wireless router hacked -

wireless router hacked - "machine name" ...?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
wireless router hacked - "machine name" ...? Danny Boy 05-02-2007
Posted by Danny Boy on May 2, 2007, 9:08 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi, a while back, someone hacked into my 2wire wireless router, switched
wireless back on, used it for few weeks and departed. The only trace they
left behind is "machine name" (282XH41D3 ) .

which I'm not sure means anything. I've since re-booted the device and
installed a more complex password, so no problem so far.

Can a person be traced by this "machine name" or is that something that can
be spoofed as well?

thanks for any input ...

Daniel.




Posted by Mr. Arnold on May 2, 2007, 9:19 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>
> Can a person be traced by this "machine name" or is that something that
> can
> be spoofed as well?
>

Where are you going to trace the name to? You can't do it. You can only
trace the name of the machine when it's connected to the LAN.

For a novice wireless hacker, the link might stop them. For anyone with some
expertise, you can't stop them.

http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm


Posted by Gerald Vogt on May 2, 2007, 9:21 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Danny Boy wrote:
> Hi, a while back, someone hacked into my 2wire wireless router, switched

How did they hack into the router?

> wireless back on, used it for few weeks and departed. The only trace they
> left behind is "machine name" (282XH41D3 ) .

Where exactly did you find this machine name?

> which I'm not sure means anything. I've since re-booted the device and
> installed a more complex password, so no problem so far.

If someone hacked into the router they may have replaced the firmware on
the router to keep a back door open. Simply replacing the password may
not help at all. You should download the latest firmware for your
router, reset the router completely, upgrade the router with this new
firmware, then reset once more and reconfigure the router. If the
firmware upgrade was successful it should have removed anything the
hackers might have left behind. Although you cannot be 100% sure unless
you sent the router to support and have the router properly reflashed.

> Can a person be traced by this "machine name" or is that something that can
> be spoofed as well?

Generally, you can assign any name you like to a computer thus it won't
help you to trace someone.

Gerald

Posted by Danny Boy on May 3, 2007, 4:15 am
If you were  Registered and logged in, you could reply and use other advanced thread options
> > Hi, a while back, someone hacked into my 2wire wireless router, switched
>
> How did they hack into the router?

my guess is during an electical outage, the router went offline and reset to
defaults; anyone can find generic default passwords on the internet and log
in. i've logged into a neighbor's wireless myself that way.

> Where exactly did you find this machine name?

the machine name was in the router at the time they were connected, and now
it remains as an option in one of the routers drop-down menu's for "allow
users thru the firewall to hosted applications". (ie, on the drop-down menu
is my IP - 192.168.1.64 and this other "machine name"...)



one other question ... I often test my inbound protection status with Steve
Gibson's (www.grc.com) "Shields Up" utility. In past years, I always
maintained "stealth" status on all ports, but now, due to some combo of
OS/firewalls/routers, my common ports are not "stealth" but "closed".

one of the options in the management console of this 2wire (wireless)
router/modem is a checkbox that enables "steath mode" ... which, when tested
against Sheilds Up, now reports all ports stealthed. However, my FTP is now
burdenend with an extra wait-time for the hand-shake and SMTP often fails
downright. no explanation given in any of their online documentation.

any comments appreciated...


Dan



Posted by Gerald Vogt on May 3, 2007, 7:37 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Danny Boy wrote:
>>> Hi, a while back, someone hacked into my 2wire wireless router, switched
>> How did they hack into the router?
>
> my guess is during an electical outage, the router went offline and reset to
> defaults; anyone can find generic default passwords on the internet and log
> in. i've logged into a neighbor's wireless myself that way.

That's why you always should check your equipment after events like
power outages or thunderstorms...

>> Where exactly did you find this machine name?
>
> the machine name was in the router at the time they were connected, and now
> it remains as an option in one of the routers drop-down menu's for "allow
> users thru the firewall to hosted applications". (ie, on the drop-down menu
> is my IP - 192.168.1.64 and this other "machine name"...)

That name is user defined. Unless you accidentally find the name
somewhere there is little you can do. You could leave the router running
as before and wait until they connect again. If they connect through
wireless you may be able to locate them...

> one other question ... I often test my inbound protection status with Steve
> Gibson's (www.grc.com) "Shields Up" utility. In past years, I always
> maintained "stealth" status on all ports, but now, due to some combo of
> OS/firewalls/routers, my common ports are not "stealth" but "closed".

"Stealth" is one of the most useless things in the internet world.
"Stealth" does not exist. A computer/router that does not answer is not
an "invisible" computer but simply a computer that does not answer. It
is almost like you would be standing in the middle of the street and
would not answer to anyone who talks to you: you are not stealthed but
very visibly there. You are just not answering.

Really stealth would be if everything was as if you were actually not
there. A computer that is not there, i.e. an IP address which is unused,
would have the upstream router return an error to an sender. If the
upstream router returns this error, it looks as if you are not there.
Then you would be really stealthed.

But all that "stealthing" which software firewalls and some routers do
is not worth the money. It may actually increase the incoming traffic to
your router/computer as any accidental sender to your IP address will
usually retry the connections several times if the answer times out. If
however the sender gets the "port closed" immediately as reply there
won't be retransmissions.

The important thing is that all your ports are closed. If everything is
closed you are secured.

Gerald

Similar ThreadsPosted
why wireless router cheaper than plain router? June 15, 2005, 11:40 am
Wireless router November 28, 2005, 2:18 pm
DLink 614+ wireless router & Go To My PC --- unable to connect - HELP!! December 2, 2004, 8:52 am
Cisco 501 Pix - Cable Modem - Wireless Router..... November 2, 2006, 8:50 pm
Watchguard soho6 & Airlink SuperG Wireless Router September 20, 2005, 3:21 pm
Automate MAC & HOSTNAME changes in Linksys WRT54G NAT wireless router May 20, 2007, 1:50 am
Which of these is a good small hotel travel wireless router? May 23, 2007, 10:06 pm
First time home wireless - how to match PC to router - setup question June 9, 2007, 4:00 pm
Script to disconnect Linksys WRT54G wireless router on Windows November 19, 2007, 12:15 pm
Port forwarding with different internal/external ports on Linksys wireless G router August 6, 2004, 6:56 pm

The site map in XML format XML site map

Contact Us | Privacy Policy