing a little virtual webhosting for friends and maybe a couple of local businesses to advertise their products. Of course I won't host any sites that require ssl certificates such as ecommerce sites. But I was thinking about creating my own local classifieds website, but it wouldn't have any information expect username and passwords and their email incase they lose their password.

    But I don't want anyone watching my packets, I'm thinking about getting rid of wireless, but it is useful so I don't know yet.


    So thats why I'm learning about security before I start hosting.
    New to BT, not new to Linux.

  8. #8
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Another option is openbsd's packet filter. This is what I have recently started using. Its a "firewall" sort of but really what it does is create a dedicated box with 2 nics before your router which does exactly what it says, it filters packets based on a whole range of variables which can be coded by the user via a pf.conf file. Pf can be very useful for protecting a web server but sjhould be used in combination with snort as well.

  9. #9
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by Andy_R View Post
    I definately look into snort and smoothwall, I don't have a spare computer I can use for monitoring, but I can use a virtual machine.


    Basically, I'm thinking about doing a little virtual webhosting for friends and maybe a couple of local businesses to advertise their products. Of course I won't host any sites that require ssl certificates such as ecommerce sites. But I was thinking about creating my own local classifieds website, but it wouldn't have any information expect username and passwords and their email incase they lose their password.

    But I don't want anyone watching my packets, I'm thinking about getting rid of wireless, but it is useful so I don't know yet.


    So thats why I'm learning about security before I start hosting.

    I'm running smoothwall3 on my home network. There are three network cards installed in it. One for the incoming "red" internet connection. One for the internal "green" wired connections. One for the internal "purple" wireless access point. The green network uses what Streaker calls the "baby networks" 192.168.1.0/24 range. The purple uses 192.168.2.0/24 range. Smoothwall keeps the 1.0 and 2.0 networks separate, both can get to the internet, green can go to purple, but purple can't get to green. The access point uses wpa2 with a stupidly large random character password that I keep on a thumb drive for easy cut and paste. If a wireless client needs access to the file server smoothwall has a pretty easy to set up openvpn addon that so far has worked with damn near any os I've tried setting it up on.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  10. #10
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Barry View Post
    I'm running smoothwall3 on my home network. There are three network cards installed in it. One for the incoming "red" internet connection. One for the internal "green" wired connections. One for the internal "purple" wireless access point. The green network uses what Streaker calls the "baby networks" 192.168.1.0/24 range. The purple uses 192.168.2.0/24 range. Smoothwall keeps the 1.0 and 2.0 networks separate, both can get to the internet, green can go to purple, but purple can't get to green. The access point uses wpa2 with a stupidly large random character password that I keep on a thumb drive for easy cut and paste.
    I have never called it the baby network. I have however called it the dweeb network.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •