D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Help!

 
The reason I think it is being hacked is that the opendns report files are showing web sites accessed that have not been accessed by the computers in this house, and activity at times when the internet was not in use at all.

Additionally, here is an except from my router log. I am not sure if these kernel intrusions may be someone trying to log into the network, unsuccessfully.

This is an excerpt from the log.

May 15 11:25:52 user alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC="" DST=*************** LEN=44 TOS=0x00 PREC=0x80 TTL=225 ID=61440 PROTO=TCP SPT=44471 DPT=139 WINDOW=8192 RES=0x00 SYN URGP=0
May 15 11:25:52 user alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC="" DST=**************** LEN=44 TOS=0x00 PREC=0x80 TTL=225 ID=61440 PROTO=TCP SPT=44471 DPT=139 WINDOW=8192 RES=0x00 SYN URGP=0

There are a lot of these at different times, night and day. However, the src addresses are not all the same - many different ones so, thinking about it, it doesn't sound like these are indicating one person trying to hack into the system.


I am not sure what is happening but, if it is malware, I need to find out and sort it out. And the same goes, if it is a person doing it.

The reason I suspected someone had hacked into the router, is that the activity started again, quite soon after I had made some changes to it including changing the wifi key. I didn't realise that there were other accounts on the router (other than admin) which had default user names / passwords that people could use to access them. Mine has admin, user and support. I don't know if this is the case for most routers?

I suspect that someone may have been logged onto the router, at the time we were making the changes. We hadn't turned the wifi off at the time - big mistake.


On 15 May 2013 13:43, Martijn Grooten <sweetwatergeek@xxxxxxxxx> wrote:
On Wed, May 15, 2013 at 1:36 PM, Viv Griffin wrote:
> Not sure what else to try.

I agree with bad apple that it would be hard to offer more detailed
help without us knowing how you know that your wifi is being hacked.
Also, do you means someone else is connecting to the Internet using
your wifi, or do you think someone has obtained access through your
router or network via wifi.

If you feel uncomfortable sharing details, you could (and should)
leave out domains and IP addresses (and anything else that could
identify you or someone else) from logs.

Martijn.

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq