Hi, a while back, someone hacked into my 2wire wireless router, switched wireless back on, used it for few weeks and departed. The only trace they left behind is "machine name" (282XH41D3 ) .
which I'm not sure means anything. I've since re-booted the device and installed a more complex password, so no problem so far.
Can a person be traced by this "machine name" or is that something that can be spoofed as well?
thanks for any input ...
Daniel.
Where are you going to trace the name to? You can't do it. You can only trace the name of the machine when it's connected to the LAN.
For a novice wireless hacker, the link might stop them. For anyone with some expertise, you can't stop them.
How did they hack into the router?
Where exactly did you find this machine name?
If someone hacked into the router they may have replaced the firmware on the router to keep a back door open. Simply replacing the password may not help at all. You should download the latest firmware for your router, reset the router completely, upgrade the router with this new firmware, then reset once more and reconfigure the router. If the firmware upgrade was successful it should have removed anything the hackers might have left behind. Although you cannot be 100% sure unless you sent the router to support and have the router properly reflashed.
Generally, you can assign any name you like to a computer thus it won't help you to trace someone.
Gerald
my guess is during an electical outage, the router went offline and reset to defaults; anyone can find generic default passwords on the internet and log in. i've logged into a neighbor's wireless myself that way.
the machine name was in the router at the time they were connected, and now it remains as an option in one of the routers drop-down menu's for "allow users thru the firewall to hosted applications". (ie, on the drop-down menu is my IP - 192.168.1.64 and this other "machine name"...)
one other question ... I often test my inbound protection status with Steve Gibson's
one of the options in the management console of this 2wire (wireless) router/modem is a checkbox that enables "steath mode" ... which, when tested against Sheilds Up, now reports all ports stealthed. However, my FTP is now burdenend with an extra wait-time for the hand-shake and SMTP often fails downright. no explanation given in any of their online documentation.
any comments appreciated...
Dan
That's why you always should check your equipment after events like power outages or thunderstorms...
That name is user defined. Unless you accidentally find the name somewhere there is little you can do. You could leave the router running as before and wait until they connect again. If they connect through wireless you may be able to locate them...
"Stealth" is one of the most useless things in the internet world. "Stealth" does not exist. A computer/router that does not answer is not an "invisible" computer but simply a computer that does not answer. It is almost like you would be standing in the middle of the street and would not answer to anyone who talks to you: you are not stealthed but very visibly there. You are just not answering.
Really stealth would be if everything was as if you were actually not there. A computer that is not there, i.e. an IP address which is unused, would have the upstream router return an error to an sender. If the upstream router returns this error, it looks as if you are not there. Then you would be really stealthed.
But all that "stealthing" which software firewalls and some routers do is not worth the money. It may actually increase the incoming traffic to your router/computer as any accidental sender to your IP address will usually retry the connections several times if the answer times out. If however the sender gets the "port closed" immediately as reply there won't be retransmissions.
The important thing is that all your ports are closed. If everything is closed you are secured.
Gerald
In article , Danny Boy wrote: : :one of the options in the management console of this 2wire (wireless) :router/modem is a checkbox that enables "steath mode" ... which, when tested :against Sheilds Up, now reports all ports stealthed. However, my FTP is now :burdenend with an extra wait-time for the hand-shake and SMTP often fails :downright. no explanation given in any of their online documentation. : :any comments appreciated...
If you have port 113 in stealth mode, servers that send an ident probe during connection setup will wait for a timeout before proceeding.
On May 3, 3:15 am, "Danny Boy" wrote:
generally you should have some higher level security on your router such as wpa2, added mac address filtering, things like that even though we all know that they can be cracked/spoofed etc. but most hackers tend to look for easy targets and there are alot of people out there running the old linksys ssid with default passwords so why spend the time to break in to your system, well unless they are purposefully wanting to attack your router specifically they won't easy targets my friend easy targets. Next if you got your 2wire router from the the pathetic isp of your choice they typically ship with the default password of the last 6 or 7 digits of your phone number that is on the service agreement i have seen several models that even if you change the password in the settings the default password will still work, and lets face it getting someones phone number is childsplay. If you can i would suggest throwing two wire out the window and then shooting it repeatedly i've never had good experiences with them, replacing it with a linksys or dlink, or in my paranoid case cisco aironet and pumping up security should help prevent cases like this in the future but wireless is far from secure even in the best setups so if you aren't willing to live with the possibility of someone getting on your network disable the wireless feature on your router. (note that long term power outages may reset some of the values to default including wireless on most of these cheap routers, not typically your password or security configs though)
Well now that my two-wire bashing is over, there is no such thing as stealth mode over wireless anyone with a good sniffer/port scanner can still get any information that is hidden by this stealth mode feature they just have to have a little more skill to do it and lets face it anything that they will need to do this is free, online and readily documented. close your ports, batten down the services, and hope for the best :)
Brett
the only thing stealth mode does is slows non thread aware probes down, or ties them up with many tcp connections, if you intend to see if a computer is there or not though, you dont just try telnetting any old port, you go for the obvious ones, 21,22,23,25,80,81,110,113, etc... if you any services listening on those ports, they gotta say hi innit!! so if you run servers, dont bother with stealth
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.