Pages: [1]

Author Topic: Security puzzles  (Read 871 times)

0 Members and 1 Guest are viewing this topic.

Offline pyte

  • Peasant
  • *
  • Posts: 79
  • Cookies: -7
    • View Profile
Security puzzles
« on: June 20, 2013, 08:15:02 am »

Greetings,

#I may be asking some silly question(so it may seem to some) but kindly bare with and enlighten me.


the other day some random guy hacked into a friends router and he simply changed the password .i assume this took cake of the intruder(at  least for that day). the next day my friends website was down internet connections very  VERY   slow! and crazy   staff happening around.


having in mind that the website aint hosted there  , would there be a way that   the guy behind this accessed   the   website through my pals connection ? and what is wrong with the slow internet connection ? this i ask coz its beyond any "answers" i got from google. i guess the Professionals here know it better.


can a malicious code be placed on a router to function only on startup?
(I need someone to teach me of the blackhat part of this things  :-[ )


thanx in advance
Regards,
Pyte.



Report to moderator   Logged
If you don't go into the tiger's cave, how will you get the cub?

Offline RedBullAddicted

  • Moderator
  • Sir
  • *
  • Posts: 519
  • Cookies: 189
    • View Profile
Re: Security puzzles
« Reply #1 on: June 20, 2013, 09:27:21 am »
Hi pyte,

its difficult to answer your question with the given informations. Would be interesting what kind of router your friend has. Any custom firmware on it? Are you sure that the attacker came in via the router? You already did some forensics on the connected clients? Does he use wlan (maybe the attacker is not even far away from him :) )? Already had a look at the logs the router provides?

There are ways to execute commands or even scripts on a router. See this post for example: http://evilzone.org/tutorials/cisco-ddr2200-adsl2-residential-gateway-router-vulnerabilities/msg55447/#msg55447

To get the password to his webhosting account can be easy when the attacker has access to the router. All traffic to teh interwebz passes the router and if he is able to capture the traffic he could intercept logins (FTP for example sends username and password unencrypted - thats the reason why you should upload files via ssh/scp)

Regarding the slow internet connection :) if there is something that consums a lot of bandwidth the connections of the other users will get slow as there is not bandwidth left to use for them.

I hope this helps at least a bit. If you have more questions please provide as much information as possible. This will make it a lot more easy to answer :)

Cheers,
RBA
Report to moderator   Logged
Deep into that darkness peering, long I stood there, wondering, fearing, doubting, dreaming dreams no mortal ever dared to dream before. - Edgar Allan Poe
Pages: [1]