Is my network breached??

spikey57

spikey57

spikey57

Associate
Joined
23 Sep 2008
Posts
492
Location
Sunbury-on-Thames
In the past couple of weeks I've noticed some strange happenings on our home network.

The network is wireless, and has been encrypted, however we've both come to the conclusion that it's been sniffed out.

I did a networking degree at uni, with the CCNA, and so really should have put measures in place better than just the WPA encryption, but haven't really had the time, and never encountered any problems before hand.

I was downloading over night, and woke up in the morning to find my laptop at the login screen. A couple of nights later I found that whilst downloading over night again, I woke up in the morning to discover that the program had actually been closed with no error message or anything on the screen.

This morning whilst I was getting ready, I had the download running, but my dad could not open his CD/DVD drive. As soon as my laptop was shut down, the drive opened without any problems.

Is this purely a case of unrelated coincidences? Or has someone been playing around in the night?

I'm going to be reloading my laptop Sunday evening or Monday. Whilst I'm at it, I'm thinking it would be best to further lock down our network to each devices MAC address, and implement a static IP addressing scheme.

Are there any monitoring programs that I could use to check, and also is there anyone who could offer possible causes to our 'bandwidth ghosts' if there are any.

Thanks for reading,

spikey57
 
I'll be very surprised if WPA had been breached, unless you're using dictionary works as your pre-shared key.

Mac filtering isn't secure, at all.

If there is a problem, I'd suggest that your laptop has been compromised, and nothing more. Is RDP open/forwarded?
 
spikey57 said:
In the past couple of weeks I've noticed some strange happenings on our home network.

The network is wireless, and has been encrypted, however we've both come to the conclusion that it's been sniffed out.

I did a networking degree at uni, with the CCNA, and so really should have put measures in place better than just the WPA encryption, but haven't really had the time, and never encountered any problems before hand.

I was downloading over night, and woke up in the morning to find my laptop at the login screen. A couple of nights later I found that whilst downloading over night again, I woke up in the morning to discover that the program had actually been closed with no error message or anything on the screen.

This morning whilst I was getting ready, I had the download running, but my dad could not open his CD/DVD drive. As soon as my laptop was shut down, the drive opened without any problems.

Is this purely a case of unrelated coincidences? Or has someone been playing around in the night?

I'm going to be reloading my laptop Sunday evening or Monday. Whilst I'm at it, I'm thinking it would be best to further lock down our network to each devices MAC address, and implement a static IP addressing scheme.

Are there any monitoring programs that I could use to check, and also is there anyone who could offer possible causes to our 'bandwidth ghosts' if there are any.

Thanks for reading,

spikey57
Click to expand...


So you did a degree in networking and are running WEP, you think your network is compromised and your solution is to enable MAC filtering and static IP's ? You've got much bigger problems than your network TBH with an answer like that. Did you never come across MAC spoofing ? WEP can be cracked very quickly and very easily no matter what the password is, if you grab enough traffic it's a doddle e.g. the victim leaves a PC on wifi downloading all night.

Check your router's logs, they'll show you who connected, when etc. Then WPA + STRONG passwords (for the avoidance of doubt based on your reply i'm talking about long random alphanumerics, a mix of upper/lower case and a few symbols.) Virus scan each PC, you are using a firewall that offers inbound and outbound filtering aren't you ?
 
Disabling DHCP and going through the hassle of manually assigning IP addresses isn't going to do much good either, given most home networks use one of a handful of IP ranges...

Edit: Avalon, he said WPA not WEP.
 
Avalon said:
So you did a degree in networking and are running WEP
Click to expand...

Reading is your friend. :rolleyes:

Check your router's logs, they'll show you who connected, when etc. Then WPA + STRONG passwords (for the avoidance of doubt based on your reply i'm talking about long random alphanumerics, a mix of upper/lower case and a few symbols.) Virus scan each PC, you are using a firewall that offers inbound and outbound filtering aren't you ?
Click to expand...

As another poster responded, I'm using WPA not WEP

Our password is a mixture of uppercase, lowercase, numerical digits and symbols. So my guess is that it might not have anything to do with that.

I know it is possible to spoof MAC addresses, but it's been a while since I've played about with the technicalities of networks.

I will be running a virus scan on each PC.

Would it be possible to recommend a good firewall, as I know that windows firewall is pathetic at best. I've not really had the time to sit down and work this out properly, as I did the best I could with the time I had when it was first set up, about 4 months ago.
 
Not that having WPA selected is automatically going to stop hackers. It can still be cracked, and in certain circumstances more easily/quickly than WEP. Have you thought about setting up a honeypot/traps or running some monitoring tools of sort if you are confident it's being hacked?
 
jaybee said:
Not that having WPA selected is automatically going to stop hackers. It can still be cracked, and in certain circumstances more easily/quickly than WEP. Have you thought about setting up a honeypot/traps or running some monitoring tools of sort if you are confident it's being hacked?
Click to expand...

This is what I'm curious about, I'm going to be having a closer look when I get back from my girlfriends on sunday.

How would you go about setting up honeytraps, as I'm quite curious about it.

What sort of tools would you recommend?
 
spikey57 said:
Reading is your friend. :rolleyes:



As another poster responded, I'm using WPA not WEP
Click to expand...

Yes we covered that pre 10am and I ate humble pie, keep up :D I'd love to see how you manage with a teething baby in one arm and 2ish hours sleep out of the last 24 but you are quite right I skim read your post.

The WEP/WPA issue aside everything else in the post was factual. Have you looked at the router/AP logs yet as from what you've posted (after the roll eyes) it's unlikely your WPA password will have been broken as you're not worth the time and more importantly the CPU power it would take to crack it in anything like a reasonable time as you're hardly MI5 or NASA. That leaves physical or remote access to your machine or random acts of God. The logs combined with a little common sense with regards access times will confirm it's just you on your network. The virus scan will confirm if it's malicious code, after that it's all services/applications you may be running.
 
Avalon said:
Yes we covered that pre 10am and I ate humble pie, keep up :D I'd love to see how you manage with a teething baby in one arm and 2ish hours sleep out of the last 24 but you are quite right I skim read your post.
Click to expand...

I would not like to try it, but I imagine a barrel of laughs it is not.

The WEP/WPA issue aside everything else in the post was factual. Have you looked at the router/AP logs yet as from what you've posted (after the roll eyes) it's unlikely your WPA password will have been broken as you're not worth the time and more importantly the CPU power it would take to crack it in anything like a reasonable time as you're hardly MI5 or NASA. That leaves physical or remote access to your machine or random acts of God. The logs combined with a little common sense with regards access times will confirm it's just you on your network. The virus scan will confirm if it's malicious code, after that it's all services/applications you may be running.
Click to expand...

I'm at work at the moment, so do not have access to it, and won't have access to it until Sunday evening probably monday evening when I get back from work earliest.

I will be checking the logs for access. I shall have a look at possible remote access, but can't see it being that.

Will be running a virus scan sunday evening.
 
I checked the options and it hasn't got these settings enabled.

I'm using Flashget, so I'm not sure whether its a case of that program. Also it doesn't explain the connection between my laptop, downloading, and my dad not being able to open his DVD drive.

My dad had to use the good ol' paperclip trick to open it. As soon as my laptop stopped downloading, and I shut it down, it could open fine.

They aren't sharing any media, or any folders like that. I'm running vista ultimate 64bit and my dad is using XP pro 32bit.
 
I remember when I saw an IP that shouldn't have beeen on my network and I started prepping for investigation and started locking everything down. I realised after about 10 minutes it was one of my virtual machines running! DOH!
 
I don't have any virtual machines running. I'm going to be reloading my laptop next week at some point, and maybe switch my download client to see how that helps. I will also sort out a firewall (suggestions would be welcome) as I know that windows firewall won't cut it. I will be looking at sorting out all the problems whilst I'm at it, maybe by simply starting from scratch. Doing a clean install of everything, a complete revamp.

May be slight overkill. But at least I'll know whats going on properly. My dad has this annoying habit of wanting to know anything and everything that I'm doing, I mean its handy in a way cos it means he can sort some stuff out if I'm not there, but he's a very paranoid person.

He also blames me for everything, as "it never happened before I moved in" or "He's never had any problems before"
 
spikey57 said:
I was downloading over night, and woke up in the morning to find my laptop at the login screen.
Click to expand...

Sounds like one of those Windows auto-updates happened and restarted the computer automatically. PITA but happens all the time.

A couple of nights later I found that whilst downloading over night again, I woke up in the morning to discover that the program had actually been closed with no error message or anything on the screen.
Click to expand...

Could have just crashed. Have had various apps like photoshop just disappear off the screen with no messages or dump report thingy.
 
You did a networking degree and you can't work out if your own network is compromised? God it's no wonder we have such trouble hiring network engineers...
 
bigredshark said:
You did a networking degree and you can't work out if your own network is compromised? God it's no wonder we have such trouble hiring network engineers...
Click to expand...

I posted this thread for useful suggestions, if I wanted to be insulted I would have posted elsewhere.

If you can't post anything useful don't post at all.

I did a networking degree, yes. However the only network troubleshooting experience I've had have been in controlled environments in the Cisco lab at uni, and I had network monitoring software to aid me, and this was only one brief module.

It only just happened this morning, and won't be home until sunday. I posted this topic to see whether anyone could give me useful suggestions, so then I can just sort it out when I get home. I had about 2 minutes to briefly look at the general issue before I had to leave for work.

I have an idea of what the cause is, and with help from other members might be onto something of a solution.
 
spikey57 said:
I did a networking degree, yes. However the only network troubleshooting experience I've had have been in controlled environments in the Cisco lab at uni, and I had network monitoring software to aid me, and this was only one brief module.
Click to expand...

No offense intended, but the guy you replied to was quite right in his exasperation. IT is flooded with people who have qualifications (many worse than yours) but sod all experience - leading to a shortage of people who can actually do the job they are hired for.

One of the other effects this has is HR departments starting to actually ask for silly things like degrees for 2nd/3rd line support roles where experience is way more valid.

Your post that you have "networking degree" but seem unable to resolve your own problem without first resorting to the internet just goes to demonstrate your lack of experience in troubleshooting complex technical issue despite having a relevant degree.

Again, I reiterate this is not a personal attack on you - more an observation of the circumstances - however it strongly highlights a serious problem in the IT industry nowadays.
 
IT is flooded with people who have qualifications (many worse than yours) but sod all experience - leading to a shortage of people who can actually do the job they are hired for.
Click to expand...

Most of us have no experience and can't get experience because no one will give us a job because we have no experience.
 
You must log in or register to reply here.
Back
Top Bottom