Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Help i think im being attacked

  1. #1
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    2

    Default Help i think im being attacked

    so umm i log on other day and all the sudden everywhere i go i get directed to a "linksys" page now its a little fishy to me that its kinda blank n auto download popup.

    anyways i think it might be a mitm attack or w.e?

    is there any other attack i might be scared of?
    i mean if i dont download anything then there is no way they can access my pc can they?

    im running windows xp sp3 i dont know what else u need to know plz hit me up

  2. #2
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Well maybe we should know about your setup, which router you use, how you are connected. If you are running wireless, did you try to connect via a cable and see if the behaviour is the same?
    Which URL does it open?

    And I moved it to a different section.
    Tiocfaidh ár lá

  3. #3
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default

    Quote Originally Posted by xeven View Post
    so umm i log on other day and all the sudden everywhere i go i get directed to a "linksys" page now its a little fishy to me that its kinda blank n auto download popup.

    anyways i think it might be a mitm attack or w.e?

    is there any other attack i might be scared of?
    i mean if i dont download anything then there is no way they can access my pc can they?

    im running windows xp sp3 i dont know what else u need to know plz hit me up
    What's the brand of the router you're connected to? What does the page say? If you have your PC updated with the last updates, as well as all your programs that access the internet, i think you have nothing to worry about.

  4. #4
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Default

    If you are getting redirected to some linksys page using IE than try with firefox and check still that thing is happening.if yes then some spywares are playing in your pc.check with the task manager regarding suspicious looking processes.

  5. #5
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by xeven View Post
    i mean if i dont download anything then there is no way they can access my pc can they?
    How do you know you don't/didn't download anything? The term "drive-by-download" comes to mind in your above phrasing. But in reality its probably nothing to worry about.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  6. #6
    Junior Member
    Join Date
    Sep 2009
    Posts
    35

    Default

    Reset Internet explorer back to its factory defaults in tools-options-advanced settings also turn off all the plugins that you didn't install or don't use.

    you also probably want to check for trojans and spyware spybot search and destroy is a good free program to use for windows machines The home of Spybot-S&D!

    You also probably want to check and make sure your wireless router Is locked down if your still using a default linksys setup which works fine out of the box anyone can change the dns servers by logging into it with the default passwords.

    also you should change your wireless router to wpa/psk2 encryption rather than unencrypted or wep encryption and use a strong password... no words or names and birthdates

    also turn of remote login services and if you must use network shares make sure that their protected by a strong password.

    Good Luck

    Dlradlt
    Just cause I don't have ten thousand posts don't mean I'm a newbie or a Idiot ! :cool: The only dumb question is the one you don't ask Google first! ;) The biggest problem I had as a Linux newbie was I didn't know to ask Google the right questions!:eek:

  7. #7
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default

    Quote Originally Posted by dlradlt View Post
    You also probably want to check and make sure your wireless router Is locked down if your still using a default linksys setup which works fine out of the box anyone can change the dns servers by logging into it with the default passwords.

    also you should change your wireless router to wpa/psk2 encryption rather than unencrypted or wep encryption and use a strong password... no words or names and birthdates
    It can also be someone playing with Airbase, in which case, changing the encryption won't matter (i think)

  8. #8
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Knowing your setup would be good, as others have mentioned. Is it a wired or wireless connection, what model router are you using, do you have a normal private network connected via NAT setup, are you running a web proxy server etc?

    Id start testing various things to identify which component may be causing the problem. If connecting via wireless, try wired. Try using a different browser. Try using a different PC or a different Operating System (e.g. BackTrack booting from DVD or USB). Change the MAC address if you don't have a different PC, and try a different internal IP address too. Check your DNS resolution to ensure its working correctly. Try direct connections to external web servers using netcat to see if its a browser issue. Identifying which conditions allow this redirection to happen and which don't will help in determining what is going on.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  9. #9
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    2

    Default

    umm google.com any page redirects. also cant really connect via cable router to far wrt something gotta check its wireless G almost everyone has.
    its open....(i know i know, im putting a wpa its my brothers fault its kinda his shit his room he pays for it but now he blames me, he keeps it open for his wireless xbox connect) but it does seem like someone else is def ****ing with me n it stops n goes away.
    btw the linksys download page is very simple says security update please download and update firmware to continue web-browsing.
    but my main question is this
    i did NOT download it but is there anyhing else he can do to me? i mean can u give me a heads up of things i should look for

  10. #10
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default

    Quote Originally Posted by xeven View Post
    umm google.com any page redirects. also cant really connect via cable router to far wrt something gotta check its wireless G almost everyone has.
    its open....(i know i know, im putting a wpa its my brothers fault its kinda his shit his room he pays for it but now he blames me, he keeps it open for his wireless xbox connect) but it does seem like someone else is def ****ing with me n it stops n goes away.
    btw the linksys download page is very simple says security update please download and update firmware to continue web-browsing.
    but my main question is this
    i did NOT download it but is there anyhing else he can do to me? i mean can u give me a heads up of things i should look for
    By what you're describing, it looks like someone is using a tutorial like the one in this forums (or the very same tutorial) about fakeAP's. Just to be sure, you could try to identify the MAC addresses of your router and the network you're connected to (while that page appears to you) and if they don't match, that's because you're being attacked by someone using a fakeAP. Then I'd advise you to tell your brother to contact local authorities and explain the situation. They should be able to track down the source of the attack. At least in my country they can. I'm almost sure that linksys won't force their users to download anything in order to continue to access the internet.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •