[Beowulf] A careful exploit?

Robert G. Brown rgb at phy.duke.edu
Sat Jun 15 08:27:37 PDT 2019


On Fri, 14 Jun 2019, Jonathan Engwall wrote:

> Maybe I am not being clear. 192.168.0.5 was an intruder.

Inside your private network?  What kind of security are you using on
your wireless access point inside your router (or your wireless enabled
router)?  The old encryption schemes can be cracked in literally a
minute or two by somebody driving by in a car.

Otherwise, a typical router won't pass packets from the outside to the
inside unless you explicitly enable them, port by port.

Finally, have you removed the default admin password to ensure that the
modem/router cannot be logged into from the outside?

    rgb

> 
> On Fri, Jun 14, 2019, 10:08 AM Jonathan Engwall
> <engwalljonathanthereal at gmail.com> wrote:
>       I saw it yesterday. A nearly invisible VM connected at my login.
>       Whete do I go from there?I really don't know.
> 
> On Fri, Jun 14, 2019, 9:54 AM Robert G. Brown <rgb at phy.duke.edu>
> wrote:
>       On Fri, 14 Jun 2019, Jonathan Engwall wrote:
>
>       > Robert Brown,You never saw this?
>
>       I did, and my extensive reply (which you apparently didn't
>       see, but
>       which is likely in the beowulf list archives?) basically
>       boils down to:
>
>       We need a LOT more information about your problem to be
>       able to help.
>       The nmap scan below doesn't really tell me anything at all
>       except that
>       yeah, some hosts are down.
>
>       Look in the archives and you can probably find it.
>
>       ? ? ?rgb
>
>       >
>       > On Sun, Jun 9, 2019, 1:41 PM Jonathan Engwall
>       > <engwalljonathanthereal at gmail.com> wrote:
>       >?? ? ?Hello Beowulf,
>       > Recently we had serious trouble with the internet. A
>       technician had to
>       > climb the pole. Another technician, an IT specialist in
>       Mexico City,
>       > could not resolve the issue, sent the man here.
>       > Now trouble is back. What does this mean? Where are the
>       missing IPs?
>       > From the pole to the modem, to my repeater, to my
>       machine, and then my
>       > VM gives this using nmap:
>       >
>       > Starting Nmap 6.40 ( http://nmap.org ) at 2019-06-09
>       13:30 PDT
>       > Initiating Ping Scan at 13:30
>       > Scanning 256 hosts [2 ports/host]
>       > Completed Ping Scan at 13:31, 6.64s elapsed (256 total
>       hosts)
>       > Initiating Parallel DNS resolution of 256 hosts. at
>       13:31
>       > Completed Parallel DNS resolution of 256 hosts. at
>       13:31, 0.04s
>       > elapsed
>       > Nmap scan report for 192.168.0.0 [host down]
>       > Nmap scan report for 192.168.0.1
>       > Host is up (0.0080s latency).
>       > Nmap scan report for 192.168.0.2
>       > Host is up (0.00068s latency).
>       > Nmap scan report for 192.168.0.3 [host down]
>       > Nmap scan report for 192.168.0.4 [host down]
>       > Nmap scan report for 192.168.0.5
>       > Host is up (0.063s latency).
>       > Nmap scan report for 192.168.0.6
>       > Host is up (0.00068s latency).
>       > Nmap scan report for 192.168.0.7 [host down]
>       > Nmap scan report for 192.168.0.8 [host down]
>       > Nmap scan report for 192.168.0.9 [host down]
>       > Nmap scan report for 192.168.0.10 [host down]
>       > Nmap scan report for 192.168.0.11 [host down]
>       >
>       >
>       >
>
>       Robert G. Brown? ? ? ? ? ? ? ? ? ? ? ? http://www.phy.duke.edu/~rgb/
>       Duke University Dept. of Physics, Box 90305
>       Durham, N.C. 27708-0305
>       Phone: 1-919-660-2567? Fax: 919-660-2525? ?
>       ?email:rgb at phy.duke.edu
> 
> 
> 
>

Robert G. Brown	                       http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567  Fax: 919-660-2525     email:rgb at phy.duke.edu




More information about the Beowulf mailing list