Automic Posted June 19, 2008 Share Posted June 19, 2008 Hello dear Hak5 community, Today my aunt received an e-mail from her ISP stating that there is being send a great amount of SPAM from their connection. And if they don't fix it within 3 days their connection will be temporarily shut off. They have 2 computers and 1 laptop on the network, all "Wireless" connected. All computers have a viruscanner with the latest definitions and Hitman pro is runned regularly on each of those computers. Also their Wireless router is not secured, they did not even knew that it was possible to secure it. I'm going to her tomorrow, and I'm wondering what could be the cause. I think the cause is other people on her network, since its unsecured and her computers aren't showing any symptons of infection of any kind. I have guided her trough the steps to get in the router and set-up the security, and she could not log on with the default administrator password. And they did not want to touch the router to reset it there afraid to break it... <_< So most likely some wireless leecher changed that password. And thats why I want to know who are leeching her wireless network, before I (ruin their little leeching party) secure it. Any advice on how to see who are on her network (not only the computer name). And any ideas what else might be the cause to this spam? Thank you in advance. Greets, Automic Quote Link to comment Share on other sites More sharing options...
Justin Ewing Posted June 20, 2008 Share Posted June 20, 2008 Lots of options. Check some of these out and see what you're comfortable with BIG BROTHER http://www.bb4.com/ AutoNOC http://www.autonoc.com/benefits/ OpenNMS http://www.opennms.org/index.php/Main_Page Just for Fun NMS http://www.jffnms.org/ TheDude is pretty cool for a freebie... http://www.mikrotik.com/thedude.php MRTG is the defacto standard for free tool http://www.mrtg.org PRTG is a little more refined version http://www.paessler.com/prtg I'm very partial to Solarwinds Orion and the Engineer's Toolsets http://www.solarwinds.net Neon Software to diagram/document/monitor your network http://www.neon.com/map.shtml What's up gold: http://www.ipswitch.com I like the interface of Netcrunch: http://www.adremsoft.com/netcrunch/index.php Argus Sofware (looks just like What's UP Gold, only for Linux - and free) http://argus.tcp4me.com/shots.html Manage Engine by OpManager (can restart services on Windows servers) http://manageengine.adventnet.com/products...r/index.html?tb or you can use windows Network Monitor. Network Monitor is a component of the Windows Server OSs and Microsoft Systems Management Server (SMS) that lets you monitor network traffic as it crosses the wire. By using Network Monitor, you can monitor network traffic in real time or capture and store packets for later analysis. You can use the information that Network Monitor captures to troubleshoot problems on LANs, WANs, and virtually any device that uses TCP/IP to communicate. Network Monitor has three primary uses: * Troubleshooting network connectivity. This is the number-one reason to use Network Monitor. If you have two machines that have problems communicating with each other, you can use Network Monitor's Network Trace feature to help determine the problem's exact cause. You can also use Network Monitor to view each TCP/IP packet that travels between the two devices and the information contained within each packet. * Assessing network performance. Network Monitor gives you a clear picture of current network utilization. If you suspect that you have a network performance bottleneck, you can use the information that Network Monitor providessuch as detailed network-utilization statistics and information about the network traffic sourceto find the bottleneck. Although you typically won't use Network Monitor to initially identify a problem as network communicationsrelated, it's a great second-level troubleshooting tool that can help you further pinpoint a problem and displays much more detail than Performance Monitor does. * Troubleshooting beaconing hardware devices. Before switched networks existed, you could use Network Monitor to track down problems with hardware devices on a network. You can still use Network Monitor to track fragmented or damaged packets sent out by faulty equipment, but to do so you'll probably need the full version of Network Monitor, which supports remote agents and the capture of packets on a network segment even when the traffic isn't directed to the machine that's running Network Monitor. (For more information about the two versions of Network Monitor, see the sidebar "Network Monitor Versions.") If you have a managed switch, you can use a combination of the managed-switch statistics and Network Monitor to obtain as clear a picture of the problem as possible when diagnosing faulty network hardware. Installing Network Monitor To use Network Monitor, you must have a NIC that supports promiscuous mode installed in the server that's running SMS or Network Monitor. (Most NICs support promiscuous mode.) Network Monitor isn't installed by default unless you explicitly selected it when you installed Windows Server 2003 or Windows 2000 Server. To install the version of Network Monitor that's included in Windows 2003 or Win2K Server, perform these steps: 1. Open Control Panel (click Start, highlight Settings, and click Control Panel). 2. Double-click Add or Remove Programs. 3. Click Add/Remove Windows Components. 4. Click Management and Monitoring Tools, then click Details. 5. Select the Network Monitor Tools check box and click OK. Starting Network Monitor After you've installed Network Monitor, you're ready to start the utility. Click Start, Programs, Administrative Tools, Network Monitor. (Alternatively, you can run Network Monitor from the command line or use a batch file to automate packet captures.) You'll see the initial Network Monitor screen. To start capturing packets, click the Capture button. After Network Monitor starts capturing packets. Network Monitor is the simplest utility to monitor network traffic. If you found it difficult then let me know I will suggest you a different utility. Good Luck Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 20, 2008 Share Posted June 20, 2008 And any ideas what else might be the cause to this spam? The router might have been flashed with a version of the firmware that contains a bot. If a virus scanner found nothing, that means the virus scanner found nothing, it doesn't mean there isn't malicious software on the computer. Since the network has been compromised, best just reinstalling windows on both the computers and installing the latest firmware for the router. Quote Link to comment Share on other sites More sharing options...
Automic Posted June 20, 2008 Author Share Posted June 20, 2008 Thanks for your reply Justin Ewing. The router might have been flashed with a version of the firmware that contains a bot. Never tought of that! And yeah, There will always be things a viruscanner can't find ofcourse. Thanks for the advice Sparda! More advice is always welcome :) Quote Link to comment Share on other sites More sharing options...
VaKo Posted June 20, 2008 Share Posted June 20, 2008 The best option, unless you already have some idea about what is causing this, is to reinstall all the computers and re-flash the router. Then set up some proper security. Quote Link to comment Share on other sites More sharing options...
moonlit Posted June 20, 2008 Share Posted June 20, 2008 The best option, unless you already have some idea about what is causing this, is to reinstall all the computers and re-flash the router. Then set up some proper security. ...and in the meantime, unplug the internet connection, just so you don't have to go through the hassle of calling the ISP and making them re-enable it. Quote Link to comment Share on other sites More sharing options...
Spikey Posted June 20, 2008 Share Posted June 20, 2008 this is more of a basic suggestion run Adware and spyware scanner Run Lavasoft ad-aware and spybot search and destory and for the concern of a leecher go into the routers setup and look in the Client list and see if the list contains the computers that suppost to be on LAN Getting stuff like that is all involed with the internet hygine. like not like clicking on links or downloading stuff from email that is from people that she does not know or downloading stuff from the net that is not trustworthy Quote Link to comment Share on other sites More sharing options...
Automic Posted June 20, 2008 Author Share Posted June 20, 2008 Hello all, thanks for all your advice! I have been at my aunts place today, and I immediately noticed the clients on the router. All the computers that did not belong to them in the network had a computername including their own names.. So now we know who where those people. I secured their wireless, reinstalled all machines and closed some ports that should remain closed. So I think its problem solved, also renamed the SSID to : "Not-Your-Wi-Fi" ^^. Ofcourse I also told them not to click on everything etc.. @Spikey, Hitman pro is a great tool www.hitmanpro.com it includes ad-aware and spybot search and destroy and is fully automated. Quote Link to comment Share on other sites More sharing options...
Spikey Posted June 21, 2008 Share Posted June 21, 2008 @Automic thx for the suggestion Quote Link to comment Share on other sites More sharing options...
manuel Posted June 21, 2008 Share Posted June 21, 2008 wow... thanks for the links Justin! I knew of a few of those tools, but not all of them. Quote Link to comment Share on other sites More sharing options...
nicatronTg Posted June 21, 2008 Share Posted June 21, 2008 Wow Justin....thats some good links! Thanks! Quote Link to comment Share on other sites More sharing options...
Razor512 Posted June 21, 2008 Share Posted June 21, 2008 some infections are able to hide from the virus scanners when run. is you do a lot of p2p never rely on your virus scans auto protection as 9 out of 10 times it will not protect you if you want to test, install a virtual machine, and install a goof virus scanner and turn on its auto protection, then download a file you know to be infected then scan it, if it is infected, don't delete it, run it (I have tried it with avast and avg and my old copy of nortons system works 2003 and on all of them, most of the files run were not detected by the auto protection or detected after the file already did things like change the desktop background or disable almost everything in windows or do some kind of damage Quote Link to comment Share on other sites More sharing options...
shido Posted August 10, 2008 Share Posted August 10, 2008 is you do a lot of p2p never rely on your virus scans auto protection as 9 out of 10 times it will not protect you Ok i havete say thats a bit of bs statement no offense though. Thats providing false facts, if you use a useless av then obviously it wont pick up the virus, useing a good av that has real time protection will be able to pick up viruses that are being downloaded through p2p services. I know this because i used to use Kaspersky and use p2p services and it picked up the virii that i mistakenly downloaded, it picks it up by about 10 - 30% of a completed download Quote Link to comment Share on other sites More sharing options...
operat0r_001 Posted August 11, 2008 Share Posted August 11, 2008 AV is retarded ... and some host on the network has some malware .. just follow this simple tutorial and grandma can go to what ever midget porn sites she wants .. http://rmccurdy.com/email.html Quote Link to comment Share on other sites More sharing options...
IceCold Posted August 11, 2008 Share Posted August 11, 2008 AV is retarded ... and some host on the network has some malware .. just follow this simple tutorial and grandma can go to what ever midget porn sites she wants .. http://rmccurdy.com/email.html great tutorial. just one thing: in the advanced runas section, instead of "runas /u:admin /savecred" is "runas /u:admin /savedcred" again, it's a great way to make windows safer ;) Quote Link to comment Share on other sites More sharing options...
Rab Posted August 11, 2008 Share Posted August 11, 2008 your aunt downloaded porn without antivirus. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.