Announcement

Collapse
No announcement yet.

Is it possible for some hacker to get access to my modem and HUB?

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    Re: Is it possible for some hacker to get access to my modem and HUB?

    In my very old wrt54g there is a tab under "Local Network" called DHCP Clients Table that when selected shows all of the DHCP connections. but nowhere to see all connections. Mine is empty because my three computers and my wireless printer all have static IP addresses.

    Comment


      #17
      Re: Is it possible for some hacker to get access to my modem and HUB?

      The routing table and the client list are not the same thing. I don't know where the routing table is on my own router either.
      Welcome newbies!
      Verify the ISO
      Kubuntu's documentation

      Comment


        #18
        Re: Is it possible for some hacker to get access to my modem and HUB?

        If it has one, I can't find it on my WRT54g.

        Comment


          #19
          Re: Is it possible for some hacker to get access to my modem and HUB?

          It is of course possible to run something else like Tomato, but I assume we're using the original software here. On mine (wrt54gl) the routing table is under setup -> advanced routing -> show routing table but that only lists my outward facing and inward facing IP. Most of us will actually be running our routers as a gateway. Could that be the reason that GG has a different setup?

          Comment


            #20
            Re: Is it possible for some hacker to get access to my modem and HUB?

            There are several other tools you can use to see if someone has linked to your wireless, or is attacking it or your PC.

            EtherApe (as root), show the name/IP of all boxes attached to yours, and other things.

            "netstat -lp" gives a list of all connections to & from your box:
            jerry@sonyvgnfw140e:~$ sudo netstat -lp
            [sudo] password for jerry:
            Active Internet connections (only servers)
            Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
            tcp 0 0 localhost:7634 *:* LISTEN 1371/hddtemp
            tcp 0 0 localhost:ipp *:* LISTEN 1484/cupsd
            tcp 0 0 localhostostgresql *:* LISTEN 1000/postgres
            tcp 0 0 localhost:smtp *:* LISTEN 1327/exim4
            tcp 0 0 localhost:gpsd *:* LISTEN 1458/gpsd
            tcp6 0 0 localhost:ipp [::]:* LISTEN 1484/cupsd
            tcp6 0 0 localhostostgresql [::]:* LISTEN 1000/postgres
            tcp6 0 0 localhost:smtp [::]:* LISTEN 1327/exim4
            tcp6 0 0 localhost:gpsd [::]:* LISTEN 1458/gpsd
            udp 0 0 *:35121 *:* 748/avahi-daemon: r
            udp 0 0 *:bootpc *:* 2045/dhclient
            udp 0 0 *:mdns *:* 748/avahi-daemon: r
            Active UNIX domain sockets (only servers)
            Proto RefCnt Flags Type State I-Node PID/Program name Path
            unix 2 [ ACC ] STREAM LISTENING 4383 864/X /tmp/.X11-unix/X0
            unix 2 [ ACC ] STREAM LISTENING 7309 1683/ssh-agent /tmp/ssh-YIJDKM1639/agent.1639
            unix 2 [ ACC ] STREAM LISTENING 7462 1731/kdeinit4: kdei /tmp/ksocket-jerry/kdeinit4__0
            unix 2 [ ACC ] STREAM LISTENING 7478 1732/kdeinit4: klau /tmp/ksocket-jerry/klauncherMT1732.slave-socket
            unix 2 [ ACC ] STREAM LISTENING 8067 1831/kdeinit4: ksms /tmp/.ICE-unix/1831
            unix 2 [ ACC ] STREAM LISTENING 4108 748/avahi-daemon: r /var/run/avahi-daemon/socket
            And, there is nmap, if you want something more elaborate. But, I only use certain features of it so as not to tick off my ISP.

            About 10 years ago I was messing with a version of a network mapper that used Netscape to display the information. It could have been a version of SATAN or of SAINT, or some other tool. I don't remember its name, but the browser display was very sharp. Anyway, within a few minutes I was tracking all the IP addresses on my trunk of my ISP's network, the packet numbers and types, the *.254 traffic, etc. The browser displayed tons graphs and tables created by the tool for just about anything. It didn't create a response for the email I got from my ISP asking what I was doing.

            Anybody remember a browser based network mapper like that?
            "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
            – John F. Kennedy, February 26, 1962.

            Comment


              #21
              Re: Is it possible for some hacker to get access to my modem and HUB?

              I'm not entirely sure that it is even possible to know all of what is connected. I just ran ETHWHAT in DOS and it came up with most, but not all of my local IPs. It got a printer, and two Linux boxes, but it didn't pick up the (linux) server, nor itself. In fact, I can't see anything knowing if a DOS box is on the network since it doesn't have any servers running until I start them, though once it starts asking for stuff I guess you can sniff the packets. I find the best way to keep track of local IPs is to keep a list. However, the wireless (which I'm not currently using) has a list on the router and any DHCP connections will be listed there as well.

              Comment


                #22
                Re: Is it possible for some hacker to get access to my modem and HUB?

                You don't have to know any specific IP addresses to attack a box, but it is possible to know what is CONNECTED to your box. It depends on what tools you use. BUT, if another box is already connected to your box then the three-way handshake has already taken place and regular beacon packets keep the connection alive. If there are other IP addresses on your network and they are not reacting to nmap, or what ever, then they are refusing to either SYN-ACK your SYN or they are not recognizing your ACK.
                A -- SYN --> B (shieldsup starts with all ports green)
                A <-- SYN-ACK -- B (at this point shieldsup colors port blue, it is open)
                A -- ACK --> B (now shieldsup colors port red, it is connectable)
                Connection Established. The disconnect is the same sequence. TCP controls everything.
                UDP does not perform 3-way handshakes so it iis connectionless. Hence unreliable.
                If a port doesn't respond to the first SYN it is stealth. If none of the ports respond then the box is stealth.

                In my experience a decade ago I targeted my ISP's trunk sever to find out how many addresses he was serving on my trunk and if it explained why my connection was so slow. IIRC, I found 248 addresses out of a possible 255, so the trunk was almost fully loaded. (0,1, 127, 128, 254 and 255 usually have special purposes).

                Nmap is a port scanner but you can tell it to scan a block of IP addresses using CIDR style addressing. For example, 192.168.1.0/24 would scan the 256 hosts between 192.168.1.0 and 192.168.11.255. (The first three quads are constant - 3*8=24). In fact, the "0" could be any number -- the scan will cover the same range. A simple "/0" (no quads) would scan the entire Internet. Talk about killing your bandwidth and making the whole world made at you!

                SAINT goes a little farther. It then begins to test red ports with specific application vulnerabilities. Without permission of the IP address owner this is now against the law in the US, which is why I no longer use nmap or SAINT on any boxes except my own.
                "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                – John F. Kennedy, February 26, 1962.

                Comment


                  #23
                  Re: Is it possible for some hacker to get access to my modem and HUB?

                  If not your Linux system, then he'll go for your cell phone: http://venturebeat.com/2010/07/28/an...phone-network/

                  Comment


                    #24
                    Re: Is it possible for some hacker to get access to my modem and HUB?

                    Originally posted by kyonides
                    Last night I didn't turn off my modem because I thought my sister needed the internet connection late at night. Today I talked to her and asked her if she was actually using it. I learned she didn't... Even so the PC Activity light was flashing just like it does while I'm connected to the internet... I disconnected and reconnected the power cable and the same thing happened once again. So I wonder what could have happened if no one at home was actually downloading or uploading anything at all... Any clues?
                    Install wireshark, and watch the traffic flow. Look for anything unusual. Is your computer directly connected to the internet, or are you using a router / firewall?

                    If you are directly connected, are you using a local firewall?

                    It could just be normal traffic, but before anyone can help you figure that out, you need to tell us in detail what your configuration looks like.

                    If you aren't using a local firewall, and you are directly connected to the internet via the modem you are at risk to sorts of attacks including spoofing (using your MAC address to inject packets into your home network), vulnerable ports (if you have any running), etc.

                    Run chkrootkit, and rkhunter on your computer.

                    If you have been compromised, you can't trust anything on your computer as all sorts of techniques can be used to hide activity including replacing libraries and kernel drivers to mask activity. This can hide the traffic from wireshark, or even trick rkhunter. In order to do a higher level of analysis if you think something is awry, build another machine with two interfaces, and watch the traffic flow across looking for anything out of place. This is an advanced topic though, so I wouldn't recommend it unless you have a solid understanding of analyzing rooted machines. If you do find out that you are compromised, using read only media, boot clean, get your data off and rebuild.
                    Don&#39;t blame me for being smarter than you, that&#39;s your parent&#39;s fault.

                    Comment


                      #25
                      Re: Is it possible for some hacker to get access to my modem and HUB?

                      GreyGeek: You don't have to know any specific IP addresses to attack a box, but it is possible to know what is CONNECTED to your box. It depends on what tools you use. BUT, if another box is already connected to your box then the three-way handshake has already taken place and regular beacon packets keep the connection alive.
                      Wouldn't the functionality of the network card (age) be an issue here? Can any powered on and connected NIC be detected? For example, it doesn't look like you can ping a machine unless it's running some kind of ICMP server. I haven't done any testing using different NICs in this regard but my Intel LAN 595 doesn't seem to respond to anything and its packet driver is as dumb as a doorknob.

                      zlow: Install wireshark, and watch the traffic flow. Look for anything unusual. Is your computer directly connected to the internet, or are you using a router / firewall?

                      If you are directly connected, are you using a local firewall?
                      The OP didn't seem inclined to answer those questions earlier, but it looks like there might not be a firewall. I don't think Kubuntu installs a local firewall by default does it? Linux is pretty robust so I suppose one could get away without for a while but surely that would end in disaster.

                      Comment


                        #26
                        Re: Is it possible for some hacker to get access to my modem and HUB?

                        Originally posted by Ole Juul
                        GreyGeek: You don't have to know any specific IP addresses to attack a box, but it is possible to know what is CONNECTED to your box. It depends on what tools you use. BUT, if another box is already connected to your box then the three-way handshake has already taken place and regular beacon packets keep the connection alive.
                        Wouldn't the functionality of the network card (age) be an issue here? Can any powered on and connected NIC be detected? For example, it doesn't look like you can ping a machine unless it's running some kind of ICMP server. I haven't done any testing using different NICs in this regard but my Intel LAN 595 doesn't seem to respond to anything and its packet driver is as dumb as a doorknob.
                        .....
                        Age of the card isn't a problem. A machine with the firewall (or the NIC itself) set to deny Income Echo Requests by the ICMP server (or the server isn't running, which isn't usual) won't respond to a ping. As you say, pings don't work in the same TCP layer as ports do. So, by not responding to incoming Echo Request (by an Echo Reply) the box does not betray its presence.
                        IF a NIC is powered on and it (and the computer) are connected, meaning they have an IP address, the box can be scanned if either 1) the scanner knows the IP address, or 2) the IP address is among the group of addresses in a "blind scan". IF the scanned machine does not respond to the SYN with a SYN-ACK (and hence the other two steps in the 3-way handshake aren't completed) the box doing the scanning has no way of knowing if that IP address is connected to an a machine which itself IS connected to the Internet.
                        "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                        – John F. Kennedy, February 26, 1962.

                        Comment


                          #27
                          Re: Is it possible for some hacker to get access to my modem and HUB?

                          zlow: Install wireshark, and watch the traffic flow.
                          I thought I'd try that, just for fun. It's obviously not for beginners because I can't get it to do anything without having to read documentation, so what's the point in having a GUI? Putting in an interface IP simply tells me that I don't have permission. Oh well. I guess I'll go play with something else.

                          Comment


                            #28
                            Re: Is it possible for some hacker to get access to my modem and HUB?

                            Originally posted by Ole Juul
                            GreyGeek: You don't have to know any specific IP addresses to attack a box, but it is possible to know what is CONNECTED to your box. It depends on what tools you use. BUT, if another box is already connected to your box then the three-way handshake has already taken place and regular beacon packets keep the connection alive.
                            Wouldn't the functionality of the network card (age) be an issue here? Can any powered on and connected NIC be detected? For example, it doesn't look like you can ping a machine unless it's running some kind of ICMP server. I haven't done any testing using different NICs in this regard but my Intel LAN 595 doesn't seem to respond to anything and its packet driver is as dumb as a doorknob.

                            zlow: Install wireshark, and watch the traffic flow. Look for anything unusual. Is your computer directly connected to the internet, or are you using a router / firewall?

                            If you are directly connected, are you using a local firewall?
                            The OP didn't seem inclined to answer those questions earlier, but it looks like there might not be a firewall. I don't think Kubuntu installs a local firewall by default does it? Linux is pretty robust so I suppose one could get away without for a while but surely that would end in disaster.
                            Linux is pretty robust, but without a firewall any script kiddie can find his way in if there are open ports with unpatched issues. Just as important, there are a number of packet injection attacks that iptables would normally block if enabled and configured to drop packets originating from the outside with internal addresses. A users IP would turns up with a simple nmap, and a simple arp reveals the MAC address.

                            http://en.wikipedia.org/wiki/Internet_protocol_spoofing

                            Yeah, I agree that wireshark isn't for beginners. It is a very powerful tool though, and extremely useful for inspecting and decoding traffic. You need to run it with root privs for it to be able to put your network interface in promiscuous mode. Wireshark uses libpcap, you can get a lot of the same data with 'sudo tcpdump -i eth0 -vvv -xxx -s0 -w outputfile' and then read it with vi. Wireshark ads value in that you can filter in realtime, decode streams, etc.
                            Don&#39;t blame me for being smarter than you, that&#39;s your parent&#39;s fault.

                            Comment


                              #29
                              Re: Is it possible for some hacker to get access to my modem and HUB?

                              Originally posted by zlow
                              Originally posted by Ole Juul
                              ....
                              I don't think Kubuntu installs a local firewall by default does it? Linux is pretty robust so I suppose one could get away without for a while but surely that would end in disaster.
                              Linux is pretty robust, but without a firewall any script kiddie can find his way in if there are open ports with unpatched issues
                              ...
                              IPtables IS installed but no rules are set. However, the default configuration of Ubuntu, hence Kubuntu, is that ALL ports are closed. You can verify this by visiting ShieldsUp! and running that port scanner against your box. It should give you an all green board for all 1,056 ports it tests (the ports exposed to the Internet).

                              Because all ports are closed, even IF a script kiddie knew your IP address his attempts to create a connection would fail because, as I mentioned before, he couldn't get beyond first base because no port returns the SYN-ACK reply necessary to continue on to a complete 3-way handshake and connection. "Script Kiddies" be definition are those precocious kids without formal training who download some script or binary from a warez site and then attempt to use it against any computers they can, all for the "glory" of the bragg. Most of those kiddies are long gone. It's the professional thieves who are doing all the damage now, and they are doing it for money. Their attacks, as sophisiticated as they are, are a threat primarily only to Windows boxes. Despite their sophisition the only attack they are able to use against Linux, and it is difficult and marginally successful, is breaking into distros that don't close all their ports by default and running dictionary attacks against passwords. The largest Linux bot farm they have created to date contained only 700 machines after several months of trying. (Not every distro closes all their ports the way Ubuntu does, and not everyone uses good passwords). Considering that the Linux server share is well beyond 30% (60% on the Internet) and the desktop market share is beyond 12%, if Linux were as vulnerable as Windows one should expect to see an equal proportion of Linux zombies in bot farms. So, that 1,300,000 bot farm last year should have contained over 130,000 Linux zombies, but it contained NONE. Linux boxes are to hard to break into to be used as zombies. If a hacker does get a hold of one it is usually used as a control box.
                              "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                              – John F. Kennedy, February 26, 1962.

                              Comment


                                #30
                                Re: Is it possible for some hacker to get access to my modem and HUB?

                                Originally posted by GreyGeek
                                Originally posted by zlow
                                Originally posted by Ole Juul
                                ....
                                I don't think Kubuntu installs a local firewall by default does it? Linux is pretty robust so I suppose one could get away without for a while but surely that would end in disaster.
                                Linux is pretty robust, but without a firewall any script kiddie can find his way in if there are open ports with unpatched issues
                                ...
                                IPtables IS installed but no rules are set. However, the default configuration of Ubuntu, hence Kubuntu, is that ALL ports are closed. You can verify this by visiting ShieldsUp! and running that port scanner against your box. It should give you an all green board for all 1,056 ports it tests (the ports exposed to the Internet).

                                Because all ports are closed, even IF a script kiddie knew your IP address his attempts to create a connection would fail because, as I mentioned before, he couldn't get beyond first base because no port returns the SYN-ACK reply necessary to continue on to a complete 3-way handshake and connection. "Script Kiddies" be definition are those precocious kids without formal training who download some script or binary from a warez site and then attempt to use it against any computers they can, all for the "glory" of the bragg. Most of those kiddies are long gone. It's the professional thieves who are doing all the damage now, and they are doing it for money. Their attacks, as sophisiticated as they are, are a threat primarily only to Windows boxes. Despite their sophisition the only attack they are able to use against Linux, and it is difficult and marginally successful, is breaking into distros that don't close all their ports by default and running dictionary attacks against passwords. The largest Linux bot farm they have created to date contained only 700 machines after several months of trying. (Not every distro closes all their ports the way Ubuntu does, and not everyone uses good passwords). Considering that the Linux server share is well beyond 30% (60% on the Internet) and the desktop market share is beyond 12%, if Linux were as vulnerable as Windows one should expect to see an equal proportion of Linux zombies in bot farms. So, that 1,300,000 bot farm last year should have contained over 130,000 Linux zombies, but it contained NONE. Linux boxes are to hard to break into to be used as zombies. If a hacker does get a hold of one it is usually used as a control box.
                                Please stop pretending to know what you are talking about when you obviously don't. You are just passing on bad information to users in this forum. Your test is completely invalid because you are using an internet router when the OP is not. Read the link I posted and educate yourself on spoof (and other packet injection) attacks against directly connected systems not using a local firewall. If nothing else, this type of an attack can be used to target OTHER computers inside a network if you aren't blocking internal addresses originating externally (ingress filtering). By the way practically *NOBODY* leaves their computers "default" so this is just another of your stupid inaccurate arguments.
                                Don&#39;t blame me for being smarter than you, that&#39;s your parent&#39;s fault.

                                Comment

                                Working...
                                X