dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
13
share rss forum feed

HELLFIRE
Premium
join:2009-11-25
kudos:19

1 recommendation

reply to SeanG

Re: How to detect..

said by SeanG:

however, I'd like to know why the intruder if in fact there is one was not detected on my router.

1. as other have said, get rid of WEP and go to a stronger encryption scheme. Also change the wireless password on a
semi-regular basis.

2. If your gear is home use / low end, tracking "intruders" is going to be difficult. Two places you'd want to check
is wireless associations and the router's ARP table, which for most home / low end use you have to manually check.

If possible, you could look into routers that are amenable to being modded with alternate firmwares -- DDWRT, Tomato, etc.
-- which offer MUCH more functionality. One especially useful feature is the ability to monitor bandwidth utilization
to see if something screwy's going on or not, which from the sounds of it is basically what started the whole gongshow.

3. ALWAYS practice endpoint safe hex -- AV, malware scanners, unknown / unwanted programs, etc. This cannot
be reiterated enough.

My 00000010bits.

Regards

SeanG

join:2013-03-07
Orleans, ON
Thanks guys, you learn something new everyday.

My issue is still not resolved...
I've done a complete check using Anti-Malwarebytes, Spybot, Virus scan from my antivirus.
And yesterday I called Rogers to help me switch to bridge mode, that was done last night.

I've also changed my long bad ass key once again to over 20 characters. (for the third time!)

So I'm completely out of ideas, however very early this morning I started to think, maybe it is my PC which runs WinXP...
In someway, somehow...it's...someone is conencting to it and it's completely undetected.
So I just might spend hours on reinstall Win XP

I also have a duel-boot with Win 7 Ultimate, I don't really run that one because most games, most old such as Diablo 2 LOD (my ten yrs old likes to play) and a few others don't run on Win 7.
Right now it's going to stay on Win 7 because my cap limit has only about 20G left out of 80G, that's correct 60G's in about 11 days!!!
And I'll just disable the internet on the WinXP, the games don't require internet to play anyways.

So aefstoggaflm I've tried the grc.com (Shield's Up), results are:
THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
(That's good news!)

This page has reported 3231 positive “exposed” results.

Is that really good news?
And it's on my Win 7 boot.

SeanG

join:2013-03-07
Orleans, ON
reply to HELLFIRE
said by HELLFIRE:

said by SeanG:

however, I'd like to know why the intruder if in fact there is one was not detected on my router.

1. as other have said, get rid of WEP and go to a stronger encryption scheme. Also change the wireless password on a
semi-regular basis.

2. If your gear is home use / low end, tracking "intruders" is going to be difficult. Two places you'd want to check
is wireless associations and the router's ARP table, which for most home / low end use you have to manually check.

If possible, you could look into routers that are amenable to being modded with alternate firmwares -- DDWRT, Tomato, etc.
-- which offer MUCH more functionality. One especially useful feature is the ability to monitor bandwidth utilization
to see if something screwy's going on or not, which from the sounds of it is basically what started the whole gongshow.

3. ALWAYS practice endpoint safe hex -- AV, malware scanners, unknown / unwanted programs, etc. This cannot
be reiterated enough.

My 00000010bits.

Regards

Oh Hellfire, I know WEP is garbage but like I mentioned before, I forgot I was still using it due to Nin DS's. I check my network on a regular basis using Cisco Network Magic Pro, unless this program is crap, I do see any intruders at all and it would report them or I can manually check anytime.

My antivirus is up-to-date, malware check done, unknown programs check done at least 2-3 times a week. I do have 3 others in the house (Wife & two kids age 8 & 10) and they know where they can go and if something pops-up to come get me. Told them, you break (virus or whatever), no more computer, so they don't want that to happen.


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
Reviews:
·PenTeleData
·Verizon Online DSL
reply to SeanG
said by SeanG:

So aefstoggaflm See Profile I've tried the grc.com (Shield's Up), results are:
THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
(That's good news!)
Is that really good news?

Yes, for you.

That test only test the device that is handling the public IP (WAN Level). It does not test the LAN or OS.

To test at the LAN level:

I have heard/read

quote:
»opentools.homeip.net/dev-tools-f ··· for-upnp

If you don't care about sources, just pick the developers tool package
and install it; when the setup completes you'll have a new program
group containing a number of UPnP tools; the ones we're interested into
are called Device Sniffer and Device Spy; let's start with the
first one, run it (and allow it on your firewall) and if there are any
active UPnP clients seeking for UPnP enabled devices you'll see the
discovery packets logged onto the program GUI; once done, just close
the app and fire up Device Spy, the app will send out discover
packets and show the UPnP devices it discovered (in some cases you may
need to use the rescan network to discover more devices); just let it
running (iconize it) for a while and, again, if there are any UPnP
devices sitting on the network, the app will list them.

After that is done, to test at the OS level if UPnP is enabled or not - on Windows: I point you to grc.com -> Freeware -> Security -> UnPlug n' Pray. That tool also lets you disable UPnP if it is enabled.

said by SeanG:

So aefstoggaflm See Profile
This page has reported 3231 positive “exposed” results.

Is that really good news?

For those other users, no.

I am sure that they will fix their issue..
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.

SeanG

join:2013-03-07
Orleans, ON
said by aefstoggaflm:

said by SeanG:

So aefstoggaflm See Profile I've tried the grc.com (Shield's Up), results are:
THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
(That's good news!)
Is that really good news?

Yes, for you.

That test only test the device that is handling the public IP (WAN Level). It does not test the LAN or OS.

To test at the LAN level:

I have heard/read

quote:
»opentools.homeip.net/dev-tools-f ··· for-upnp

If you don't care about sources, just pick the developers tool package
and install it; when the setup completes you'll have a new program
group containing a number of UPnP tools; the ones we're interested into
are called Device Sniffer and Device Spy; let's start with the
first one, run it (and allow it on your firewall) and if there are any
active UPnP clients seeking for UPnP enabled devices you'll see the
discovery packets logged onto the program GUI; once done, just close
the app and fire up Device Spy, the app will send out discover
packets and show the UPnP devices it discovered (in some cases you may
need to use the rescan network to discover more devices); just let it
running (iconize it) for a while and, again, if there are any UPnP
devices sitting on the network, the app will list them.

After that is done, to test at the OS level if UPnP is enabled or not - on Windows: I point you to grc.com -> Freeware -> Security -> UnPlug n' Pray. That tool also lets you disable UPnP if it is enabled.

said by SeanG:

So aefstoggaflm See Profile
This page has reported 3231 positive “exposed” results.

Is that really good news?

For those other users, no.

I am sure that they will fix their issue..

So I tried Device Sniffer it just kept on going and going with the same results (could this be because I'm using LogMeIn from work?)
Device Spy didn't do anything at all, for at least 5 mins, should I leave it longer?

I went ahead and use the Unplug n' Pray, it was enabled! But now disabled.

I'm not sure if you had read my previous post regarding Cisco Network Magic Pro?
Any idea if it's fact providing the correct info?

SeanG

join:2013-03-07
Orleans, ON
reply to aefstoggaflm
I've download the tool package and started Device Sniffer, it sniffed...and sniffed...with always the same results. Possibly because I'm connected to my PC using LogMeIn fom work?
I then tried Device Spy, got nothing at all, even after 5 mins.... should I leave it longer?

Then I went ahead and tried the Unplug n' Pray, it was enabled!
But now disabled

Also I'm not sure if you noticed one of my previous post regarding Cisco Network Magic Pro, any idea if this is any good or is it providing false information?

Thanks