Re: Security Breached



Randy Yates <yates@xxxxxxxx> writes:

ArameFarpado <a-farpado.spam@xxxxxxxxxx> writes:

Em Quarta 12 Agosto 2009 17:28, Randy Yates escreveu:

ArameFarpado <a-farpado.spam@xxxxxxxxxx> writes:

Em Quarta 12 Agosto 2009 04:18, Randy Yates escreveu:

Hi,

I have a typical home network that looks like this:

machine type connection type
------------ --------------
desktop pc 1 wired
desktop pc 2 wireless
laptop wireless
network printer wired

dlink dir 655 router
Time-warner "surfboard" cable modem

I run Fedora 11, fully updated, on all computers.

I have the vnc port blocked at the router so I presumed it was safe to
leave my vnc passwords open on machines on my local network.

Also, due to a wireless network adapter card that's not very
well-suported under Fedora 11, I was forced to run WEP security on my
wireless network. Yeah yeah, I know - that's no security at all.

Well, some stranger vnc'ed into my laptop. I was there when it happened
and the vnc server i'm using (fedora 11) displays the connection's ip
address and it was 119.205.217.141.

If the reported address of the intruder was a typical local, private
network address like 192.168.x.y, I'd just chalk it up to a neighbor
that hacked my network. But 119.205.217.141 is a public IP address
somewhere in Asia. So I'm thinking he must have come in over the WAN
port.

But if he came in over the WAN port (e.g., over ssh), he would have had
to make a hop via my desktop pc since that's where ssh is NATed to.
Further, the desktop PC's ssh port was non-standard, root access is
disabled, and the main account password is quite long and secure.

So I feel it is highly unlikely he came in over the WAN port, but if he
came in over the wireless, I don't see how he could have a public
address in Asia.

Any theories on how my security was breached would be appreciated.

test your firewall with this site

https://www.grc.com/x/ne.dll?bh0bkyd2

Thanks ArameFarpado. Done, and it seems I "passed".

did you test the port that vnc is using?

I tested all ports from 0 to 1023. The only ones open are the ones
I want to be open, namely, http (80) and svn (3690).

You do know that 3690 is not a port "from 0 to 1023"?

.



Relevant Pages

  • Re: Security Breached
    ... I have a typical home network that looks like this: ... on both the DMZ and port forward questions. ... I have the vnc port blocked at the router so I presumed it was safe to ... they done it port forwarding over SSH (if your assumption of only SSH ...
    (alt.computer.security)
  • Re: Security Breached
    ... I have a typical home network that looks like this: ... I have the vnc port blocked at the router so I presumed it was safe to ... they done it port forwarding over SSH (if your assumption of only SSH ...
    (alt.computer.security)
  • TidBITS#785/27-Jun-05
    ... Jeff Carlson continues his exploration of computerized poker ... and Adam examines both the Canary Wireless ... Rogue Amoeba's Audio Hijack Pro ... A Canary in the Network ...
    (comp.sys.mac.digest)
  • Re: Linksys NAS200 Network Storage adapter
    ... The only two wireless network settings that are of any consequence are the SSID and the encryption method and password. ... either click the "Print Network Settings" button on the final screen of the Wizard or simply access the appropriate XML file and get at them that way and then use the information to configure the router manually as I explained earlier. ... I've read thru some of the MS web site on that product and it appears to do everything a NAS will do plus other cool features, such as, with an xbox360 with the wireless adapter, I can stream my video/pics to my TV for family viewing. ...
    (microsoft.public.windowsxp.network_web)
  • [NMRC Advisory] Microsoft Windows Wireless Exposure on Laptops
    ... Application: Wireless Network Connection ... This advisory documents an anomaly involving Microsoft's Wireless Network ... If a laptop connects to an ad-hoc network it can later start ... This is known as a Link-Local address, and by default Link-Local is turned on on all Windows platforms on all interfaces, including wireless interfaces. ...
    (Bugtraq)