Review of my home broadband router logs (suspicious activity?)

Page 4 of 6  
On 12/24/2015 1:56 PM, Mark Lloyd wrote:

I'm averse to anything that doesn't *really* address problems. If it only deals with some of them, then it's a false sense of security; you never know when/if someone "smart" is going to come along and catch you with your pants around your ankles!

My favorite is "Free WiFi".
Really?? (not!)
Time to get busy crafting SWMBO's XMAS card. She didn't appreciate the humor in last year's so I'll have to be a bit more careful! :<
Holly Hapidays!
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 12/24/2015 03:55 PM, Don Y wrote:
[snip]

The last one on my list is semifree. A browser is required and you have to register, and I think they give new users 100MB free.

Ignore the following if you don't like it:
10 buy beer 20 buy cheese 30 wash clothes 40 walk dogs 50 if not dead goto 10
--
Currently: happy holidays (Friday December 25, 2015 12:00:00 AM for 1
day).
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 12/25/2015 12:20 PM, Mark Lloyd wrote:

I appear to have passed *that* test, *this* time! :>

(sigh) The beer I drink isn't available, here.

(grumble) Nor is the cheese that I eat/use!

Definitely NOT on my list of ways to spend ANY day! :> OTOH, I did towels last night...

Error: Missing END.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Thu, 24 Dec 2015 14:56:48 -0600, Mark Lloyd wrote:

Seems to me, that's a lousy tradeoff.
1. You turn off SSID broadcast at home, but that doesn't deter anyone who knows what he's doing (since your laptop & phone has to broadcast your hidden SSID to the router, since the router isn't broadcasting the SSID to the laptop & phone).
2. And, since your laptop or phone doesn't know when it's at home or at a local hotspot, your laptop and phone end up broadcasting your SSID to the whole world when you're away from home.
Seems to me, that's a lousy tradeoff.
It's not privacy. It's just stupidity.
Or ignorance.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Paul M. Cook wrote:

Hiding SSID increases security? Wrong. Not much really. Modem/router combo is always worse than separate router. Put the supplied modem in bridge mode and use your own router. If you can't or ISP won't put in to bridge mode for you , there is another way using DMZ in your modem. I have only DOCIS III cable modem, my router at present is Linksys EA8500 which never went down since I first boot in summer time. Very stable router.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
[snip]

Not much, but not none either. Consider that most people won't know there's a network there.

I've never had a combination, but agree that it would be less secure.

I had DOCSIS II until June, when my ISP increased the speed to 50Mbps which is too fast for a single channel so I had to get a new modem. I needed a new router too, but that (thankfully) was a completely separate thing.
--
Currently: happy holidays (Friday December 25, 2015 12:00:00 AM for 1
day).
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Fri, 25 Dec 2015 13:39:04 -0600, Mark Lloyd wrote:

Just remember that there are negative security ramifications at Starbucks when you decide not to broadcast your SSID at home.
If you're OK with that tradeoff, then you're fine.
If you're unaware of that tradoff - then - you need to understand it.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 12/24/2015 9:30 PM, Paul M. Cook wrote:

An SSID that's not being broadcast will not disclose your AP when you're not using it.
But, it doesn't buy you much of anything. It's like "being clever" and NOT hiding your spare key under the door mat -- but, instead, hiding it in a FAKE ROCK conspicuously placed BESIDES your door mat!
Or, like locking all the doors to your house but leaving the windows open -- thinking that folks will ONLY check for accessible DOORS...
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Thu, 24 Dec 2015 21:49:08 -0700, Don Y wrote:

I think we're sort of saying the same thing, but, I don't know if we agree on the broadcast details.
We both agree that telling your ROUTER not to broadcast the SSID is a false security measure.
But, fact is, you *must* broadcast your SSID somehow.
a. So, either the router broadcasts your SSID. b. Or your mobile device broadcasts your SSID.
Here's how I understand it to work:
1. Let's assume your SSID is "DonY". 2. Let's assume you told your router *not* to broadcast your SSID. 3. Guess what happens when you boot your laptop? a. Your laptop shouts out "Hey DonY, are you there?" b. Your router answers "Yes. I am here. I was being quiet". c. Your laptop connects to your router by that so-called hidden SSID.
Now, guess what your cellphone does? HINT: Same thing.
So, guess what happens when you boot your laptop at a starbucks? HINT: Your laptop shouts out "Hey DonY, are you here?"
So, in effect, an SSID that is not being broadcast *by your router* at home, is broadcast *by your laptop* both at home, and at Starbucks.
If I'm wrong - someone will explain where - but that's how I understand it.
a. Either the router broadcasts the SSID, b. Or the device does.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 12/24/2015 10:03 PM, Paul M. Cook wrote:

Yes. But, you can often configure a device (laptop) NOT to "shout it out" but, rather, *look* for it. If it doesn't "see" it (because it's not being broadcast), then your device says the network is unavailable.
Once you have a connection established, clever software can snoop on the traffic -- even if it is encrypted -- and "notice" that there are messages being exchanged between two devices using the SSID "DonY".
So, the information is ALWAYS there, just harder to find (but not REALLY hard!)

Correct. If your neighbor was sitting at a table at Starbucks and snooping the messages being broadcast, he would know that he could return to your home and expect to find "DonY" -- even if the SSID was turned off.
If you have a good passphrase *and* good encryption, this doesn't buy him anything. It's like knowing you have an email address at gmail.com (because he saw one of your messages in someone's inbox -- assuming you don't correspond with him!) but not knowing what your password is!
The real risk is that you can leave security off (weak passphrase) and his knowledge of the SSID now lets him get past that (ineffective) hiding of the network name!

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Don Y wrote:

Regardless, WiFi sniffing tool can see every thing. Run some thing like Acrylic(freeware) inSSIDer( need paid version to see -AC mode signals),etc. BTW, port 9000 is common default port for CS listener. Device does not, router does. Device is behind router on your intranet(home network) If security is a concern use LAN port(much better), no WiFi. If you don't have enough LAN ports, use switch box(dumb or managed one). Run CAT cables in your house. And move up to UTM class router(stiff learning curve)
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 12/24/2015 11:17 PM, Tony Hwang wrote:

A packet sniffer won't be able to see the encrypted traffic (in plaintext form). I.e., good passphrase/key is where you want to make your investment (assuming you're NOT using WEP).
And, as I mentioned elsewhere, you can capture a bunch of packets and email them to a service that will "crack" them and provide you with the key. <http://www.infosecurity-magazine.com/news/wifi-cracking-service-breaks-wpa-passwords-in-20/ among others (you get what you pay for)

The log indicates port 9000 on the playstation is being targeted. No idea if there is a process running on the playstation with port 9000 open; I suspect there are no tools on the playstation to expose this level of detail.

Exactly. I have at least two "uncommitted" drops in every room (except bathrooms). In several of those rooms, one of the drops will feed a local switch. E.g., I have a 24 port switch servicing the (24!) devices in the office, a 16 port switch servicing the (8) devices in my bedroom, a four port switch servicing the devices in the dining room, etc. They're all tied together with the 72 port switch in the equipment cupboard.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Thu, 24 Dec 2015 22:18:59 -0700, Don Y wrote:

Depends on what you mean by "good" passphrase because you don't need *any* passphrase to break into WPA2/PSK encryption because the "salt" is known (it's the SSID!) and if you use an *existing* passphrase, you're already doomed.
https://security.stackexchange.com/questions/92903/rainbow-tables-hash-tables-versus-wpa-wpa2
So, you have to substitute *unique* for "good", and only then the rainbow table hack won't work to break into your router.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 12/24/2015 11:03 PM, Paul M. Cook wrote:

Okay, I understand that explanation. Now please tell me how my iPad or laptop broadcasting my home SSID willy nilly at the Starbucks or the passenger terminal at SFO or PHX is going to compromise my home network?
Not saying it couldn't be done but... Talk about freakin' remote...<g>
I don't bother to hide my SSID at home. Anyone who cares to clone a MAC address to by-pass the MAC filter and decrypt a 26 alpha-numeric pass phrase can have it. Good luck with that
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 12/25/2015 11:34 AM, Unquestionably Confused wrote:

There are several conflated issues. When it comes to security, it's hard to tease out a *single* issue/exploit without considering other vulnerabilities that may be related.
First, if your home SSID is "1313MockingbirdLane", you've now (likely) leaked some information about yourself. "Hmmm... *he's* here so the house is possibly unoccupied!"
Given how naive folks are about choosing their passwords, SSID's, etc. it's likely some idiot out there has an SSID of "3Jan1980" -- chosen to be something memorable! (his date of birth!)
Second, you are effectively advertising those networks to which you are *willing* to connect! I can have a piece of software running on my laptop that sniffs your broadcasts and then decides to *impersonate* those networks -- especially if you "trust" any of them and don't have good/any credentials set up for them!

Cloning a MAC address is trivial. The software that snoops the WiFi can do that for you automatically! :>
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Fri, 25 Dec 2015 11:53:12 -0700, Don Y wrote:

This is a great idea!
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 12/25/2015 2:16 PM, Paul M. Cook wrote:

Then head over to:
<https://scotthelme.co.uk/tag/wifi-pineapple/
Gee, how many attackers CAN'T afford $99?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Fri, 25 Dec 2015 12:34:13 -0600, Unquestionably Confused wrote:

Security is a thousand good practices, just like grammar is, or cleanliness or politeness or class. They're all a thousand little things.
SSID good practices are what we're talking about here.
There are a few problems with the scenario you proposed, but I have to manually *insert* an attacker who cares, in order for it to matter.
For example, let's say you're cheating on your wife, and, let's say, you connected to your girlfriend's SSID, called "GIRLFRIEND" and, let's say, for now, she's *not* hiding her SSID. Guess what?
Your laptop (or phone) *still* has a record of that connection, which, if your wife cared to snoop, can see by looking at your laptop or phone.
Now, let's say, for argument's sake, that your wife doesn't have physical access to your laptop or phone, but, your girlfriend told her router to not broadcast her SSID, but that you connected to her SSID.
Guess what?
When you're at home, your laptop or phone first shouts out "Hey GIRLFRIEND, are you there?" and only when the router doesn't respond to that request, does your laptop or phone bother to go down the list of other stored or located SSIDs.

It's actually easier than that *if* you use an existing SSID and password since the rainbow tables will already have the hash value stored.
I'm not saying "I" care to to that, but someone might. As always, security is a thousand little things done right.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 12/24/2015 11:03 PM, Paul M. Cook wrote:
[snip]

If your router is broadcasting the SSID, EVERY wireless device in range will receive it and most will show it to the user.
Compare this to what happens when your device is broadcasting it. Will others even see that?
--
Currently: happy holidays (Friday December 25, 2015 12:00:00 AM for 1
day).
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Fri, 25 Dec 2015 13:51:02 -0600, Mark Lloyd wrote:

Fair enough point.
Security is a thousand little things, all put together.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Site Timeline

Related Threads

    HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.