Have I been hacked?

philstanbridge

philstanbridge

philstanbridge

Man of Honour
Joined
18 Oct 2002
Posts
8,558
Location
West Coast of Scotland
Okay this is the situation - I couldn't sleep, so I was up on my pc at 3am. I noticed on my router, that there was a laptop connected, although it wasn't mine - it was unrecognized and it had downloaded/uploaded 25k worth of files. My laptop was off, (although in hibernation mode) and that doesn't normally show on my router in that state. My router (Belkin N1) was displaying 2 connections, 1 desktop (mine) and 1 laptop (unrecognized :eek:). At that point I disconnected the router. When I restarted the laptop had disappeared as you would have expected.

My system logs don't appear any different this is what is confusing me :confused:

I have had some problems with messenger (password issues) and have had a couple of oddities with my NAS since I installed it, but generally everything has been behaving. My AV software doesn't report anything untoward at the moment, although when I first installed it, some time ago, it reported 4 open ports which I closed.

So can you gurus offer any advice here? First of all, how can I be sure I haven't been attacked - secondly, what to do about potential problems in the future?
 
I would get a better Wifi password and change the security to WPA2 if your router supports it.

If you have any shared folders on the network, use permissions so no one but you has access.
 
If your ssid is broadcasting, don't. Make your password >15 characters and use symbols, letters and numbers. Restrict access through mac addresses.
 
SiriusB said:
I would get a better Wifi password and change the security to WPA2 if your router supports it.

If you have any shared folders on the network, use permissions so no one but you has access.
Click to expand...

Okay cheers. I have changed my security to WPA2. I have shared folders via the NAS, and they can only be accessed if you can access the NAS - I'm not sure about passwords for permissions etc, I need to find out!
 
nkata said:
If your ssid is broadcasting, don't. Make your password >15 characters and use symbols, letters and numbers. Restrict access through mac addresses.
Click to expand...

Roger that - cleared SSID broadcasting. Not sure how I will be able to connect wirelessly now that I've done that but I will find out.
 
bledd. said:
You sure it wasn't your NAS showing up on it?
Have you linked a mobile phone to it?
Click to expand...

My Synology doesn't show up on the router like that - this was a laptop specific device (judging by the icon). I have a mobile phone but no bluetooth adapter in the pc, so it wasnt that either.

My net connection is terrible today, I have just had to switch the router off again and restart it.
 
nkata said:
If your ssid is broadcasting, don't.
Click to expand...

Utterly, utterly pointless. Just about every single tool used to crack wifi encryption can find the SSID whether it broadcasting or not.

philstanbridge said:
Okay cheers. I have changed my security to WPA2. I have shared folders via the NAS, and they can only be accessed if you can access the NAS - I'm not sure about passwords for permissions etc, I need to find out!
Click to expand...

With NTFS permissions you can set which usernames on the machine can access those files. So if you access the share you will be prompted for the username/password of an account on the machine hosting the share.

The settings are under the Security tab on the folder properties. Plenty of stuff on the Internet about it, but it is fairly straight forward.

philstanbridge said:
Roger that - cleared SSID broadcasting. Not sure how I will be able to connect wirelessly now that I've done that but I will find out.
Click to expand...

You can leave your SSID broadcasting as it makes no difference as I said above. However, without it broadcasting you just usually have to manually connect to the wifi the first time. Windows usually gives this option. Once connected you don't need to do it again as it will automatically find it in future.
 
What about turning down the WiFi power so they can't pick it up from.their car which I assume they are with a laptop
 
philstanbridge said:
It was using WEP.
Click to expand...
There's the problem. WEP is very unsecure and can be easily cracked. You should change the encryption to WPA2 with a strong password. Also, as SiriusB has said, turning off SSID broadcasting is completely pointless as cracking tools will find the SSID regardless of whether it is broadcasting. You're better off having it broadcasting, because it'll probably be more of an inconvenience to you if it isn't.
 
I just delete my public folders as i dont want to share anything and if i decide to transfer files between to machines i just do it through team viewer :)

Is there a way of knowing what encryption your router supports? i have a netgear and its using wpa-psk, there other other options when i log into the router like wpa2-psk, wpa-psk+wpa2-psk. Is it a matter of just trying all the different ones and see if it lets you connect?

I hate wireless at home to be fair i have my router wired to my desktop but have to you wireless for my lappy :(
 
I have mine locked down so that only approved mac addresses are allowed to connect. It's a pain to set up a new device (well takes 60 seconds longer...), but as far as I'm aware it's secure.
 
Lee said:
I have mine locked down so that only approved mac addresses are allowed to connect. It's a pain to set up a new device (well takes 60 seconds longer...), but as far as I'm aware it's secure.
Click to expand...

MAC spoofing is easy. Restricting MAC addresses isn't really a security feature.
 
You must log in or register to reply here.
Back
Top Bottom